|
Log-Analyse und Auswertung: Windows Verschlüsselungs Trojaner -.-Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.05.2012, 13:58 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
07.05.2012, 15:26 | #17 |
| Windows Verschlüsselungs Trojaner -.- So OTL ist durch, hier das Ergebniss:
__________________Code:
ATTFilter OTL logfile created on: 07.05.2012 15:51:14 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\dagmar\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free 6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32 Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.04.25 10:48:57 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE PRC - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.02.09 12:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe PRC - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.29 20:11:42 | 003,202,344 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PwdBank.exe PRC - [2008.08.29 20:11:40 | 002,303,272 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe PRC - [2008.08.29 20:11:38 | 002,436,392 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\VITAKEY\CompPtcVUI.exe PRC - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe PRC - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.08.04 16:45:54 | 000,334,384 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlNotifyIcon.exe PRC - [2008.08.04 16:45:52 | 000,326,192 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2008.07.24 18:16:02 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2012.04.25 10:48:57 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.04.25 10:48:58 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.12 19:02:26 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.05.15 21:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2009.03.23 12:09:26 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.03.23 12:09:21 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2008.11.07 12:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2008.09.02 14:24:44 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008.08.29 20:11:38 | 002,180,392 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\VITAKEY\BASVC.exe -- (IGBASVC) SRV - [2008.08.04 16:45:56 | 000,304,688 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.02.28 18:07:14 | 001,801,216 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpflt.sys -- (WtSmpFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpadap.sys -- (wtsmpadap) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\KUSBusByTCPMasterBus.sys -- (KUSBusByTCPMasterBus) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2008.08.28 14:27:57 | 000,066,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FPWinIo.sys -- (FPWinIo) DRV - [2008.08.28 14:27:45 | 000,026,920 | ---- | M] (LTT) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) LTT-Corp Fingerprint Reader Driver (FPSensor.sys) DRV - [2008.08.08 04:15:00 | 007,555,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.08.06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.08.06 00:59:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.08.04 16:46:06 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.08.04 16:46:04 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.08.04 16:46:04 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.06.18 17:04:34 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt) DRV - [2008.04.28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.03.17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.03.10 03:33:50 | 000,882,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mosuport.sys -- (mosuport) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=hp IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE301 IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20:46&v=8.0.0.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 10:48:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.04 02:52:38 | 000,000,000 | ---D | M] [2008.11.17 23:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Extensions [2012.05.06 22:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions [2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com [2011.11.12 16:46:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008.12.11 17:25:57 | 000,000,000 | ---D | M] (PDFCreator Toolbar) -- C:\PROGRAM FILES\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX [2012.05.07 02:04:55 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAGMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R3O3IEEY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.25 10:48:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.24 16:47:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.12 19:02:22 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.02.24 16:47:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.24 16:47:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.24 16:47:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.24 16:47:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.24 16:47:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.03 04:28:38 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: GD ([http] in Lokales Intranet) O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..Trusted Ranges: Range2 ([https] in Vertrauenswürdige Sites) O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://juwelvpn.dyndns.org/XTSAC.cab (XTSAC Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D0C0C1F-7C8A-4A90-A61C-AD06E31C043E}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\dagmar\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.) MsConfig - StartUpFolder: C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: BullGuard - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () MsConfig - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Program Files\GoogleEULA\EULALauncher.exe ( ) MsConfig - StartUpReg: tsnp2uvc - hkey= - key= - C:\Windows\tsnp2uvc.exe () MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: vProt - hkey= - key= - C:\Program Files\AVG Secure Search\vprot.exe () MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.07 15:18:13 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe [2012.05.06 20:57:17 | 000,000,000 | ---D | C] -- C:\Users\dagmar\Desktop\Neuer Ordner [2012.05.04 19:47:00 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Reviversoft [2012.05.04 19:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft [2012.05.04 19:46:48 | 000,017,224 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe [2012.05.04 19:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Reviversoft [2012.05.03 02:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.02 21:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.02 21:43:10 | 000,000,000 | ---D | C] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes [2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.02 21:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.02 21:39:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.30 19:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.04.30 19:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.04.30 16:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\ABUS Security-Center [2012.04.30 16:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center [2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.04.25 10:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla ========== Files - Modified Within 30 Days ========== [2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.05.07 15:51:36 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.07 15:51:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.07 15:51:36 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.07 15:51:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.05.07 15:47:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.07 15:45:18 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.05.07 15:45:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.07 15:45:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.07 15:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.07 15:21:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.05.07 15:18:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\dagmar\Desktop\OTL.exe [2012.05.07 15:12:23 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.07 10:26:10 | 000,027,136 | ---- | M] () -- C:\Users\dagmar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.07 02:09:45 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\Scan0001.pdf [2012.05.07 02:09:28 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf [2012.05.07 02:09:28 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg [2012.05.07 02:09:27 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\Anfahrt.jpg [2012.05.02 17:39:12 | 000,268,427 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Scan0001.pdf.xdrz [2012.05.02 17:38:39 | 000,253,774 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Dennis Kruse2.jpg.dtfz [2012.05.02 17:38:33 | 000,306,345 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Bewerbung Rosalie Resl.pdf.kfyc [2012.05.02 17:38:33 | 000,234,096 | ---- | M] () -- C:\Users\dagmar\Documents\locked-Anfahrt.jpg.onjs [2012.05.02 17:32:33 | 000,042,654 | ---- | M] () -- C:\ProgramData\locked-nvModes.001.hmld [2012.05.02 17:22:35 | 000,042,654 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.04.30 19:10:41 | 000,001,409 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.04.30 19:01:50 | 309,324,901 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2012.05.06 22:40:19 | 000,268,427 | ---- | C] () -- C:\Users\dagmar\Documents\Scan0001.pdf [2012.05.06 22:40:02 | 000,253,774 | ---- | C] () -- C:\Users\dagmar\Documents\Dennis Kruse2.jpg [2012.05.06 22:40:01 | 000,306,345 | ---- | C] () -- C:\Users\dagmar\Documents\Bewerbung Rosalie Resl.pdf [2012.05.06 22:40:01 | 000,234,096 | ---- | C] () -- C:\Users\dagmar\Documents\Anfahrt.jpg [2012.05.02 17:45:04 | 000,042,654 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.04.30 19:10:41 | 000,001,409 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.04.18 10:31:27 | 309,324,901 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.10.14 18:34:17 | 000,882,432 | ---- | C] () -- C:\Windows\System32\drivers\mosuport.sys [2011.10.14 18:34:17 | 000,278,528 | ---- | C] () -- C:\Windows\System32\MosUsbSerial.exe [2011.10.14 18:34:17 | 000,262,144 | ---- | C] () -- C:\Windows\System32\MosUnst.exe [2011.10.14 18:34:17 | 000,225,280 | ---- | C] () -- C:\Windows\System32\MosUSBParallel.exe [2011.10.14 18:34:17 | 000,057,344 | ---- | C] () -- C:\Windows\System32\MosUSBSerPropPage.dll [2011.10.14 18:34:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MosUSBParPropPage.dll [2011.10.14 18:34:17 | 000,028,672 | ---- | C] () -- C:\Windows\System32\dbgmsgcfg.dll [2011.09.08 23:03:59 