| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: habe mir evtl. Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.05.2012, 18:58
| #1 |
 |  habe mir evtl. Trojaner eingefangen Zugegeben, ich habe einen Anhang einer nicht sauberen Mail geöffnet. Der Text lautete ca. so: "wir freuen uns, dass Sie sich für das upgrade .... entschieden haben.... Die genauen Informationen zur Kündigungsfrist erfahren Sie in den Rechnung im Anhang...". Die Mail habe ich mittlerweile gelöscht. Ich habe aber schon bedenken, dass ich mir einen Trojaner o. ä. eingefangen habe. Anzeichen dafür kann ich aber (noch) nicht feststellen. Ich habe gem. der Anleitung auf Eurer Homepage Malwarebytes ausgeführt und auch gem. Punkt 3 defrogger und GMER ausgeführt. Die Ergebnisse sind im Anhang. Ich wäre sehr dankbar, wenn Ihr mir helfen würdet, mein Notebook zu checken und mir sagt, falls dieses befallen ist, wie ich nun weiter vorgehen muss - ich habe davon gar keine Ahnung. Vielen Dank für Eurer Engagement, annascott10 |
|
04.05.2012, 11:27
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | habe mir evtl. Trojaner eingefangenZitat:
__________________ |
|
04.05.2012, 18:25
| #3 |
| | habe mir evtl. Trojaner eingefangen Doch, ich hatte den erst Anhang geöffnet. Dort war ein Textfile mit dem Hinweis, dass der Anhang gelöscht ist, zu finden.
__________________ |
|
04.05.2012, 19:19
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | habe mir evtl. Trojaner eingefangen Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.05.2012, 19:03
| #5 |
| | habe mir evtl. Trojaner eingefangen Hallo, vielen Dank für die Hilfe bislang. Ich habe nun den Vollscan von Malwarebytes durchgeführt - Logfile ist im Anhang zu finden und auch den Scan mit ESET ausgeführt. Hier das log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b7e3546f2a73cf4cb9e0c8057ad41125
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-05 01:47:13
# local_time=2012-05-05 03:47:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 10599610 173753405 0 0
# compatibility_mode=8192 67108863 100 0 1252 1252 0 0
# scanned=143826
# found=14
# cleaned=0
# scan_time=4956
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\christiane\AppData\Local\Temp\303B098D-BAB0-7891-AF4C-2A1CE172B86D\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\christiane\AppData\Local\Temp\48FC9CBE-BAB0-7891-A2F4-2F5ECE51165B\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\christiane\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\christiane\AppData\Local\Temp\InstallShare6929\bab_setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\christiane\AppData\Local\Temp\InstallShare9900\bab_setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I
Viele Grüße, annascott10 |
|
11.05.2012, 08:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | habe mir evtl. Trojaner eingefangen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> habe mir evtl. Trojaner eingefangen |
|
11.05.2012, 15:56
| #7 |
| | habe mir evtl. Trojaner eingefangen Nein, im Startmenü vermisse ich nichts, es sind auch keine leeren Ordner vorhanden. Der PC funktioniert uneingeschränkt, ich kann keine Verzögerungen, Fehler oder sonstiges feststellen. viele Grüße annascott10 |
|
11.05.2012, 20:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | habe mir evtl. Trojaner eingefangen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2012, 07:34
| #9 |
| | habe mir evtl. Trojaner eingefangen Hallo, hier das log aus OTL: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.05.2012 08:13:29 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\christiane\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,07% Memory free
4,23 Gb Paging File | 3,46 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 59,20 Gb Free Space | 43,22% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,83 Gb Free Space | 58,30% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: christiane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3185368E-4405-4EAA-B2E9-F53797BC1B27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36AA5DFF-6184-4B8E-8D61-E184E754FD46}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{87BC782A-E7B3-4E36-8B6A-21EBD7B9208C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{89F78D66-9BCD-44AA-93BA-72B2A7BB38F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D4B297F-6160-4DB6-A7AD-7BE8009EAD86}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9006FBE9-2889-48DE-8AA7-C20A1E5C82AA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{93D11A58-A915-4057-AD15-31EA68096765}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C53E0AB7-5F75-42BF-92AC-B385642D1FBE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D6ECF2D3-561E-483B-B2E3-E279AF8852DF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D779662D-5749-41C8-BB41-BE57A43E082D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0070C48F-3B68-4B0B-B5AE-DB48C09ED3DB}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{04078E54-27F3-46A1-87E6-D9C505FBC031}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0578C329-E90A-4C42-BF40-C5F667BA1072}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1D6DD9BB-2424-4EF1-87CE-173B94904982}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{35B5052C-8E3F-4456-8122-BCA5D208A27D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{3DFD25B6-C22C-43E4-B772-949F3114E501}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4BFC8CDC-A410-42C0-85B3-CCDD8D29CB6E}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{6A0EE4F3-C568-46DD-A872-1C2D9799A579}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{898C581D-3B50-44F9-871E-FFB277582E3B}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{A4A23AF7-27EC-4C11-A762-48B684B1E1CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AC0C4A9F-F28E-4348-BFD1-93721D6C6081}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{AF51538F-4ECE-411D-87C9-7A57D55EE61F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B7754E91-B14A-4CE3-BBDF-884B31FD74CF}" = protocol=6 | dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{B82AC289-4DE8-48CF-8E71-8FE37457CE1B}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{BC19BD40-1D71-43BA-B134-1736BBFA45C2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{C096CEE5-8801-4957-BC1D-102A95EB1F7F}" = protocol=17 | dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{C15BB5B7-F76F-4BDF-86B9-EBB19EB827BB}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{DB374C32-7AF2-45E0-BDEA-1D6A7EB9C101}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{EB507D65-E324-4F4F-9FE8-052C984416BB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F44E5F23-387D-4175-BF1D-C2E6C454AA1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FDBD8338-E11C-436B-81F4-84E270AF6329}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"TCP Query User{B4857625-3CD3-4CB8-A8ED-1312A1345AB0}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
"UDP Query User{7AF09ECC-5617-4DB3-89BA-897D40CB0452}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BCCA33-61E7-5FFD-2661-77E4E09F6960}" = CCC Help German
"{080CA2CA-AF4E-402A-B10F-20A82D9DCCFA}" = WISO Haushaltsbuch 2011
"{0E57595A-1716-772F-7D63-F3C103F1F91F}" = Catalyst Control Center Graphics Previews Vista
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6510DW
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{251FA85A-AA1A-40D7-8110-4AA7797CC96C}" = Brother HL-5240
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{364687E1-D0CC-4B91-B310-6C5ED28C1031}" = Nero 8
"{38BEAE84-C96E-9909-FAB7-09F4965BC1CA}" = ccc-core-static
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5A53E6-3CBE-44D7-91AD-2E535348484F}" = ccc-Branding
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.0.1.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5CF6F512-2B1E-4293-BE5A-358FFE647E94}" = Catalyst Control Center Graphics Full New
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65B2875E-2D94-E907-C0C6-FB9A1FC2160E}" = Catalyst Control Center Graphics Light
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AAC9EC1-79B8-E67C-0A6C-0DA06048A6EF}" = Catalyst Control Center Graphics Full Existing
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85302BFB-5198-CE39-D87E-813BBA60B497}" = Catalyst Control Center Core Implementation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975F9216-2EDB-4D81-814D-6D00AC68DC85}" = MP3 Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA095606-7801-BB46-894A-8871BCDBACFB}" = ccc-utility
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFD25854-438C-D36D-6495-4DC03492AFE9}" = Skins
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BBD04134-8CAB-C8FD-2C1C-D099B3FA8BB8}" = Fiat eco:Drive
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5EE9880-8165-B586-CC43-C4E8EA577C96}" = Catalyst Control Center Localization German
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"3D Garten Designer 9_is1" = DATA BECKER 3D Garten Designer 9
"3DJongg" = 3DJongg
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AskTBar Uninstall" = Ask Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BudRedhead" = BudRedhead