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{8FAF1DC2-324B-4AF2-82C5-CF35492BC72C} [2011.09.08 23:01:58 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{1BF95C17-1E8B-437A-856E-3638C7E6FAEE} [2011.07.13 07:47:36 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{E474D4A3-F08A-4D4E-8AD6-CFC429808E2E} [2011.07.13 07:40:20 | 000,000,000 | ---- | C] () -- C:\Users\dagmar\AppData\Local\{0DA4FE39-CAAF-4DA3-ABDE-EAFB9154A010} ========== LOP Check ========== [2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH [2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign [2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2 [2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org [2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft [2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless [2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template [2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid [2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software [2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT [2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2 [2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions [2012.05.07 15:47:46 | 000,000,502 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2012.05.07 15:22:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.05.07 15:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.11.13 11:46:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Adobe [2012.03.13 01:24:50 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Apple Computer [2008.11.13 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Buhl Data Service GmbH [2009.04.29 07:14:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Corel [2009.03.15 16:24:23 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\CyberLink [2012.03.13 01:11:28 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\DataDesign [2008.11.12 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Google [2011.06.19 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\HpUpdate [2008.11.12 11:10:49 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Identities [2008.11.13 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Macromedia [2012.05.02 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Media Center Programs [2011.08.08 20:22:09 | 000,000,000 | --SD | M] -- C:\Users\dagmar\AppData\Roaming\Microsoft [2008.11.17 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Mozilla [2011.08.31 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\NASNaviator2 [2009.02.18 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Nero [2010.06.10 21:47:55 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\OpenOffice.org [2012.05.04 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Reviversoft [2009.04.07 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Sierra Wireless [2009.02.04 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\Template [2012.05.06 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneAid [2012.03.09 13:19:54 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\TuneUp Software [2012.05.07 10:28:07 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\UseNeXT [2012.05.06 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\vlc [2009.03.05 19:07:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WebCompiler2 [2011.08.10 12:53:46 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WindSolutions [2009.02.18 18:45:29 | 000,000,000 | ---D | M] -- C:\Users\dagmar\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.05.07 02:04:43 | 000,010,398 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_6FA99008F6BBB97A091E2D.exe [2012.05.07 02:04:43 | 000,025,214 | ---- | M] () -- C:\Users\dagmar\AppData\Roaming\Microsoft\Installer\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}\_E38944F26F8D876B004311.exe [2011.08.10 12:22:31 | 007,128,264 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTrans.exe [2011.08.10 12:20:58 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe [2011.08.10 12:28:53 | 007,665,928 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2011.08.10 12:53:40 | 006,480,904 | ---- | M] (WindSolutions) -- C:\Users\dagmar\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransPhoto.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.08.13 13:05:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 21:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\dagmar\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free 6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32 Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system | "{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system | "{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system | "{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system | "{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system | "{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system | "{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system | "{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system | "{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system | "{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system | "{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system | "{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system | "{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system | "{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system | "{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | "{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | "{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | "{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | "{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe | "{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | "{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | "{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | "TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | "UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | "UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | "UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten "{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3 "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver "{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520 "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AVG Secure Search" = AVG Security Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "File Recover_is1" = File Recover 7.5 "Google Desktop" = Google Desktop "Installationsassistent2" = Installationsassistent2 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "PDFCreator Toolbar" = PDFCreator Toolbar "PROGNOS für Windows_is1" = PfW 4.7.2.3 "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "TuneAid_is1" = TuneAid 3.76 "TuneUp Utilities 2012" = TuneUp Utilities 2012 "UN060501" = BUFFALO NAS Navigator2 "UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide "Unlimited Connection Manager" = Unlimited Connection Manager "USB Compound Device" = USB Compound Device "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 1.1.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "X10Hardware" = X10 Hardware(TM) "ZoomPlayer" = Zoom Player (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "GoToMeeting" = GoToMeeting 5.1.0.874 ========== Last 10 Event Log Errors ========== Error: Unable to start EventLog service! < End of report > oh entschuldigung i.wie doppelt gepostet Oo |
07.05.2012, 15:28 | #18 |
| Windows Verschlüsselungs Trojaner -.- Es gab noch ein 2tes logfile, Extras.Txt ist das auch relevant
__________________Code:
ATTFilter OTL Extras logfile created on: 07.05.2012 15:51:14 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\dagmar\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,51% Memory free 6,18 Gb Paging File | 5,19 Gb Available in Paging File | 83,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,32 Gb Total Space | 122,13 Gb Free Space | 43,88% Space Free | Partition Type: NTFS Drive D: | 19,76 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32 Computer Name: MAMA-PC | User Name: dagmar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{072BADE7-E429-43FE-9632-ED8119CE21AD}" = lport=445 | protocol=6 | dir=in | app=system | "{09E01168-DA8D-46D0-8EFD-C6E9083FC886}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{107D0A42-F4BA-412D-9029-16163429C935}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{12FC471E-B764-4859-8FEA-994D1C51962A}" = lport=2869 | protocol=6 | dir=in | app=system | "{16580E1A-8D8B-433B-B34C-65EBE21F8EE4}" = lport=3390 | protocol=6 | dir=in | app=system | "{1898FFB9-B7C1-49D5-8E40-20A42EF93F8F}" = lport=139 | protocol=6 | dir=in | app=system | "{1B09A108-22A1-4FE2-8FAB-FB8CE335F740}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{1BE36594-6ADC-4202-913F-5F749C81337A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1DE35918-D31B-45BE-8D16-9C45DCF6BF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2350A216-2946-493D-A29E-33B1EDC82162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25E21EE2-7560-4474-91C7-C44508DC6489}" = rport=10243 | protocol=6 | dir=out | app=system | "{2DFAD5C0-C566-4F61-AD19-525886803112}" = rport=10244 | protocol=6 | dir=out | app=system | "{30E4A4FF-9E33-499F-B798-6A06F2E3E9D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3191DECA-417D-496A-96E7-02FEF02CFEFF}" = lport=10244 | protocol=6 | dir=in | app=system | "{37A67E49-16A2-4AA4-B483-A04C5F07AC75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{39BA89BA-5E33-47BA-8848-ACB49C572B2E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{3C77367C-B142-4B4F-9343-0CA4D6459332}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{5503186A-1591-40C3-85F0-7D9A5BC9A93B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5E8A0030-0D36-4994-AC3B-1893BEE04794}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{64B06681-9A1C-47EB-A743-D2204BC730EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{776BEAB3-FDA1-46A4-90DA-8B6DCB3706A6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{78C098D2-3236-4208-9D54-0C010F77A004}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8AAD5D66-4F82-499A-9331-0BD43DD2AD08}" = rport=445 | protocol=6 | dir=out | app=system | "{8F2EF8C8-FDD2-4682-94D1-B5D4770F5D3F}" = lport=10243 | protocol=6 | dir=in | app=system | "{A4EB2E77-D18E-4E07-8F7D-72C40E556E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{AB35FD29-C819-4EBD-B954-63A5BB8A7741}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{AEED3589-EE54-4D38-80A0-A0FD6BBEE827}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B100CB64-BCF7-442B-93A4-5AFE17A56603}" = lport=137 | protocol=17 | dir=in | app=system | "{B800D73E-0396-4E6D-BDA6-D5D7A84ADA2D}" = lport=138 | protocol=17 | dir=in | app=system | "{B838CFCA-84E9-4CB0-A27B-B1504B9BEFCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF21D257-A7FD-48E5-8A21-E5E4CB0E5702}" = rport=139 | protocol=6 | dir=out | app=system | "{CFC551D5-7442-41F2-ADF9-A61C70D3A89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D5375A35-82EE-4FD0-B983-D0FEEA98E25F}" = rport=137 | protocol=17 | dir=out | app=system | "{D9074FF1-D1C0-430F-92B1-6C44AE88A44B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EA2C2A43-E142-4B23-943F-710440FD9CFD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{EA319ABF-05EE-4D32-B53A-46B7CCB3D10C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EEDCD9E0-81A0-4689-8060-018F689F528B}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{F046B3A2-66D7-4970-B531-637807A9DD0F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F36D0674-9292-4E9C-A993-7AB57DE2F9C3}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10E8C456-0210-4E73-9472-4CD35799A79D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{11963E22-D3FE-496F-B11F-233178653710}" = protocol=6 | dir=out | app=system | "{1272C230-B63C-46F1-8ECA-1DF57EDF3BC3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{247C9EBC-C3AF-45FF-9884-040D30047C33}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{28391B67-FDC6-4A4A-801E-F7124E8FFE10}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe | "{2E25BF11-24F1-4485-90FF-5C9EDEC477AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{33EC455F-2EFE-41DC-95FB-56CFFE7DF70A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{350076D4-693F-41B8-BD90-A4B6F6115FE6}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | "{363B42AB-E3C9-4696-B3C3-B1217C66CCB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3DC48DDD-4051-4111-BBBB-B6C39424525A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5682B6E3-4375-4741-B791-6FD1FAD13D9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5A30A4F1-1B8D-4A7C-8AC5-52340E33DE87}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{5AA83A82-8265-41C6-B6EF-8C3862D11B09}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{61E9D938-C4B4-47F7-913B-66796D781DFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63784E9D-FD24-4581-A97F-C3955134D42B}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | "{6E5D556C-4E80-4907-9EAD-1EBF44A77099}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6E92F78E-C7CB-4FC7-9E0F-57970BA652D9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{714D7EB7-FE58-4FC8-B460-647B353CBADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{76060410-9C04-4622-9CBA-04056B76FE3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{78380F14-117A-4524-A57A-14973C030903}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{86E887C7-8A68-450A-87FA-4C222710B361}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8CE86474-D536-460A-B95E-A313F2D1520F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8E61314E-0629-489A-BC91-18BE94AA8A04}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{944FC150-6A9B-4A53-B29E-D48889CAF127}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9BD81D42-DB56-43F2-812C-F4CDB1A9FE2C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{9FA08E23-060E-4DF9-90AF-D3930F5E0F35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A06754D5-078E-4E7D-8406-2B1C57977B3E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{A8841B5F-B5AC-4C80-8592-5FF2F79D9678}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF54A96A-D584-4EC8-8B2E-2F6B9A85F50D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B36A40E3-B27B-452A-AF45-52DA8E110142}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B43B1CCB-5D98-40A6-95FB-C38F7D7455B0}" = protocol=6 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | "{B73F2DBB-A331-4D55-A03C-AAC21C5F6F73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B968BE4F-BD65-4877-B105-F76F317B84F9}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{B99B9C4A-8C79-4267-96DB-19D72DED4F2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C3D36FB7-6922-41E6-96C3-A0B658A5578B}" = protocol=17 | dir=in | app=c:\program files\unlimited connection manager\unlimited connection manager.exe | "{C7CD8410-D29F-45F6-AD00-6BF36B9195AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CC9C1220-4F21-4A2A-A776-8D16A72204A4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{D8CAEFF8-0CEE-4015-A755-7D319E768EA4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{E29CCEC6-577E-4D6B-9DC3-3012CA1A41E2}" = dir=in | app=d:\program files\itunes\itunes.exe | "{E719ADE9-BA03-4D6F-BB65-6314D0093DDD}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | "{EE538957-909D-4EFC-A085-B929A39B048C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{F84A0EAD-AFBE-49AC-BD25-9F26D2A3E73F}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | "{FBA59B54-C69C-426B-9966-B55F12E2094F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FE9892ED-1298-4C3D-AFDD-C09E6F9D63CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF3F1D4A-93D0-4CA3-AFAD-C537458E08B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{1084484C-BC64-460A-8853-54AAEA1E5825}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{149D4CFE-B018-4FD1-AC82-9F5EBDEC1629}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "TCP Query User{5A3E0E37-CD92-4BFA-8BC6-EB04C475C83D}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "TCP Query User{88039DB5-A764-4A9D-8E9B-BFD87728A560}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "TCP Query User{990B1384-F106-44AE-8305-F66B4771C731}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=6 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "TCP Query User{9E8FB15F-2F0A-43BA-A172-CB92F5F49756}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=6 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | "TCP Query User{E264E4D9-FDE6-43E7-BA1C-43160AE55B08}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=6 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | "UDP Query User{2554715F-8C9F-42CE-93B5-EBC0B851717D}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "UDP Query User{2A46460A-95E7-49C1-AE87-96F93D60DD5D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{455AAC0F-D976-4D18-ADE8-3B3EEE00C2AE}C:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe" = protocol=17 | dir=in | app=c:\program files\d-link\ap manager for dwl-2100ap\apmgr7xxx.exe | "UDP Query User{4835702D-D30C-4E7D-84E0-70708198B8D9}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe | "UDP Query User{557BA70D-592B-426C-AC23-60FA3C617B26}C:\program files\abus security-center\installationsassistent 2\iw2.exe" = protocol=17 | dir=in | app=c:\program files\abus security-center\installationsassistent 2\iw2.exe | "UDP Query User{72A5BD2A-C6A5-4032-9ADA-E1115D0844CD}C:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe" = protocol=17 | dir=in | app=c:\users\dagmar\downloads\downloader_warcraft3_the_frozen_throne_dede.exe | "UDP Query User{C1DFAC81-009A-404C-8B4C-C6B675E475CF}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{45015CD6-4E70-4D1F-811E-2906B23BF27F}" = Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten "{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6414E7C5-C329-4C99-A223-FCCDB499E3E9}" = D-Link AirPlus Xtreme G AP Manager for DWL-2100AP "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3 "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver "{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B5C193AA-3BCE-483D-B9E7-97138248EB8B}" = ABUS IP-Installer "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5DECB40-7801-11D4-AFAE-0050DA073284}" = T-Concept X320 Xi320 Xi520 "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AVG Secure Search" = AVG Security Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "File Recover_is1" = File Recover 7.5 "Google Desktop" = Google Desktop "Installationsassistent2" = Installationsassistent2 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "LetsTrade" = LetsTrade Komponenten "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "PDFCreator Toolbar" = PDFCreator Toolbar "PROGNOS für Windows_is1" = PfW 4.7.2.3 "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "TuneAid_is1" = TuneAid 3.76 "TuneUp Utilities 2012" = TuneUp Utilities 2012 "UN060501" = BUFFALO NAS Navigator2 "UN090928" = BUFFALO LinkStation(LX-WXL) Setup Guide "Unlimited Connection Manager" = Unlimited Connection Manager "USB Compound Device" = USB Compound Device "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 1.1.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "X10Hardware" = X10 Hardware(TM) "ZoomPlayer" = Zoom Player (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich. "GoToMeeting" = GoToMeeting 5.1.0.874 ========== Last 10 Event Log Errors ========== Error: Unable to start EventLog service! < End of report > |
07.05.2012, 18:37 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul = IE - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field [2011.05.28 13:04:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:24051EFF :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.05.2012, 12:17 | #20 |
| Windows Verschlüsselungs Trojaner -.- So der OTL fix ist auch durch hier das LOG: Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-1186228194-2826595677-3955999054-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully. C:\Program Files\Softonic_Deutsch\tbSoft.dll moved successfully. HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}\ deleted successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\searchplugin folder moved successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\META-INF folder moved successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\lib folder moved successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\DualPackage folder moved successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\defaults folder moved successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\components folder moved successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com\chrome folder moved successfully. C:\Users\dagmar\AppData\Roaming\mozilla\Firefox\Profiles\r3o3ieey.default\extensions\engine@conduit.com folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}\ deleted successfully. C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found. File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully. C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found. File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found. File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. File C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{eec0f710-38b5-4aba-99bf-ec87564a4e13} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\ deleted successfully. File C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll not found. Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found. File C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll not found. Registry value HKEY_USERS\S-1-5-21-1186228194-2826595677-3955999054-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found. File C:\Program Files\Softonic_Deutsch\tbSoft.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! D:\AUTOEXEC.BAT moved successfully. ADS C:\ProgramData\Temp:24051EFF deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: dagmar ->Temp folder emptied: 6258338 bytes ->Temporary Internet Files folder emptied: 194433655 bytes ->Java cache emptied: 2597569 bytes ->FireFox cache emptied: 169292027 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 102965 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2861268 bytes RecycleBin emptied: 9853266451 bytes Total Files Cleaned = 9.755,00 mb [EMPTYFLASH] User: All Users User: dagmar ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.3 log created on 05082012_122544 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JET94FE.tmp not found! Registry entries deleted on Reboot... |
08.05.2012, 14:28 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ --> Windows Verschlüsselungs Trojaner -.- |
08.05.2012, 15:29 | #22 |
| Windows Verschlüsselungs Trojaner -.- Alles klar habe ich gemacht, hier der Report, und bis hier hin schonmal danke, viele Dank für deine Mühe. Code:
ATTFilter 16:25:30.0311 0276 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 16:25:30.0820 0276 ============================================================ 16:25:30.0820 0276 Current date / time: 2012/05/08 16:25:30.0820 16:25:30.0820 0276 SystemInfo: 16:25:30.0820 0276 16:25:30.0820 0276 OS Version: 6.0.6001 ServicePack: 1.0 16:25:30.0820 0276 Product type: Workstation 16:25:30.0821 0276 ComputerName: MAMA-PC 16:25:30.0821 0276 UserName: dagmar 16:25:30.0821 0276 Windows directory: C:\Windows 16:25:30.0821 0276 System windows directory: C:\Windows 16:25:30.0821 0276 Processor architecture: Intel x86 16:25:30.0821 0276 Number of processors: 2 16:25:30.0821 0276 Page size: 0x1000 16:25:30.0821 0276 Boot type: Normal boot 16:25:30.0821 0276 ============================================================ 16:25:32.0359 0276 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:25:32.0370 0276 ============================================================ 16:25:32.0370 0276 \Device\Harddisk0\DR0: 16:25:32.0370 0276 MBR partitions: 16:25:32.0370 0276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22CA4800 16:25:32.0370 0276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x22CA5000, BlocksNum 0x2789000 16:25:32.0370 0276 ============================================================ 16:25:32.0406 0276 C: <-> \Device\Harddisk0\DR0\Partition0 16:25:32.0434 0276 D: <-> \Device\Harddisk0\DR0\Partition1 16:25:32.0434 0276 ============================================================ 16:25:32.0434 0276 Initialize success 16:25:32.0434 0276 ============================================================ 16:27:08.0703 3352 ============================================================ 16:27:08.0703 3352 Scan started 16:27:08.0703 3352 Mode: Manual; SigCheck; TDLFS; 16:27:08.0703 3352 ============================================================ 16:27:09.0450 3352 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 16:27:09.0544 3352 ACPI - ok 16:27:09.0593 3352 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 16:27:09.0623 3352 adp94xx - ok 16:27:09.0673 3352 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 16:27:09.0697 3352 adpahci - ok 16:27:09.0731 3352 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 16:27:09.0756 3352 adpu160m - ok 16:27:09.0781 3352 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 16:27:09.0802 3352 adpu320 - ok 16:27:09.0834 3352 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 16:27:09.0947 3352 AeLookupSvc - ok 16:27:10.0020 3352 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys 16:27:10.0076 3352 AFD - ok 16:27:10.0093 3352 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 16:27:10.0103 3352 agp440 - ok 16:27:10.0128 3352 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 16:27:10.0140 3352 aic78xx - ok 16:27:10.0173 3352 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 16:27:10.0222 3352 ALG - ok 16:27:10.0245 3352 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 16:27:10.0254 3352 aliide - ok 16:27:10.0278 3352 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 16:27:10.0288 3352 amdagp - ok 16:27:10.0333 3352 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 16:27:10.0342 3352 amdide - ok 16:27:10.0372 3352 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 16:27:10.0408 3352 AmdK7 - ok 16:27:10.0429 3352 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 16:27:10.0474 3352 AmdK8 - ok 16:27:10.0488 3352 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 16:27:10.0523 3352 Appinfo - ok 16:27:10.0713 3352 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:27:10.0723 3352 Apple Mobile Device - ok 16:27:10.0745 3352 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 16:27:10.0756 3352 arc - ok 16:27:10.0778 3352 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 16:27:10.0788 3352 arcsas - ok 16:27:10.0813 3352 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 16:27:10.0868 3352 AsyncMac - ok 16:27:10.0890 3352 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys 16:27:10.0898 3352 atapi - ok 16:27:10.0987 3352 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll 16:27:11.0028 3352 AudioEndpointBuilder - ok 16:27:11.0033 3352 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll 16:27:11.0061 3352 Audiosrv - ok 16:27:11.0078 3352 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 16:27:11.0116 3352 Beep - ok 16:27:11.0161 3352 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll 16:27:11.0219 3352 BFE - ok 16:27:11.0359 3352 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll 16:27:11.0450 3352 BITS - ok 16:27:11.0483 3352 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 16:27:11.0524 3352 blbdrive - ok 16:27:11.0678 3352 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 16:27:11.0695 3352 Bonjour Service - ok 16:27:11.0766 3352 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys 16:27:11.0823 3352 bowser - ok 16:27:11.0836 3352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 16:27:11.0914 3352 BrFiltLo - ok 16:27:11.0943 3352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 16:27:11.0974 3352 BrFiltUp - ok 16:27:12.0008 3352 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 16:27:12.0052 3352 Browser - ok 16:27:12.0080 3352 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 16:27:12.0140 3352 Brserid - ok 16:27:12.0337 3352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 16:27:12.0402 3352 BrSerWdm - ok 16:27:12.0424 3352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 16:27:12.0476 3352 BrUsbMdm - ok 16:27:12.0491 3352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 16:27:12.0534 3352 BrUsbSer - ok 16:27:12.0584 3352 BthEnum (ae19cfbbba41800f3d5343e21d2ca09f) C:\Windows\system32\DRIVERS\BthEnum.sys 16:27:12.0619 3352 BthEnum - ok 16:27:12.0642 3352 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 16:27:12.0712 3352 BTHMODEM - ok 16:27:12.0752 3352 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 16:27:12.0792 3352 BthPan - ok 16:27:12.0876 3352 BTHPORT (75f19df0bc62992d05fdd8a32d968531) C:\Windows\system32\Drivers\BTHport.sys 16:27:12.0982 3352 BTHPORT - ok 16:27:13.0017 3352 BthServ (fc930b47a83f5f61dfadc64a0719de43) C:\Windows\System32\bthserv.dll 16:27:13.0062 3352 BthServ - ok 16:27:13.0104 3352 BTHUSB (4ce2a25c5936bc515357d60fee73f221) C:\Windows\system32\Drivers\BTHUSB.sys 16:27:13.0117 3352 BTHUSB - ok 16:27:13.0146 3352 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 16:27:13.0181 3352 cdfs - ok 16:27:13.0207 3352 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 16:27:13.0233 3352 cdrom - ok 16:27:13.0260 3352 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll 16:27:13.0285 3352 CertPropSvc - ok 16:27:13.0300 3352 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 16:27:13.0325 3352 circlass - ok 16:27:13.0375 3352 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 16:27:13.0402 3352 CLFS - ok 16:27:13.0509 3352 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:27:13.0520 3352 clr_optimization_v2.0.50727_32 - ok 16:27:13.0631 3352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:27:13.0652 3352 clr_optimization_v4.0.30319_32 - ok 16:27:13.0681 3352 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 16:27:13.0727 3352 CmBatt - ok 16:27:13.0758 3352 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 16:27:13.0767 3352 cmdide - ok 16:27:13.0788 3352 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 16:27:13.0797 3352 Compbatt - ok 16:27:13.0800 3352 COMSysApp - ok 16:27:13.0808 3352 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 16:27:13.0818 3352 crcdisk - ok 16:27:13.0838 3352 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 16:27:13.0888 3352 Crusoe - ok 16:27:13.0933 3352 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll 16:27:13.0994 3352 CryptSvc - ok 16:27:14.0092 3352 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll 16:27:14.0131 3352 DcomLaunch - ok 16:27:14.0189 3352 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys 16:27:14.0245 3352 DfsC - ok 16:27:14.0453 3352 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe 16:27:14.0596 3352 DFSR - ok 16:27:14.0754 3352 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll 16:27:14.0786 3352 Dhcp - ok 16:27:14.0836 3352 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 16:27:14.0846 3352 disk - ok 16:27:14.0903 3352 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll 16:27:14.0941 3352 Dnscache - ok 16:27:14.0980 3352 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll 16:27:15.0068 3352 dot3svc - ok 16:27:15.0109 3352 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 16:27:15.0167 3352 Dot4 - ok 16:27:15.0219 3352 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 16:27:15.0256 3352 Dot4Print - ok 16:27:15.0349 3352 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 16:27:15.0392 3352 dot4usb - ok 16:27:15.0430 3352 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 16:27:15.0479 3352 DPS - ok 16:27:15.0518 3352 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 16:27:15.0545 3352 drmkaud - ok 16:27:15.0633 3352 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 16:27:15.0693 3352 DXGKrnl - ok 16:27:15.0751 3352 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 16:27:15.0797 3352 E1G60 - ok 16:27:15.0829 3352 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 16:27:15.0864 3352 EapHost - ok 16:27:15.0897 3352 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 16:27:15.0918 3352 Ecache - ok 16:27:16.0028 3352 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 16:27:16.0051 3352 ehRecvr - ok 