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1" = Fiat eco:Drive
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.70
"Freeware.de Toolbar" = Freeware.de Toolbar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotel_is1" = Hotel
"HP-LaserJet 1018" = LaserJet 1018
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lexmark 1300 Series" = Lexmark 1300 Series
"LucasArts' Der Turm von Babel" = LucasArts' Der Turm von Babel
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Megamind" = Megamind
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NeoBall" = NeoBall
"PercussionStudio3" = PercussionStudio3
"PhotoStitch" = Canon Utilities PhotoStitch
"Pivot Stickfigure Animator_is1" = Pivot Stickfigure Animator version 2.2.6
"Pivot Stickfigure DB Toolbar" = Pivot Stickfigure DB Toolbar
"ProInst" = Intel(R) PROSet/Wireless Software
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Soccerstars" = Soccerstars
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"SuperSoli" = SuperSoli
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WISO Haushaltsbuch 2011" = WISO Haushaltsbuch 2011
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.04.2012 07:41:42 | Computer Name = notebook | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/21 13:41:42.807]: [00003144]: Unlinking WIA item
tree
Error - 21.04.2012 07:41:42 | Computer Name = notebook | Source = Brother BrLog | ID = 1001
Description = WIA BrtWIA: [2012/04/21 13:41:42.807]: [00003144]: Releasing IDrvItemRoot
interface
Error - 21.04.2012 10:57:24 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul MSVCR80.dll, Version 8.0.50727.6195, Zeitstempel
0x4dcddbf3, Ausnahmecode 0xc0000409, Fehleroffset 0x0000bde7, Prozess-ID 0x9f8,
Anwendungsstartzeit 01cd1fcf08a2051b.
Error - 21.04.2012 14:34:00 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x0c0c0c0c, Prozess-ID 0x8e8, Anwendungsstartzeit
01cd1fed3afe6fc9.
Error - 24.04.2012 03:22:33 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x27132713, Prozess-ID 0x954, Anwendungsstartzeit
01cd21ead1f19ebe.
Error - 24.04.2012 03:28:04 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
0x4c6a9898, fehlerhaftes Modul lxdccomc.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x45a50aec, Ausnahmecode 0xc0000005, Fehleroffset 0x65064150, Prozess-ID 0xcc, Anwendungsstartzeit
01cd21eacabcd51e.
Error - 29.04.2012 14:06:39 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, Ausnahmecode 0xc0000005, Fehleroffset 0x000c463c, Prozess-ID 0x8e8,
Anwendungsstartzeit 01cd2632c8058bb6.
Error - 01.05.2012 09:32:57 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, Ausnahmecode 0xc0000005, Fehleroffset 0x000c463c, Prozess-ID 0x8bc,
Anwendungsstartzeit 01cd279ee28361b0.
Error - 01.05.2012 12:42:31 | Computer Name = notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
0x47c6bd1b, Ausnahmecode 0xc0000005, Fehleroffset 0x000c463c, Prozess-ID 0x940,
Anwendungsstartzeit 01cd27b9629da2c0.
Error - 03.05.2012 13:22:44 | Computer Name = notebook | Source = Perflib | ID = 1010
Description =
[ System Events ]
Error - 11.05.2012 14:48:05 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.05.2012 14:48:55 | Computer Name = notebook | Source = DCOM | ID = 10010
Description =
Error - 11.05.2012 14:50:50 | Computer Name = notebook | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.20 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 11.05.2012 14:50:49 | Computer Name = notebook | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description =
Error - 11.05.2012 14:50:49 | Computer Name = notebook | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 11.05.2012 14:50:54 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 11.05.2012 14:55:52 | Computer Name = notebook | Source = DCOM | ID = 10010
Description =
Error - 12.05.2012 01:53:45 | Computer Name = notebook | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 12.05.2012 01:53:48 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 12.05.2012 01:53:48 | Computer Name = notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
viele Grüße annascott10 |
|
12.05.2012, 20:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | habe mir evtl. Trojaner eingefangen Das ist nur Extras-Log, wichtiger wäre das Log OTL.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2012, 21:22
| #11 |
| | habe mir evtl. Trojaner eingefangen oh, bitte um Entschuldigung, hier das Log.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2012 08:13:29 - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\christiane\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 63,07% Memory free 4,23 Gb Paging File | 3,46 Gb Available in Paging File | 81,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,96 Gb Total Space | 59,20 Gb Free Space | 43,22% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,83 Gb Free Space | 58,30% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: christiane | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.12 08:09:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\christiane\Desktop\OTL.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.12.08 03:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.04.20 18:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCcUxSys.exe PRC - [2011.04.20 18:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\ControlCenter4\BrCtrlCntr.exe PRC - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2009.11.11 17:20:04 | 001,468,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2009.01.08 17:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe PRC - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.03.10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.02.22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.09.13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.02.13 01:56:38 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe ========== Modules (No Company Name) ========== MOD - [2012.04.14 10:18:21 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll MOD - [2012.04.14 10:18:00 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll MOD - [2012.04.14 10:17:54 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll MOD - [2012.04.14 10:17:45 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll MOD - [2012.04.14 10:17:40 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll MOD - [2012.04.03 10:52:11 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll MOD - [2012.04.03 10:50:09 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll MOD - [2012.04.03 10:49:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll MOD - [2012.03.31 18:32:33 | 000,311,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ef962b32a187e01f68119920fd143b62\PresentationFramework.Classic.ni.dll MOD - [2012.03.31 18:32:03 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll MOD - [2012.03.31 18:32:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll MOD - [2012.03.31 18:31:53 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll MOD - [2012.03.31 18:31:45 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll MOD - [2011.12.28 15:47:44 | 000,115,137 | ---- | M] () -- C:\Users\christiane\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll MOD - [2011.12.08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2007.03.14 21:54:58 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2012.04.28 21:55:10 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.01.08 17:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.09.13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.02.13 01:56:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device) SRV - [2006.11.07 14:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.08 17:25:00 | 000,647,242 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.12 07:53:28 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F80ADBA7-B532-4072-9E70-AA73E2F41250}\MpKsld8a86adc.sys -- (MpKsld8a86adc) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2011.10.27 03:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.11.11 17:20:44 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2009.04.10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.04.07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.09.13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.03.14 22:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.03.14 22:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2006.11.21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.11.20 21:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.20 21:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.20 21:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.12 01:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.10.30 19:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006.08.17 16:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Programme\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6070328 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD} IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Pivot