16:27:16.0074 3352 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 16:27:16.0112 3352 ehSched - ok 16:27:16.0147 3352 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 16:27:16.0171 3352 ehstart - ok 16:27:16.0233 3352 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 16:27:16.0256 3352 elxstor - ok 16:27:16.0354 3352 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll 16:27:16.0399 3352 EMDMgmt - ok 16:27:16.0427 3352 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 16:27:16.0482 3352 ErrDev - ok 16:27:16.0536 3352 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll 16:27:16.0561 3352 EventSystem - ok 16:27:16.0600 3352 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 16:27:16.0655 3352 exfat - ok 16:27:16.0689 3352 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 16:27:16.0744 3352 fastfat - ok 16:27:16.0770 3352 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 16:27:16.0795 3352 fdc - ok 16:27:16.0827 3352 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 16:27:16.0868 3352 fdPHost - ok 16:27:16.0894 3352 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 16:27:16.0953 3352 FDResPub - ok 16:27:16.0984 3352 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 16:27:16.0995 3352 FileInfo - ok 16:27:17.0021 3352 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 16:27:17.0063 3352 Filetrace - ok 16:27:17.0085 3352 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 16:27:17.0110 3352 flpydisk - ok 16:27:17.0128 3352 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 16:27:17.0142 3352 FltMgr - ok 16:27:17.0257 3352 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:27:17.0265 3352 FontCache3.0.0.0 - ok 16:27:17.0295 3352 FPSensor (78c108c807afdc45d7867b96d01aa8f2) C:\Windows\system32\Drivers\FPSensor.sys 16:27:17.0302 3352 FPSensor - ok 16:27:17.0311 3352 FPWinIo (4eff8408dd280f2468c39d0f4a2cec0d) C:\Windows\system32\DRIVERS\FPWinIo.sys 16:27:17.0319 3352 FPWinIo - ok 16:27:17.0329 3352 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 16:27:17.0368 3352 Fs_Rec - ok 16:27:17.0401 3352 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 16:27:17.0411 3352 gagp30kx - ok 16:27:17.0444 3352 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:27:17.0450 3352 GEARAspiWDM - ok 16:27:17.0536 3352 GoogleDesktopManager (33efd5039ea1bfa623d8bb9fb787cb0f) C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe 16:27:17.0554 3352 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning 16:27:17.0554 3352 GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1) 16:27:17.0631 3352 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll 16:27:17.0676 3352 gpsvc - ok 16:27:17.0731 3352 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 16:27:17.0752 3352 gusvc - ok 16:27:17.0817 3352 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 16:27:17.0903 3352 HdAudAddService - ok 16:27:17.0959 3352 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:27:17.0984 3352 HDAudBus - ok 16:27:17.0996 3352 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 16:27:18.0060 3352 HidBth - ok 16:27:18.0083 3352 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 16:27:18.0127 3352 HidIr - ok 16:27:18.0169 3352 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll 16:27:18.0244 3352 hidserv - ok 16:27:18.0270 3352 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys 16:27:18.0288 3352 HidUsb - ok 16:27:18.0309 3352 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 16:27:18.0353 3352 hkmsvc - ok 16:27:18.0372 3352 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 16:27:18.0382 3352 HpCISSs - ok 16:27:18.0482 3352 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 16:27:18.0598 3352 HTTP - ok 16:27:18.0660 3352 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys 16:27:18.0687 3352 hwdatacard - ok 16:27:18.0712 3352 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 16:27:18.0721 3352 i2omp - ok 16:27:18.0741 3352 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 16:27:18.0760 3352 i8042prt - ok 16:27:18.0797 3352 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 16:27:18.0825 3352 iaStorV - ok 16:27:18.0958 3352 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 16:27:18.0978 3352 IDriverT ( UnsignedFile.Multi.Generic ) - warning 16:27:18.0979 3352 IDriverT - detected UnsignedFile.Multi.Generic (1) 16:27:19.0165 3352 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:27:19.0221 3352 idsvc - ok 16:27:19.0446 3352 IGBASVC (be449d6218d34d93a95c1d2873dd8a5d) C:\Program Files\EgisTec\VITAKEY\BASVC.exe 16:27:19.0544 3352 IGBASVC - ok 16:27:19.0728 3352 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 16:27:19.0737 3352 iirsp - ok 16:27:19.0806 3352 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll 16:27:19.0882 3352 IKEEXT - ok 16:27:20.0140 3352 IntcAzAudAddService (c3c499a704a2d7958d9d7e5a9db60ce4) C:\Windows\system32\drivers\RTKVHDA.sys 16:27:20.0215 3352 IntcAzAudAddService - ok 16:27:20.0386 3352 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 16:27:20.0395 3352 intelide - ok 16:27:20.0426 3352 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 16:27:20.0464 3352 intelppm - ok 16:27:20.0492 3352 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 16:27:20.0537 3352 IPBusEnum - ok 16:27:20.0560 3352 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:27:20.0601 3352 IpFilterDriver - ok 16:27:20.0660 3352 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll 16:27:20.0712 3352 iphlpsvc - ok 16:27:20.0716 3352 IpInIp - ok 16:27:20.0742 3352 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 16:27:20.0768 3352 IPMIDRV - ok 16:27:20.0790 3352 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 16:27:20.0817 3352 IPNAT - ok 16:27:21.0018 3352 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe 16:27:21.0071 3352 iPod Service - ok 16:27:21.0112 3352 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 16:27:21.0137 3352 IRENUM - ok 16:27:21.0173 3352 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 16:27:21.0183 3352 isapnp - ok 16:27:21.0213 3352 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 16:27:21.0224 3352 iScsiPrt - ok 16:27:21.0242 3352 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 16:27:21.0251 3352 iteatapi - ok 16:27:21.0270 3352 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 16:27:21.0279 3352 iteraid - ok 16:27:21.0317 3352 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 16:27:21.0325 3352 kbdclass - ok 16:27:21.0342 3352 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 16:27:21.0366 3352 kbdhid - ok 16:27:21.0388 3352 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe 16:27:21.0427 3352 KeyIso - ok 16:27:21.0477 3352 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 16:27:21.0506 3352 KSecDD - ok 16:27:21.0566 3352 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 16:27:21.0647 3352 KtmRm - ok 16:27:21.0650 3352 KUSBusByTCPMasterBus - ok 16:27:21.0707 3352 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll 16:27:21.0722 3352 LanmanServer - ok 16:27:21.0792 3352 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll 16:27:21.0816 3352 LanmanWorkstation - ok 16:27:21.0841 3352 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 16:27:21.0889 3352 lltdio - ok 16:27:21.0956 3352 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 16:27:22.0039 3352 lltdsvc - ok 16:27:22.0057 3352 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 16:27:22.0112 3352 lmhosts - ok 16:27:22.0134 3352 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 16:27:22.0145 3352 LSI_FC - ok 16:27:22.0164 3352 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 16:27:22.0176 3352 LSI_SAS - ok 16:27:22.0200 3352 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 16:27:22.0211 3352 LSI_SCSI - ok 16:27:22.0238 3352 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 16:27:22.0264 3352 luafv - ok 16:27:22.0276 3352 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 16:27:22.0288 3352 Mcx2Svc - ok 16:27:22.0306 3352 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 16:27:22.0316 3352 megasas - ok 16:27:22.0370 3352 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 16:27:22.0454 3352 MegaSR - ok 16:27:22.0716 3352 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 16:27:22.0726 3352 Microsoft Office Groove Audit Service - ok 16:27:22.0748 3352 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:27:22.0773 3352 MMCSS - ok 16:27:22.0784 3352 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 16:27:22.0814 3352 Modem - ok 16:27:22.0832 3352 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 16:27:22.0871 3352 monitor - ok 16:27:22.0993 3352 mosuport (cfdcf35739762dc51a431ac0524a0efb) C:\Windows\system32\DRIVERS\mosuport.sys 16:27:23.0068 3352 mosuport ( UnsignedFile.Multi.Generic ) - warning 16:27:23.0068 3352 mosuport - detected UnsignedFile.Multi.Generic (1) 16:27:23.0090 3352 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 16:27:23.0098 3352 mouclass - ok 16:27:23.0110 3352 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 16:27:23.0136 3352 mouhid - ok 16:27:23.0149 3352 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 16:27:23.0159 3352 MountMgr - ok 16:27:23.0237 3352 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:27:23.0261 3352 MozillaMaintenance - ok 16:27:23.0291 3352 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 16:27:23.0318 3352 mpio - ok 16:27:23.0342 3352 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 16:27:23.0379 3352 mpsdrv - ok 16:27:23.0442 3352 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll 16:27:23.0504 3352 MpsSvc - ok 16:27:23.0524 3352 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 16:27:23.0534 3352 Mraid35x - ok 16:27:23.0566 3352 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 16:27:23.0599 3352 MRxDAV - ok 16:27:23.0665 3352 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:27:23.0710 3352 mrxsmb - ok 16:27:23.0779 3352 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:27:23.0798 3352 mrxsmb10 - ok 16:27:23.0817 3352 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:27:23.0831 3352 mrxsmb20 - ok 16:27:23.0863 3352 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys 16:27:23.0871 3352 msahci - ok 16:27:23.0892 3352 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 16:27:23.0904 3352 msdsm - ok 16:27:23.0934 3352 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 16:27:23.0973 3352 MSDTC - ok 16:27:23.0990 3352 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 16:27:24.0024 3352 Msfs - ok 16:27:24.0038 3352 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 16:27:24.0047 3352 msisadrv - ok 16:27:24.0091 3352 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 16:27:24.0135 3352 MSiSCSI - ok 16:27:24.0138 3352 msiserver - ok 16:27:24.0166 3352 