Stickfigure DB Toolbar\tbhelper.dll () IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=466fc1dd0000000000000019d2afcf67 IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD}?q={searchTerms} IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {8A6C82A1-F6C9-481a-AAE7-C96444C9A754}:5.1.1 FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=466fc1dd0000000000000019d2afcf67&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.28 21:55:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.14 10:03:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.29 12:28:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de [2011.11.12 20:44:13 | 000,000,000 | ---D | M] [2011.03.03 12:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Extensions [2011.03.03 12:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 18:33:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions [2011.09.12 15:29:40 | 000,000,000 | ---D | M] (Pivot Stickfigure DB Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2012.05.01 15:41:48 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012.04.25 09:29:33 | 000,000,000 | ---D | M] (ST Deutsch FF Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c} [2010.06.04 20:53:16 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} [2011.11.12 20:44:13 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de [2011.09.12 19:39:29 | 000,002,390 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\searchplugins\search.xml [2012.01.04 12:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.24 20:24:06 | 000,120,021 | ---- | M] () (No name found) -- C:\USERS\CHRISTIANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TARGZZK9.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}.XPI [2011.10.30 22:13:09 | 000,083,513 | ---- | M] () (No name found) -- C:\USERS\CHRISTIANE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TARGZZK9.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI [2012.04.28 21:55:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll [2012.02.29 17:16:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.01 19:57:26 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.02.29 17:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.29 17:16:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.29 17:16:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.29 17:16:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.29 17:16:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll () O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [] File not found O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74180B9D-4325-4375-B124-6754C804FE10}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF72832B-A5A7-4B75-BA07-02441BA8F9C5}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img30.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img30.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software ) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^w98Eject.lnk - C:\Windows\system\w98eject.exe - (Sigmatel) MsConfig - StartUpFolder: C:^Users^christiane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - (ATI Technologies Inc.) MsConfig - StartUpFolder: C:^Users^christiane^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) MsConfig - StartUpReg: lxdcamon - hkey= - key= - C:\Program Files\Lexmark 1300 Series\lxdcamon.exe (Lexmark) MsConfig - StartUpReg: LXDCCATS - hkey= - key= - File not found MsConfig - StartUpReg: lxdcmon.exe - hkey= - key= - File not found MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - File not found MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.12 08:09:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\christiane\Desktop\OTL.exe [2012.05.05 14:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.05 09:43:59 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2012.05.03 18:36:40 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Malwarebytes [2012.05.03 18:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.03 18:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.03 18:36:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.03 18:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.05.01 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.05.01 19:50:15 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Local\InstallShare [2012.05.01 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012.05.01 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Local\Babylon [2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Babylon [2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.04.28 21:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.04.28 21:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.04.21 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\christiane\Pictures\Documents\Nero Home [2012.04.21 16:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.12 08:09:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\christiane\Desktop\OTL.exe [2012.05.12 07:52:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.12 07:52:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.12 07:52:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.12 07:52:35 | 2145,849,344 | -HS- | M] () -- C:\hiberfil.sys [2012.05.11 16:48:12 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{55B7EC2A-7BCD-4545-840D-5D7C2EAA37B6}.job [2012.05.05 09:44:04 | 000,000,662 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.04 19:50:53 | 000,640,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.04 19:50:53 | 000,606,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.04 19:50:53 | 000,131,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.04 19:50:53 | 000,108,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.03 19:06:22 | 000,000,000 | ---- | M] () -- C:\Users\christiane\defogger_reenable [2012.05.01 19:57:29 | 000,000,474 | ---- | M] () -- C:\user.js [2012.04.30 09:19:49 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.04.21 17:01:33 | 000,001,024 | ---- | M] () -- C:\Users\christiane\.rnd [2012.04.21 16:52:28 | 000,002,542 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2012.04.21 16:52:28 | 000,002,422 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk [2012.04.21 16:09:29 | 000,000,680 | ---- | M] () -- C:\Users\christiane\AppData\Local\d3d9caps.dat [2012.04.21 16:09:27 | 000,061,952 | ---- | M] () -- C:\Users\christiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.03 19:06:22 | 000,000,000 | ---- | C] () -- C:\Users\christiane\defogger_reenable [2012.05.03 18:36:35 | 000,000,662 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.03 18:31:18 | 000,000,406 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{55B7EC2A-7BCD-4545-840D-5D7C2EAA37B6}.job [2012.05.01 19:03:23 | 000,000,474 | ---- | C] () -- C:\user.js [2012.04.30 09:19:47 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.04.21 16:52:28 | 000,002,542 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2012.04.21 16:52:28 | 000,002,422 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk [2012.01.12 19:23:45 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2012.01.12 18:57:26 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI [2012.01.12 18:54:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.23 19:16:06 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.06.23 19:16:06 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.04.09 18:10:35 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI [2011.01.30 17:31:54 | 000,000,248 | ---- | C] () -- C:\Windows\Brownie.ini [2011.01.30 17:31:54 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.01.30 17:31:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2011.01.30 17:31:54 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.01.30 17:31:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.30 17:31:40 | 000,000,054 | ---- | C] () -- C:\Windows\System32\bd5240.dat [2010.06.03 09:17:38 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.05.31 21:57:56 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat [2010.05.29 14:56:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.05.29 14:55:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.05.29 14:55:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2011.12.05 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Amazon [2012.05.01 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Babylon [2011.01.01 12:50:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Buhl Data Service GmbH [2012.01.12 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Canneverbe Limited [2011.06.23 17:23:08 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1 [2012.01.12 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ControlCenter4 [2010.05.31 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\DonationCoder [2010.05.29 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\IrfanView [2008.04.05 21:23:52 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Lexmark Imaging Studio [2010.05.29 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\local [2007.05.12 