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 16:27:24.0202 3352 MSKSSRV - ok 16:27:24.0236 3352 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 16:27:24.0260 3352 MSPCLOCK - ok 16:27:24.0277 3352 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 16:27:24.0302 3352 MSPQM - ok 16:27:24.0330 3352 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 16:27:24.0343 3352 MsRPC - ok 16:27:24.0364 3352 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 16:27:24.0373 3352 mssmbios - ok 16:27:24.0387 3352 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 16:27:24.0411 3352 MSTEE - ok 16:27:24.0444 3352 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 16:27:24.0454 3352 Mup - ok 16:27:24.0470 3352 mwlPSDFilter (62d3c8e2e75abd9fc3dee1b0e5b437e0) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 16:27:24.0495 3352 mwlPSDFilter - ok 16:27:24.0514 3352 mwlPSDNServ (3963db3d50d60d17ce7a5eb7d4da2e7d) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 16:27:24.0520 3352 mwlPSDNServ - ok 16:27:24.0535 3352 mwlPSDVDisk (c6de675ce2f2b6e4f78bf7e8187fc1ec) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 16:27:24.0542 3352 mwlPSDVDisk - ok 16:27:24.0722 3352 MWLService (3fd2d2f48c05c9e8ec0a8d61bce12bfa) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe 16:27:24.0738 3352 MWLService - ok 16:27:24.0789 3352 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll 16:27:24.0831 3352 napagent - ok 16:27:24.0889 3352 NasPmService - ok 16:27:24.0936 3352 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 16:27:24.0971 3352 NativeWifiP - ok 16:27:25.0070 3352 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 16:27:25.0131 3352 NDIS - ok 16:27:25.0180 3352 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 16:27:25.0214 3352 NdisTapi - ok 16:27:25.0228 3352 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 16:27:25.0273 3352 Ndisuio - ok 16:27:25.0328 3352 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 16:27:25.0365 3352 NdisWan - ok 16:27:25.0373 3352 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 16:27:25.0393 3352 NDProxy - ok 16:27:25.0540 3352 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 16:27:25.0566 3352 Nero BackItUp Scheduler 3 - ok 16:27:25.0591 3352 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 16:27:25.0626 3352 NetBIOS - ok 16:27:25.0653 3352 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 16:27:25.0698 3352 netbt - ok 16:27:25.0742 3352 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe 16:27:25.0756 3352 Netlogon - ok 16:27:25.0805 3352 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 16:27:25.0848 3352 Netman - ok 16:27:25.0880 3352 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 16:27:25.0920 3352 netprofm - ok 16:27:26.0020 3352 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:27:26.0042 3352 NetTcpPortSharing - ok 16:27:26.0379 3352 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 16:27:26.0628 3352 NETw5v32 - ok 16:27:26.0793 3352 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 16:27:26.0804 3352 nfrd960 - ok 16:27:26.0862 3352 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 16:27:26.0936 3352 NlaSvc - ok 16:27:27.0070 3352 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 16:27:27.0105 3352 NMIndexingService - ok 16:27:27.0159 3352 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 16:27:27.0201 3352 Npfs - ok 16:27:27.0218 3352 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 16:27:27.0251 3352 nsi - ok 16:27:27.0260 3352 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 16:27:27.0308 3352 nsiproxy - ok 16:27:27.0420 3352 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 16:27:27.0505 3352 Ntfs - ok 16:27:27.0535 3352 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 16:27:27.0589 3352 ntrigdigi - ok 16:27:27.0629 3352 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 16:27:27.0653 3352 Null - ok 16:27:27.0688 3352 NVHDA (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys 16:27:27.0696 3352 NVHDA - ok 16:27:28.0677 3352 nvlddmkm (692bd7ae273b8fd16d1ef1677394dd84) C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:27:29.0300 3352 nvlddmkm - ok 16:27:29.0453 3352 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 16:27:29.0478 3352 nvraid - ok 16:27:29.0507 3352 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 16:27:29.0518 3352 nvstor - ok 16:27:29.0565 3352 nvsvc (7708f81cc3c92e107da01caa67dfdb0a) C:\Windows\system32\nvvsvc.exe 16:27:29.0583 3352 nvsvc - ok 16:27:29.0613 3352 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 16:27:29.0627 3352 nv_agp - ok 16:27:29.0631 3352 NwlnkFlt - ok 16:27:29.0635 3352 NwlnkFwd - ok 16:27:29.0805 3352 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:27:29.0833 3352 odserv - ok 16:27:29.0859 3352 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 16:27:29.0917 3352 ohci1394 - ok 16:27:29.0951 3352 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:27:29.0971 3352 ose - ok 16:27:30.0052 3352 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 16:27:30.0112 3352 p2pimsvc - ok 16:27:30.0119 3352 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 16:27:30.0177 3352 p2psvc - ok 16:27:30.0228 3352 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 16:27:30.0284 3352 Parport - ok 16:27:30.0315 3352 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 16:27:30.0325 3352 partmgr - ok 16:27:30.0342 3352 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 16:27:30.0386 3352 Parvdm - ok 16:27:30.0404 3352 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 16:27:30.0436 3352 PcaSvc - ok 16:27:30.0552 3352 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 16:27:30.0565 3352 pci - ok 16:27:30.0588 3352 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 16:27:30.0597 3352 pciide - ok 16:27:30.0634 3352 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 16:27:30.0653 3352 pcmcia - ok 16:27:30.0746 3352 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 16:27:30.0838 3352 PEAUTH - ok 16:27:30.0986 3352 PhilCap (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys 16:27:31.0047 3352 PhilCap - ok 16:27:31.0261 3352 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 16:27:31.0384 3352 pla - ok 16:27:31.0544 3352 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe 16:27:31.0583 3352 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 16:27:31.0583 3352 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 16:27:31.0630 3352 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll 16:27:31.0711 3352 PlugPlay - ok 16:27:31.0810 3352 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 16:27:31.0858 3352 PNRPAutoReg - ok 16:27:31.0865 3352 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll 16:27:31.0915 3352 PNRPsvc - ok 16:27:32.0010 3352 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll 16:27:32.0074 3352 PolicyAgent - ok 16:27:32.0152 3352 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 16:27:32.0194 3352 PptpMiniport - ok 16:27:32.0233 3352 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 16:27:32.0259 3352 Processor - ok 16:27:32.0301 3352 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll 16:27:32.0341 3352 ProfSvc - ok 16:27:32.0380 3352 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe 16:27:32.0391 3352 ProtectedStorage - ok 16:27:32.0435 3352 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe 16:27:32.0446 3352 ProtexisLicensing - ok 16:27:32.0474 3352 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 16:27:32.0512 3352 PSched - ok 16:27:32.0624 3352 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 16:27:32.0740 3352 ql2300 - ok 16:27:32.0857 3352 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 16:27:32.0886 3352 ql40xx - ok 16:27:33.0057 3352 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 16:27:33.0086 3352 QWAVE - ok 16:27:33.0105 3352 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 16:27:33.0133 3352 QWAVEdrv - ok 16:27:33.0148 3352 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 16:27:33.0173 3352 RasAcd - ok 16:27:33.0197 3352 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 16:27:33.0244 3352 RasAuto - ok 16:27:33.0272 3352 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:27:33.0298 3352 Rasl2tp - ok 16:27:33.0338 3352 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll 16:27:33.0379 3352 RasMan - ok 16:27:33.0386 3352 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 16:27:33.0411 3352 RasPppoe - ok 16:27:33.0428 3352 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 16:27:33.0459 3352 RasSstp - ok 16:27:33.0509 3352 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 16:27:33.0548 3352 rdbss - ok 16:27:33.0568 3352 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:27:33.0602 3352 RDPCDD - ok 16:27:33.0650 3352 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 16:27:33.0692 3352 rdpdr - ok 16:27:33.0697 3352 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 16:27:33.0746 3352 RDPENCDD - ok 16:27:33.0773 3352 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 16:27:33.0814 3352 RDPWD - ok 16:27:33.0857 3352 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 16:27:33.0883 3352 RemoteAccess - ok 16:27:33.0925 3352 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll 16:27:33.0964 3352 RemoteRegistry - ok 16:27:34.0015 3352 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys 16:27:34.0037 3352 RFCOMM - ok 16:27:34.0148 3352 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared Files\RichVideo.exe 16:27:34.0182 3352 RichVideo ( UnsignedFile.Multi.Generic ) - warning 16:27:34.0183 3352 RichVideo - detected UnsignedFile.Multi.Generic (1) 16:27:34.0225 3352 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 16:27:34.0237 3352 RpcLocator - ok 16:27:34.0327 3352 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll 16:27:34.0348 3352 RpcSs - ok 16:27:34.0368 3352 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 16:27:34.0393 3352 rspndr - ok 16:27:34.0425 3352 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys 16:27:34.0510 3352 RTL8169 - ok 16:27:34.0561 3352 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS 16:27:34.0602 3352 RTSTOR - ok 16:27:34.0616 3352 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe 16:27:34.0629 3352 SamSs - ok 16:27:34.0662 3352 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 16:27:34.0673 3352 sbp2port - ok 16:27:34.0715 3352 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll 16:27:34.0749 3352 SCardSvr - ok 16:27:34.0853 3352 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll 16:27:34.0878 3352 Schedule - ok 16:27:34.0907 3352 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll 16:27:34.0932 3352 SCPolicySvc - ok 16:27:34.0951 3352 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 16:27:34.0986 3352 SDRSVC - ok 16:27:35.0019 3352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 16:27:35.0075 3352 secdrv - ok 16:27:35.0086 3352 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 16:27:35.0113 3352 seclogon - ok 16:27:35.0125 3352 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 16:27:35.0163 3352 SENS - ok 16:27:35.0183 3352 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 16:27:35.0244 3352 Serenum - ok 16:27:35.0296 3352 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 16:27:35.0351 3352 Serial - ok 16:27:35.0370 3352 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 16:27:35.0396 3352 sermouse - ok 16:27:35.0436 3352 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 16:27:35.0464 3352 SessionEnv - ok 16:27:35.0476 3352 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 16:27:35.0495 3352 sffdisk - ok 16:27:35.0512 3352 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 16:27:35.0552 3352 sffp_mmc - ok 16:27:35.0564 3352 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 16:27:35.0601 3352 sffp_sd - ok 16:27:35.0612 3352 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 16:27:35.0656 3352 sfloppy - ok 16:27:35.0717 3352 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 16:27:35.0775 3352 SharedAccess - ok 16:27:35.0835 3352 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll 16:27:35.0871 3352 ShellHWDetection - ok 16:27:35.0896 3352 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 16:27:35.0909 3352 sisagp - ok 16:27:35.0922 3352 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 16:27:35.0935 3352 SiSRaid2 - ok 16:27:35.0967 3352 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 16:27:35.0981 3352 SiSRaid4 - ok 16:27:36.0236 3352 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe 16:27:36.0405 3352 slsvc - ok 16:27:36.0587 3352 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll 16:27:36.0615 3352 SLUINotify - ok 16:27:36.0656 3352 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 16:27:36.0696 3352 Smb - ok 16:27:36.0719 3352 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 16:27:36.0732 3352 SNMPTRAP - ok 16:27:36.0908 3352 SNP2UVC (913d2ce973ed904fe54de9db38fceff2) C:\Windows\system32\DRIVERS\snp2uvc.sys 16:27:37.0039 3352 SNP2UVC - ok 16:27:37.0204 3352 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 16:27:37.0214 3352 spldr - ok 16:27:37.0270 3352 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe 16:27:37.0324 3352 Spooler - ok 16:27:37.0397 3352 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys 16:27:37.0441 3352 srv - ok 16:27:37.0508 3352 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys 16:27:37.0540 3352 srv2 - ok 16:27:37.0807 3352 srvcPVR (71db619f4068d7c70d447d73617cdfac) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe 16:27:37.0909 3352 srvcPVR ( UnsignedFile.Multi.Generic ) - warning 16:27:37.0909 3352 srvcPVR - detected UnsignedFile.Multi.Generic (1) 16:27:38.0265 3352 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys 16:27:38.0307 3352 srvnet - ok 16:27:38.0348 3352 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 16:27:38.0388 3352 SSDPSRV - ok 16:27:38.0436 3352 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 16:27:38.0458 3352 SstpSvc - ok 16:27:38.0504 3352 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 16:27:38.0524 3352 StillCam - ok 16:27:38.0584 3352 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll 16:27:38.0605 3352 stisvc - ok 16:27:38.0628 3352 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 16:27:38.0636 3352 swenum - ok 16:27:38.0674 3352 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys 16:27:38.0683 3352 swmsflt - ok 16:27:38.0741 3352 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll 16:27:38.0773 3352 swprv - ok 16:27:38.0803 3352 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 16:27:38.0812 3352 Symc8xx - ok 16:27:38.0841 3352 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 16:27:38.0850 3352 Sym_hi - ok 16:27:38.0875 3352 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 16:27:38.0884 3352 Sym_u3 - ok 16:27:38.0954 3352 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll 16:27:38.0999 3352 SysMain - ok 16:27:39.0025 3352 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 16:27:39.0041 3352 TabletInputService - ok 16:27:39.0080 3352 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll 16:27:39.0121 3352 TapiSrv - ok 16:27:39.0139 3352 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 16:27:39.0166 3352 TBS - ok 16:27:39.0289 3352 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 16:27:39.0339 3352 Tcpip - ok 16:27:39.0350 3352 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 16:27:39.0393 3352 Tcpip6 - ok 16:27:39.0417 3352 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 16:27:39.0458 3352 tcpipreg - ok 16:27:39.0479 3352 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 16:27:39.0526 3352 TDPIPE - ok 16:27:39.0548 3352 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 16:27:39.0573 3352 TDTCP - ok 16:27:39.0591 3352 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 16:27:39.0634 3352 tdx - ok 16:27:39.0648 3352 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 16:27:39.0657 3352 TermDD - ok 16:27:39.0729 3352 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll 16:27:39.0788 3352 TermService - ok 16:27:39.0876 3352 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll 16:27:39.0893 3352 Themes - ok 16:27:39.0914 3352 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 16:27:39.0940 3352 THREADORDER - ok 16:27:39.0953 3352 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 16:27:39.0979 3352 TrkWks - ok 16:27:40.0043 3352 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe 16:27:40.0084 3352 TrustedInstaller - ok 16:27:40.0108 3352 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:27:40.0155 3352 tssecsrv - ok 16:27:40.0175 3352 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 16:27:40.0187 3352 tunmp - ok 16:27:40.0217 3352 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 16:27:40.0230 3352 tunnel - ok 16:27:40.0265 3352 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 16:27:40.0276 3352 uagp35 - ok 16:27:40.0345 3352 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 16:27:40.0376 3352 udfs - ok 16:27:40.0412 3352 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 16:27:40.0449 3352 UI0Detect - ok 16:27:40.0474 3352 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 16:27:40.0484 3352 uliagpkx - ok 16:27:40.0530 3352 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 16:27:40.0554 3352 uliahci - ok 16:27:40.0585 3352 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 16:27:40.0596 3352 UlSata - ok 16:27:40.0616 3352 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 16:27:40.0628 3352 ulsata2 - ok 16:27:40.0654 3352 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 16:27:40.0691 3352 umbus - ok 16:27:40.0699 3352 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys 16:27:40.0732 3352 UMPass - ok 16:27:40.0771 3352 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 16:27:40.0813 3352 upnphost - ok 16:27:40.0857 3352 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys 16:27:40.0884 3352 USBAAPL - ok 16:27:40.0927 3352 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys 16:27:40.0953 3352 usbaudio - ok 16:27:40.0999 3352 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 16:27:41.0038 3352 usbccgp - ok 16:27:41.0067 3352 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 16:27:41.0129 3352 usbcir - ok 16:27:41.0151 3352 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 16:27:41.0196 3352 usbehci - ok 16:27:41.0225 3352 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 16:27:41.0281 3352 usbhub - ok 16:27:41.0303 3352 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 16:27:41.0348 3352 usbohci - ok 16:27:41.0388 3352 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 16:27:41.0413 3352 usbprint - ok 16:27:41.0451 3352 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 16:27:41.0470 3352 usbscan - ok 16:27:41.0508 3352 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:27:41.0534 3352 USBSTOR - ok 16:27:41.0546 3352 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 16:27:41.0592 3352 usbuhci - ok 16:27:41.0643 3352 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 16:27:41.0743 3352 usbvideo - ok 16:27:41.0766 3352 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll 16:27:41.0830 3352 UxSms - ok 16:27:41.0883 3352 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe 16:27:41.0945 3352 vds - ok 16:27:42.0167 3352 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 16:27:42.0217 3352 vga - ok 16:27:42.0248 3352 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 16:27:42.0287 3352 VgaSave - ok 16:27:42.0315 3352 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 16:27:42.0328 3352 viaagp - ok 16:27:42.0378 3352 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 16:27:42.0403 3352 ViaC7 - ok 16:27:42.0423 3352 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 16:27:42.0432 3352 viaide - ok 16:27:42.0460 3352 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 16:27:42.0470 3352 volmgr - ok 16:27:42.0566 3352 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 16:27:42.0596 3352 volmgrx - ok 16:27:42.0632 3352 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 16:27:42.0670 3352 volsnap - ok 16:27:42.0704 3352 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 16:27:42.0726 3352 vsmraid - ok 16:27:42.0938 3352 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe 16:27:43.0038 3352 VSS - ok 16:27:43.0107 3352 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll 16:27:43.0159 3352 W32Time - ok 16:27:43.0257 3352 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 16:27:43.0301 3352 WacomPen - ok 16:27:43.0330 3352 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:27:43.0365 3352 Wanarp - ok 16:27:43.0380 3352 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 16:27:43.0400 3352 Wanarpv6 - ok 16:27:43.0590 3352 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll 16:27:43.0634 3352 wcncsvc - ok 16:27:43.0685 3352 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 16:27:43.0719 3352 WcsPlugInService - ok 16:27:43.0815 3352 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 16:27:43.0824 3352 Wd - ok 16:27:44.0066 3352 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 16:27:44.0099 3352 Wdf01000 - ok 16:27:44.0120 3352 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:27:44.0162 3352 WdiServiceHost - ok 16:27:44.0165 3352 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 16:27:44.0192 3352 WdiSystemHost - ok 16:27:44.0225 3352 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll 16:27:44.0255 3352 WebClient - ok 16:27:44.0317 3352 