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\MAGIX [2011.06.23 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PC Suite [2007.03.31 17:52:18 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PeerNetworking [2010.11.29 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ProtectDisc [2011.12.28 10:55:45 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Samsung [2008.01.06 12:56:20 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\T-Online [2011.12.28 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Temp [2011.03.03 12:27:36 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Thunderbird [2012.05.11 20:55:54 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.05.11 16:48:12 | 000,000,406 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{55B7EC2A-7BCD-4545-840D-5D7C2EAA37B6}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.01.14 22:36:10 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Adobe [2007.05.13 15:12:22 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\AdobeUM [2011.12.05 16:54:41 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Amazon [2007.03.30 17:34:58 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ATI [2012.05.01 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Babylon [2011.01.30 17:36:47 | 000,000,000 | R--D | M] -- C:\Users\christiane\AppData\Roaming\Brother [2011.01.01 12:50:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Buhl Data Service GmbH [2012.01.12 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Canneverbe Limited [2011.06.23 17:23:08 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1 [2012.01.12 19:04:07 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ControlCenter4 [2010.05.30 12:24:03 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Corel [2011.02.27 17:36:16 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\CyberLink [2010.05.31 21:57:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\DonationCoder [2007.03.30 20:18:43 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Google [2007.03.31 17:22:44 | 000,000,000 | -H-D | M] -- C:\Users\christiane\AppData\Roaming\GTek [2007.03.30 17:34:05 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Identities [2012.01.12 18:52:31 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\InstallShield [2010.06.03 09:44:41 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Intel [2010.05.29 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\IrfanView [2008.04.05 21:23:52 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Lexmark Imaging Studio [2010.05.29 20:57:21 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\local [2007.03.31 17:23:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Macromedia [2007.05.12 20:45:55 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\MAGIX [2012.05.03 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Media Center Programs [2012.01.14 22:36:10 | 000,000,000 | --SD | M] -- C:\Users\christiane\AppData\Roaming\Microsoft [2010.05.29 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Mozilla [2011.11.12 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Nero [2011.06.23 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PC Suite [2007.03.31 17:52:18 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\PeerNetworking [2010.11.29 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ProtectDisc [2007.03.30 20:55:37 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Roxio [2011.12.28 10:55:45 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Samsung [2008.01.06 12:56:20 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\T-Online [2011.12.28 22:38:56 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Temp [2011.03.03 12:27:36 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\Thunderbird [2010.05.29 20:36:26 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\WinRAR [2012.04.15 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\christiane\AppData\Roaming\ZoomBrowser EX < %APPDATA%\*.exe /s > [2008.03.24 19:46:17 | 000,327,437 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\CIP\TransferAgentSetup.exe [2010.06.03 09:22:51 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{05BCCA33-61E7-5FFD-2661-77E4E09F6960}\ARPPRODUCTICON.exe [2010.06.03 09:22:49 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{0E57595A-1716-772F-7D63-F3C103F1F91F}\ARPPRODUCTICON.exe [2010.06.03 09:20:04 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}\ARPPRODUCTICON.exe [2010.06.03 09:20:04 | 000,009,158 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{4F5A53E6-3CBE-44D7-91AD-2E535348484F}\NewShortcut1_45160C5661F6468DA5B09FAE2C3E68D6.exe [2010.06.03 09:22:54 | 000,010,134 | R--- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Installer\{D5EE9880-8165-B586-CC43-C4E8EA577C96}\ARPPRODUCTICON.exe [2012.05.01 20:12:02 | 123,071,328 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Microsoft\Windows\Templates\setup_11.0.0.1245.x01_2012_03_02_13_06.exe [2011.11.02 17:51:52 | 000,928,656 | ---- | M] (Samsung) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.11.02 17:51:56 | 000,278,928 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.11.02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.10.31 12:23:28 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.10.31 12:23:28 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.10.31 12:23:28 | 000,690,688 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.11.02 17:51:58 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.10.31 12:23:12 | 000,106,408 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2011.10.31 12:23:12 | 000,101,288 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2011.11.02 17:52:04 | 000,131,984 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.11.02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.11.02 17:52:08 | 003,571,576 | ---- | M] (Freeware) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.11.02 17:52:10 | 000,391,568 | ---- | M] (ml) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2011.12.08 03:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\christiane\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe [2011.06.23 19:19:13 | 003,707,904 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\christiane\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys [2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2007.03.28 05:13:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.03.28 05:14:23 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.03.28 05:14:23 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.03.28 05:14:23 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.04.17 18:47:23 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.04.17 18:47:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\christiane\Desktop\Microsoft Office:Roxio EMC Stream < End of report > Grüße, annascott10 |
|
12.05.2012, 21:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | habe mir evtl. Trojaner eingefangen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD}
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Pivot Stickfigure DB Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=466fc1dd0000000000000019d2afcf67
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/pivotstickfigure/{322D003F-CBD3-476F-BFEB-91CCF64D82DD}?q={searchTerms}
IE - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=466fc1dd0000000000000019d2afcf67&q="
[2012.05.01 15:41:48 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.04.25 09:29:33 | 000,000,000 | ---D | M] (ST Deutsch FF Community Toolbar) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.06.04 20:53:16 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011.11.12 20:44:13 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de
[2011.09.12 19:39:29 | 000,002,390 | ---- | M] () -- C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\searchplugins\search.xml
[2012.05.01 19:57:26 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.05.01 19:57:26 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.29 17:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Pivot Stickfigure DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-21-2351911142-1678405194-1723348831-1000..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.05.01 19:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.05.01 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Local\Babylon
[2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\Users\christiane\AppData\Roaming\Babylon
[2012.05.01 19:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2012, 08:15
| #13 |
| | habe mir evtl. Trojaner eingefangen Hallo, hier das log: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Programme\Freeware.de\prxtbFree.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ deleted successfully.
C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2351911142-1678405194-1723348831-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
File C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ deleted successfully.
C:\Programme\Pivot Stickfigure DB Toolbar\tbhelper.dll moved successfully.
HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: secureLogin@blueimp.net:0.9.7 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?AF=109958&babsrc=adbartrp&mntrId=466fc1dd0000000000000019d2afcf67&q=" removed from keyword.URL
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\searchplugin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\modules folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\META-INF folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\defaults folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\chrome folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\searchplugin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\modules folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\META-INF folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\defaults folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\components folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}\chrome folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c} folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\skin\classic\rdr folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\skin\classic folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\skin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\zh-CN folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\uk-UA folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\pt-BR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\pl-PL folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\nl-NL folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\ko-KR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\ja-JP folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\it-IT folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\hu-HU folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\hr-HR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\fr-FR folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\es-ES folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\en-US folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale\de-DE folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\locale folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\defaults\preferences folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\defaults folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\content\rdr folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}\content folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9} folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de\chrome\content\skin folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de\chrome\content folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de\chrome folder moved successfully.
C:\Users\christiane\AppData\Roaming\mozilla\Firefox\Profiles\targzzk9.default\extensions\mail@gutscheinrausch.de folder moved successfully.
C:\Users\christiane\AppData\Roaming\Mozilla\Firefox\Profiles\targzzk9.default\searchplugins\search.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
File C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d81af43-de53-48d0-a199-42c2a226b24c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
File C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Programme\BAE\BAE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ deleted successfully.
File C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found.
File C:\Program Files\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
File C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found.
File C:\Programme\Pivot Stickfigure DB Toolbar\tbcore3.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.
File C:\Programme\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D81AF43-DE53-48D0-A199-42C2A226B24C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D81AF43-DE53-48D0-A199-42C2A226B24C}\ not found.
File C:\Programme\Softonic_Deutsch_FF\prxtbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
File C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2351911142-1678405194-1723348831-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Programme\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Users\christiane\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\christiane\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\christiane\AppData\Local\Babylon folder moved successfully.
C:\Users\christiane\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: christiane
->Temp folder emptied: 426430120 bytes
->Temporary Internet Files folder emptied: 205803118 bytes
->Java cache emptied: 780766 bytes
->FireFox cache emptied: 271310259 bytes
->Flash cache emptied: 14675 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104221500 bytes
RecycleBin emptied: 9495204667 bytes
Total Files Cleaned = 10.017,00 mb
[EMPTYFLASH]
User: All Users
User: christiane
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.3 log created on 05132012_090600
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
annascott10 |
|
13.05.2012, 15:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | habe mir evtl. Trojaner eingefangen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2012, 19:09
| #15 |
| | habe mir evtl. Trojaner eingefangen Hallo, erst einmal: vielen Dank für die Hilfe bisher... und hier nun der Report des TDSS-Killers: Code:
ATTFilter 20:00:13.0601 1400 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:00:14.0069 1400 ============================================================
20:00:14.0069 1400 Current date / time: 2012/05/13 20:00:14.0069
20:00:14.0069 1400 SystemInfo:
20:00:14.0069 1400
20:00:14.0069 1400 OS Version: 6.0.6002 ServicePack: 2.0
20:00:14.0069 1400 Product type: Workstation
20:00:14.0069 1400 ComputerName: NOTEBOOK
20:00:14.0069 1400 UserName: christiane
20:00:14.0069 1400 Windows directory: C:\Windows
20:00:14.0069 1400 System windows directory: C:\Windows
20:00:14.0069 1400 Processor architecture: Intel x86
20:00:14.0069 1400 Number of processors: 2
20:00:14.0069 1400 Page size: 0x1000
20:00:14.0069 1400 Boot type: Normal boot
20:00:14.0069 1400 ============================================================
20:00:14.0568 1400 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:00:14.0568 1400 ============================================================
20:00:14.0568 1400 \Device\Harddisk0\DR0:
20:00:14.0568 1400 MBR partitions:
20:00:14.0568 1400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
20:00:14.0568 1400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x111ED800
20:00:14.0599 1400 ============================================================
20:00:14.0662 1400 C: <-> \Device\Harddisk0\DR0\Partition1
20:00:14.0709 1400 D: <-> \Device\Harddisk0\DR0\Partition0
20:00:14.0709 1400 ============================================================
20:00:14.0709 1400 Initialize success
20:00:14.0709 1400 ============================================================
20:01:38.0418 2816 ============================================================
20:01:38.0418 2816 Scan started
20:01:38.0418 2816 Mode: Manual; SigCheck; TDLFS;
20:01:38.0418 2816 ============================================================
20:01:39.0073 2816 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
20:01:39.0307 2816 acedrv11 - ok
20:01:39.0385 2816 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:01:39.0401 2816 ACPI - ok
20:01:39.0495 2816 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:39.0510 2816 AdobeARMservice - ok
20:01:39.0588 2816 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:01:39.0619 2816 adp94xx - ok
20:01:39.0682 2816 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:01:39.0697 2816 adpahci - ok
20:01:39.0744 2816 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:01:39.0760 2816 adpu160m - ok
20:01:39.0791 2816 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:01:39.0807 2816 adpu320 - ok
20:01:39.0869 2816 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:01:39.0994 2816 AeLookupSvc - ok
20:01:40.0165 2816 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:01:40.0243 2816 AFD - ok
20:01:40.0306 2816 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
20:01:40.0306 2816 agp440 - ok
20:01:40.0399 2816 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:01:40.0415 2816 aic78xx - ok
20:01:40.0462 2816 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:01:40.0540 2816 ALG - ok
20:01:40.0571 2816 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
20:01:40.0587 2816 aliide - ok
20:01:40.0602 2816 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
20:01:40.0618 2816 amdagp - ok
20:01:40.0633 2816 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
20:01:40.0633 2816 amdide - ok
20:01:40.0665 2816 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:01:40.0727 2816 AmdK7 - ok
20:01:40.0774 2816 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:01:40.0836 2816 AmdK8 - ok
20:01:40.0883 2816 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:01:40.0914 2816 Appinfo - ok
20:01:40.0977 2816 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:01:40.0992 2816 arc - ok
20:01:41.0055 2816 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:01:41.0070 2816 arcsas - ok
20:01:41.0117 2816 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:41.0148 2816 AsyncMac - ok
20:01:41.0195 2816 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:01:41.0195 2816 atapi - ok
20:01:41.0351 2816 Ati External Event Utility (c74d9a831b523ef5a66f4f13b2ddea2e) C:\Windows\system32\Ati2evxx.exe
20:01:41.0445 2816 Ati External Event Utility - ok
20:01:41.0741 2816 atikmdag (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
20:01:41.0913 2816 atikmdag - ok
20:01:42.0178 2816 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:01:42.0225 2816 AudioEndpointBuilder - ok
20:01:42.0240 2816 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:01:42.0287 2816 Audiosrv - ok
20:01:42.0427 2816 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:01:42.0459 2816 BBSvc - ok
20:01:42.0583 2816 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
20:01:42.0646 2816 bcm4sbxp - ok
20:01:42.0693 2816 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:01:42.0755 2816 Beep - ok
20:01:42.0895 2816 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:01:42.0989 2816 BFE - ok
20:01:43.0114 2816 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:01:43.0239 2816 BITS - ok
20:01:43.0239 2816 blbdrive - ok
20:01:43.0301 2816 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:01:43.0348 2816 bowser - ok
20:01:43.0410 2816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:01:43.0473 2816 BrFiltLo - ok
20:01:43.0519 2816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:01:43.0582 2816 BrFiltUp - ok
20:01:43.0660 2816 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:01:43.0722 2816 Browser - ok
20:01:43.0785 2816 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:01:43.0863 2816 Brserid - ok
20:01:43.0878 2816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:01:43.0956 2816 BrSerWdm - ok
20:01:43.0972 2816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:01:44.0019 2816 BrUsbMdm - ok
20:01:44.0034 2816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:01:44.0112 2816 BrUsbSer - ok
20:01:44.0175 2816 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:01:44.0237 2816 BTHMODEM - ok
20:01:44.0284 2816 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:01:44.0346 2816 cdfs - ok
20:01:44.0424 2816 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:01:44.0518 2816 cdrom - ok
20:01:44.0611 2816 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:01:44.0689 2816 CertPropSvc - ok
20:01:44.0799 2816 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:01:44.0923 2816 circlass - ok
20:01:45.0064 2816 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:01:45.0095 2816 CLFS - ok
20:01:45.0204 2816 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:45.0220 2816 clr_optimization_v2.0.50727_32 - ok
20:01:45.0298 2816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:45.0329 2816 clr_optimization_v4.0.30319_32 - ok
20:01:45.0360 2816 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:01:45.0423 2816 CmBatt - ok
20:01:45.0485 2816 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
20:01:45.0501 2816 cmdide - ok
20:01:45.0547 2816 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:01:45.0579 2816 Compbatt - ok
20:01:45.0579 2816 COMSysApp - ok
20:01:45.0610 2816 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:01:45.0625 2816 crcdisk - ok
20:01:45.0657 2816 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:01:45.0766 2816 Crusoe - ok
20:01:45.0875 2816 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:01:45.0953 2816 CryptSvc - ok
20:01:46.0249 2816 DBService (48297bf3339bc56dd7d7524d7a1740aa) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
20:01:46.0265 2816 DBService ( UnsignedFile.Multi.Generic ) - warning
20:01:46.0265 2816 DBService - detected UnsignedFile.Multi.Generic (1)
20:01:46.0374 2816 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:01:46.0483 2816 DcomLaunch - ok
20:01:46.0546 2816 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:01:46.0624 2816 DfsC - ok
20:01:46.0951 2816 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:01:47.0248 2816 DFSR - ok
20:01:47.0513 2816 dg_ssudbus (d8522960163fa593694e441194a9a574) C:\Windows\system32\DRIVERS\ssudbus.sys
20:01:47.0529 2816 dg_ssudbus - ok
20:01:47.0622 2816 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:01:47.0700 2816 Dhcp - ok
20:01:47.0747 2816 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:01:47.0778 2816 disk - ok
20:01:47.0934 2816 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:01:47.0965 2816 Dnscache - ok
20:01:47.0997 2816 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:01:48.0028 2816 dot3svc - ok
20:01:48.0075 2816 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:01:48.0153 2816 DPS - ok
20:01:48.0199 2816 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:01:48.0231 2816 drmkaud - ok
20:01:48.0355 2816 DSBrokerService (01d5b95d0a12a916bbdc258629113258) C:\Program Files\DellSupport\brkrsvc.exe
20:01:48.0387 2816 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning
20:01:48.0387 2816 DSBrokerService - detected UnsignedFile.Multi.Generic (1)
20:01:48.0465 2816 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:01:48.0496 2816 DSproct ( UnsignedFile.Multi.Generic ) - warning
20:01:48.0496 2816 DSproct - detected UnsignedFile.Multi.Generic (1)
20:01:48.0527 2816 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
20:01:48.0543 2816 dsunidrv ( UnsignedFile.Multi.Generic ) - warning
20:01:48.0543 2816 dsunidrv - detected UnsignedFile.Multi.Generic (1)
20:01:48.0761 2816 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:01:48.0855 2816 DXGKrnl - ok
20:01:48.0948 2816 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
20:01:49.0073 2816 e1express - ok
20:01:49.0120 2816 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:01:49.0229 2816 E1G60 - ok
20:01:49.0291 2816 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:01:49.0338 2816 EapHost - ok
20:01:49.0401 2816 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:01:49.0416 2816 Ecache - ok
20:01:49.0479 2816 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:01:49.0525 2816 ehRecvr - ok
20:01:49.0666 2816 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:01:49.0713 2816 ehSched - ok
20:01:49.0759 2816 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:01:49.0791 2816 ehstart - ok
20:01:49.0900 2816 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:01:49.0931 2816 elxstor - ok
20:01:50.0056 2816 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:01:50.0149 2816 EMDMgmt - ok
20:01:50.0227 2816 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:01:50.0290 2816 EventSystem - ok
20:01:50.0461 2816 EvtEng (f10e7aa8bdf4488e3dfa989b8e7f7c9f) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:01:50.0524 2816 EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:01:50.0524 2816 EvtEng - detected UnsignedFile.Multi.Generic (1)
20:01:50.0649 2816 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:01:50.0727 2816 exfat - ok
20:01:50.0789 2816 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:01:50.0883 2816 fastfat - ok
20:01:50.0929 2816 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:01:51.0007 2816 fdc - ok
20:01:51.0054 2816 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:01:51.0070 2816 fdPHost - ok
20:01:51.0085 2816 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:01:51.0179 2816 FDResPub - ok
20:01:51.0226 2816 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:01:51.0241 2816 FileInfo - ok
20:01:51.0273 2816 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:01:51.0304 2816 Filetrace - ok
20:01:51.0335 2816 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:01:51.0397 2816 flpydisk - ok
20:01:51.0429 2816 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:01:51.0444 2816 FltMgr - ok