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 16:27:44.0350 3352 Wecsvc - ok 16:27:44.0373 3352 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 16:27:44.0412 3352 wercplsupport - ok 16:27:44.0466 3352 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll 16:27:44.0489 3352 WerSvc - ok 16:27:44.0572 3352 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 16:27:44.0597 3352 WinDefend - ok 16:27:44.0602 3352 WinHttpAutoProxySvc - ok 16:27:44.0685 3352 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll 16:27:44.0724 3352 Winmgmt - ok 16:27:44.0901 3352 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 16:27:45.0008 3352 WinRM - ok 16:27:45.0133 3352 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll 16:27:45.0181 3352 Wlansvc - ok 16:27:45.0230 3352 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:27:45.0249 3352 WmiAcpi - ok 16:27:45.0414 3352 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe 16:27:45.0458 3352 wmiApSrv - ok 16:27:45.0631 3352 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 16:27:45.0680 3352 WMPNetworkSvc - ok 16:27:45.0817 3352 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll 16:27:45.0837 3352 WPCSvc - ok 16:27:45.0858 3352 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll 16:27:45.0892 3352 WPDBusEnum - ok 16:27:45.0970 3352 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 16:27:46.0008 3352 WpdUsb - ok 16:27:46.0338 3352 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:27:46.0385 3352 WPFFontCache_v0400 - ok 16:27:46.0411 3352 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 16:27:46.0473 3352 ws2ifsl - ok 16:27:46.0509 3352 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll 16:27:46.0526 3352 wscsvc - ok 16:27:46.0539 3352 WSearch - ok 16:27:46.0548 3352 wtsmpadap - ok 16:27:46.0554 3352 WtSmpFlt - ok 16:27:46.0766 3352 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 16:27:46.0906 3352 wuauserv - ok 16:27:47.0038 3352 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:27:47.0076 3352 WUDFRd - ok 16:27:47.0105 3352 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 16:27:47.0144 3352 wudfsvc - ok 16:27:47.0169 3352 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys 16:27:47.0177 3352 X10Hid - ok 16:27:47.0264 3352 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 16:27:47.0279 3352 x10nets ( UnsignedFile.Multi.Generic ) - warning 16:27:47.0279 3352 x10nets - detected UnsignedFile.Multi.Generic (1) 16:27:47.0312 3352 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys 16:27:47.0319 3352 XUIF - ok 16:27:47.0333 3352 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 16:27:47.0484 3352 \Device\Harddisk0\DR0 - ok 16:27:47.0487 3352 Boot (0x1200) (d388fb9ccf230ec959d1a647c421c6b8) \Device\Harddisk0\DR0\Partition0 16:27:47.0489 3352 \Device\Harddisk0\DR0\Partition0 - ok 16:27:47.0507 3352 Boot (0x1200) (bd23f3459bb4a4a6ef4d891f1def3ff1) \Device\Harddisk0\DR0\Partition1 16:27:47.0508 3352 \Device\Harddisk0\DR0\Partition1 - ok 16:27:47.0508 3352 ============================================================ 16:27:47.0508 3352 Scan finished 16:27:47.0508 3352 ============================================================ 16:27:47.0520 0788 Detected object count: 7 16:27:47.0520 0788 Actual detected object count: 7 16:27:55.0293 0788 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user 16:27:55.0293 0788 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:27:55.0295 0788 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 16:27:55.0295 0788 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:27:55.0297 0788 mosuport ( UnsignedFile.Multi.Generic ) - skipped by user 16:27:55.0297 0788 mosuport ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:27:55.0299 0788 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 16:27:55.0299 0788 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:27:55.0300 0788 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 16:27:55.0301 0788 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:27:55.0302 0788 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user 16:27:55.0302 0788 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:27:55.0304 0788 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user 16:27:55.0304 0788 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip |
08.05.2012, 17:42 | #23 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.05.2012, 20:55 | #24 |
| Windows Verschlüsselungs Trojaner -.- Soo und hier die CF.txt Code:
ATTFilter ComboFix 12-05-08.02 - dagmar 08.05.2012 21:42:50.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.2006 [GMT 2:00] ausgeführt von:: c:\users\dagmar\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\abmeldung.doc.rkhv c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Blumen Service.url.fbja c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\ALDI Fotoservice.url.vrih c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\anmeldung.doc.qaxl c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.fvgu c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.doc.joqj c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\antrag 05.xml c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Antrag neubau.rtf.yycy c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\briefbogenbw.doc.nhib c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\BullGuard Internet Security.url.lpal c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Currenta Bewerbungsbogen.pdf.jnwp c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Einladung_Medenspiel_Sommer.doc.nbgu c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\göckemeyer.doc.yycy c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroBetriebs10-11.xls.qnwm c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\GiroVerein 12.xls.pkmw c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\HOTHotel Maritim Bonn.URL.vcyf c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Games.url.vqms c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\MEDION Homepage.url.ynja c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Namentliche_Meldung_Kreismeisterschaften_2012BlauWeiß Leichlingen.doc.nqon c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Sommerplan 2011.xlsx.hinp c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\Trainigskosten SS 2011.xlsx.dtfn c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Recent\www.bahn.de - Ihr Mobilitätsportal für Reisen, Bahn, Urlaub, Hotels, Städtereisen und Mietwagen.URL.gtln c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-04-08 bis 2012-05-08 )))))))))))))))))))))))))))))) . . 2012-05-08 19:49 . 2012-05-08 19:49 -------- d-----w- c:\users\dagmar\AppData\Local\temp 2012-05-08 19:49 . 2012-05-08 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-08 10:25 . 2012-05-08 10:25 -------- d-----w- C:\_OTL 2012-05-08 10:08 . 2012-04-13 07:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F285FC0-BD01-4B42-8492-E12866761F47}\mpengine.dll ERROR(0x00000005) 2012-05-06 20:16 . 2012-05-08 14:56 1152760 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll ERROR(0x00000005) 2012-05-03 00:00 . 2012-05-03 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-02 19:43 . 2012-05-02 19:43 -------- d-----w- c:\users\dagmar\AppData\Roaming\Malwarebytes 2012-05-02 19:39 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 17:09 . 2012-04-30 17:09 -------- d-----w- c:\program files\iPod 2012-04-30 14:41 . 2012-04-30 14:41 -------- d-----w- c:\program files\ABUS Security-Center 2012-04-25 08:49 . 2012-04-25 08:49 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 08:48 . 2012-04-25 08:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 08:48 . 2012-04-25 08:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 07:36 . 2008-08-28 02:31 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005) 2012-02-23 08:18 . 2009-10-03 10:08 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-04-25 08:48 . 2011-05-26 15:41 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-08-04 14:45 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-08 13548064] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 6265376] "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-08-04 326192] "VitaKeyPdtWzd"="c:\program files\EgisTec\VITAKEY\PdtWzd.exe" [2008-08-29 2303272] "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ c:\program files\EgisTec\VITAKEY\PwdFilter . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^dagmar^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\dagmar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-09-02 12:24 220160 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-08 20:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments] 2012-02-23 11:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- d:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-09 18:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-04-25 11:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] 2007-02-09 20:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2uvc] 2008-08-28 13:03 233472 ----a-w- c:\windows\tsnp2uvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2008-06-13 16:11 210216 ------w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "ehTray.exe"=c:\windows\ehome\ehTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners . 2012-05-08 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://isearch.avg.com/?cid={7F78FFAE-8F3D-4E7C-BD38-57542C0788A8}&mid=0ad1e0af5fe847d1a9b264b9e522cff8-244949e3879da9d0fd68234c09e98073b34560dc&lang=de&ds=tt015&pr=sa&d=2012-03-09 12:20&v=8.0.0.34&sap=hp uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\dagmar\AppData\Roaming\Mozilla\Firefox\Profiles\r3o3ieey.default\ FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\bullguard.exe MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-05-08 21:49 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(680) c:\program files\EgisTec\VITAKEY\PwdFilter.dll . Zeit der Fertigstellung: 2012-05-08 21:53:09 ComboFix-quarantined-files.txt 2012-05-08 19:52 . Vor Suchlauf: 10 Verzeichnis(se), 149.309.288.448 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 149.279.653.888 Bytes frei . - - End Of File - - 510ADED92F5B59506D0E8CA93F8CFDBF |
11.05.2012, 09:55 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Verschlüsselungs Trojaner -.- Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows Verschlüsselungs Trojaner -.- |
anhang, arten, avg secure search, avg security toolbar, beim starten, bezahlen, bingbar, brauch, conduit, direkt, dubiose, durchlauf, e-mail, erhalte, erhalten, geld, geschieht, hoffe, lange, laptop, laufen, locker, mywinlocker, natürlich, plug-in, remote user, schonmal, secure search, sierra, softonic, softonic deutsch toolbar, starte, starten, super, troja, trojaner, verschlüsselungs, version=1.0, vtoolbarupdater, windows |