20:01:51.0585 2816 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:01:51.0663 2816 FontCache - ok
20:01:51.0850 2816 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:01:51.0865 2816 FontCache3.0.0.0 - ok
20:01:51.0928 2816 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
20:01:51.0959 2816 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:01:51.0959 2816 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:01:52.0037 2816 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\Windows\system32\FsUsbExService.Exe
20:01:52.0053 2816 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
20:01:52.0053 2816 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
20:01:52.0131 2816 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:01:52.0193 2816 Fs_Rec - ok
20:01:52.0255 2816 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:01:52.0271 2816 gagp30kx - ok
20:01:52.0380 2816 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:01:52.0474 2816 gpsvc - ok
20:01:52.0614 2816 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:01:52.0677 2816 HdAudAddService - ok
20:01:52.0833 2816 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:01:52.0911 2816 HDAudBus - ok
20:01:52.0989 2816 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:01:53.0082 2816 HidBth - ok
20:01:53.0098 2816 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:01:53.0176 2816 HidIr - ok
20:01:53.0301 2816 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:01:53.0347 2816 hidserv - ok
20:01:53.0379 2816 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:01:53.0425 2816 HidUsb - ok
20:01:53.0503 2816 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:01:53.0566 2816 hkmsvc - ok
20:01:53.0613 2816 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:01:53.0628 2816 HpCISSs - ok
20:01:53.0753 2816 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:01:53.0893 2816 HSF_DPV - ok
20:01:53.0971 2816 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:01:54.0018 2816 HSXHWAZL - ok
20:01:54.0159 2816 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:01:54.0268 2816 HTTP - ok
20:01:54.0315 2816 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:01:54.0330 2816 i2omp - ok
20:01:54.0408 2816 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:01:54.0439 2816 i8042prt - ok
20:01:54.0549 2816 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:01:54.0564 2816 iaStorV - ok
20:01:54.0736 2816 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:01:54.0767 2816 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:01:54.0767 2816 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:01:55.0079 2816 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:01:55.0141 2816 idsvc - ok
20:01:55.0235 2816 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:01:55.0251 2816 iirsp - ok
20:01:55.0329 2816 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:01:55.0422 2816 IKEEXT - ok
20:01:55.0516 2816 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:01:55.0547 2816 intelide - ok
20:01:55.0547 2816 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:01:55.0594 2816 intelppm - ok
20:01:55.0719 2816 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:01:55.0812 2816 IPBusEnum - ok
20:01:55.0890 2816 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:55.0937 2816 IpFilterDriver - ok
20:01:55.0999 2816 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:01:56.0093 2816 iphlpsvc - ok
20:01:56.0093 2816 IpInIp - ok
20:01:56.0171 2816 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:01:56.0265 2816 IPMIDRV - ok
20:01:56.0405 2816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:01:56.0483 2816 IPNAT - ok
20:01:56.0545 2816 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:01:56.0608 2816 IRENUM - ok
20:01:56.0639 2816 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
20:01:56.0655 2816 isapnp - ok
20:01:56.0717 2816 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:01:56.0733 2816 iScsiPrt - ok
20:01:56.0811 2816 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:01:56.0826 2816 iteatapi - ok
20:01:56.0857 2816 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:01:56.0857 2816 iteraid - ok
20:01:56.0904 2816 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:01:56.0920 2816 kbdclass - ok
20:01:56.0935 2816 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:01:56.0982 2816 kbdhid - ok
20:01:57.0013 2816 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:01:57.0076 2816 KeyIso - ok
20:01:57.0123 2816 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:01:57.0154 2816 KSecDD - ok
20:01:57.0216 2816 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:01:57.0294 2816 KtmRm - ok
20:01:57.0341 2816 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:01:57.0403 2816 LanmanServer - ok
20:01:57.0466 2816 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:01:57.0513 2816 LanmanWorkstation - ok
20:01:57.0575 2816 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:01:57.0637 2816 lltdio - ok
20:01:57.0684 2816 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:01:57.0731 2816 lltdsvc - ok
20:01:57.0778 2816 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:01:57.0871 2816 lmhosts - ok
20:01:58.0012 2816 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:01:58.0027 2816 LSI_FC - ok
20:01:58.0043 2816 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:01:58.0059 2816 LSI_SAS - ok
20:01:58.0121 2816 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:01:58.0137 2816 LSI_SCSI - ok
20:01:58.0168 2816 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:01:58.0215 2816 luafv - ok
20:01:58.0230 2816 lxdc_device - ok
20:01:58.0308 2816 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:01:58.0355 2816 Mcx2Svc - ok
20:01:58.0386 2816 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:01:58.0433 2816 mdmxsdk - ok
20:01:58.0449 2816 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:01:58.0464 2816 megasas - ok
20:01:58.0527 2816 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:01:58.0573 2816 MMCSS - ok
20:01:58.0605 2816 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:01:58.0636 2816 Modem - ok
20:01:58.0651 2816 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:01:58.0698 2816 monitor - ok
20:01:58.0745 2816 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:01:58.0761 2816 mouclass - ok
20:01:58.0792 2816 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:01:58.0839 2816 mouhid - ok
20:01:58.0870 2816 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:01:58.0885 2816 MountMgr - ok
20:01:58.0979 2816 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:01:58.0995 2816 MozillaMaintenance - ok
20:01:59.0073 2816 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
20:01:59.0104 2816 MpFilter - ok
20:01:59.0182 2816 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:01:59.0197 2816 mpio - ok
20:01:59.0447 2816 MpKslb963e87b (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AB8369A-A122-47DF-8C58-1A616094F8C6}\MpKslb963e87b.sys
20:01:59.0463 2816 MpKslb963e87b - ok
20:01:59.0634 2816 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:01:59.0681 2816 mpsdrv - ok
20:01:59.0790 2816 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:01:59.0853 2816 MpsSvc - ok
20:01:59.0931 2816 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:01:59.0946 2816 Mraid35x - ok
20:01:59.0977 2816 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:02:00.0024 2816 MRxDAV - ok
20:02:00.0087 2816 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:02:00.0165 2816 mrxsmb - ok
20:02:00.0227 2816 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:02:00.0274 2816 mrxsmb10 - ok
20:02:00.0289 2816 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:02:00.0305 2816 mrxsmb20 - ok
20:02:00.0367 2816 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
20:02:00.0383 2816 msahci - ok
20:02:00.0414 2816 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:02:00.0445 2816 msdsm - ok
20:02:00.0555 2816 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:02:00.0617 2816 MSDTC - ok
20:02:00.0648 2816 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:02:00.0711 2816 Msfs - ok
20:02:00.0789 2816 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:02:00.0804 2816 msisadrv - ok
20:02:00.0835 2816 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:02:00.0882 2816 MSiSCSI - ok
20:02:00.0882 2816 msiserver - ok
20:02:00.0929 2816 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:02:00.0991 2816 MSKSSRV - ok
20:02:01.0116 2816 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:02:01.0132 2816 MsMpSvc - ok
20:02:01.0163 2816 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:02:01.0225 2816 MSPCLOCK - ok
20:02:01.0241 2816 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:02:01.0335 2816 MSPQM - ok
20:02:01.0397 2816 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:02:01.0428 2816 MsRPC - ok
20:02:01.0459 2816 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:02:01.0475 2816 mssmbios - ok
20:02:01.0522 2816 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:02:01.0584 2816 MSTEE - ok
20:02:01.0584 2816 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:02:01.0615 2816 Mup - ok
20:02:01.0678 2816 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:02:01.0756 2816 napagent - ok
20:02:01.0787 2816 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:02:01.0849 2816 NativeWifiP - ok
20:02:01.0943 2816 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:02:02.0037 2816 NDIS - ok
20:02:02.0083 2816 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:02:02.0115 2816 NdisTapi - ok
20:02:02.0130 2816 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:02:02.0208 2816 Ndisuio - ok
20:02:02.0286 2816 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:02:02.0333 2816 NdisWan - ok
20:02:02.0364 2816 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:02:02.0442 2816 NDProxy - ok
20:02:02.0848 2816 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:02:02.0926 2816 Nero BackItUp Scheduler 3 - ok
20:02:02.0973 2816 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:02:03.0051 2816 NetBIOS - ok
20:02:03.0113 2816 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:02:03.0160 2816 netbt - ok
20:02:03.0191 2816 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:02:03.0222 2816 Netlogon - ok
20:02:03.0363 2816 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:02:03.0425 2816 Netman - ok
20:02:03.0503 2816 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:02:03.0581 2816 netprofm - ok
20:02:03.0893 2816 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:03.0909 2816 NetTcpPortSharing - ok
20:02:04.0283 2816 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:02:04.0439 2816 NETw3v32 - ok
20:02:04.0938 2816 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:02:05.0110 2816 NETw4v32 - ok
20:02:05.0297 2816 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:02:05.0313 2816 nfrd960 - ok
20:02:05.0391 2816 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:02:05.0406 2816 NisDrv - ok
20:02:05.0515 2816 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
20:02:05.0531 2816 NisSrv - ok
20:02:05.0593 2816 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:02:05.0656 2816 NlaSvc - ok
20:02:05.0937 2816 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:02:06.0015 2816 NMIndexingService - ok
20:02:06.0077 2816 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:02:06.0155 2816 Npfs - ok
20:02:06.0186 2816 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:02:06.0249 2816 nsi - ok
20:02:06.0264 2816 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:02:06.0311 2816 nsiproxy - ok
20:02:06.0529 2816 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:02:06.0623 2816 Ntfs - ok
20:02:06.0701 2816 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:02:06.0748 2816 ntrigdigi - ok
20:02:06.0810 2816 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:02:06.0841 2816 Null - ok
20:02:06.0935 2816 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:02:06.0951 2816 nvraid - ok
20:02:06.0966 2816 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:02:06.0982 2816 nvstor - ok
20:02:07.0044 2816 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
20:02:07.0060 2816 nv_agp - ok
20:02:07.0060 2816 NwlnkFlt - ok
20:02:07.0075 2816 NwlnkFwd - ok
20:02:07.0294 2816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:02:07.0325 2816 odserv - ok
20:02:07.0387 2816 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:02:07.0434 2816 ohci1394 - ok
20:02:07.0512 2816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:02:07.0528 2816 ose - ok
20:02:07.0606 2816 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:07.0746 2816 p2pimsvc - ok
20:02:07.0762 2816 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:07.0840 2816 p2psvc - ok
20:02:07.0902 2816 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:02:07.0996 2816 Parport - ok
20:02:08.0058 2816 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:02:08.0074 2816 partmgr - ok
20:02:08.0105 2816 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:02:08.0199 2816 Parvdm - ok
20:02:08.0230 2816 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:02:08.0292 2816 PcaSvc - ok
20:02:08.0386 2816 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:02:08.0448 2816 pccsmcfd - ok
20:02:08.0511 2816 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:02:08.0542 2816 pci - ok
20:02:08.0557 2816 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\DRIVERS\pciide.sys
20:02:08.0573 2816 pciide - ok
20:02:08.0604 2816 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:02:08.0620 2816 pcmcia - ok
20:02:08.0745 2816 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:02:08.0838 2816 PEAUTH - ok
20:02:09.0119 2816 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:02:09.0228 2816 pla - ok
20:02:09.0447 2816 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
20:02:09.0493 2816 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:02:09.0493 2816 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:02:09.0556 2816 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:02:09.0603 2816 PlugPlay - ok
20:02:09.0727 2816 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:09.0790 2816 PNRPAutoReg - ok
20:02:09.0805 2816 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:02:09.0868 2816 PNRPsvc - ok
20:02:09.0961 2816 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
20:02:09.0977 2816 Point32 - ok
20:02:10.0117 2816 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:02:10.0211 2816 PolicyAgent - ok
20:02:10.0305 2816 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:02:10.0383 2816 PptpMiniport - ok
20:02:10.0507 2816 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:02:10.0585 2816 Processor - ok
20:02:10.0679 2816 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:02:10.0741 2816 ProfSvc - ok
20:02:10.0804 2816 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:02:10.0835 2816 ProtectedStorage - ok
20:02:10.0882 2816 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:02:10.0929 2816 PSched - ok
20:02:11.0163 2816 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:02:11.0287 2816 ql2300 - ok
20:02:11.0365 2816 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:02:11.0397 2816 ql40xx - ok
20:02:11.0475 2816 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:02:11.0537 2816 QWAVE - ok
20:02:11.0631 2816 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:02:11.0693 2816 QWAVEdrv - ok
20:02:12.0005 2816 R300 (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
20:02:12.0114 2816 R300 - ok
20:02:12.0348 2816 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:02:12.0395 2816 RasAcd - ok
20:02:12.0426 2816 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:02:12.0504 2816 RasAuto - ok
20:02:12.0567 2816 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:02:12.0629 2816 Rasl2tp - ok
20:02:12.0707 2816 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:02:12.0738 2816 RasMan - ok
20:02:12.0894 2816 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:02:12.0910 2816 RasPppoe - ok
20:02:12.0925 2816 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:02:12.0941 2816 RasSstp - ok
20:02:12.0972 2816 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:02:13.0003 2816 rdbss - ok
20:02:13.0113 2816 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:02:13.0175 2816 RDPCDD - ok
20:02:13.0269 2816 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
20:02:13.0300 2816 rdpdr - ok
20:02:13.0331 2816 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:02:13.0393 2816 RDPENCDD - ok
20:02:13.0456 2816 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:02:13.0487 2816 RDPWD - ok
20:02:13.0752 2816 RegSrvc (7274bd434b6165baa382bdd87f6ca4ce) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:02:13.0799 2816 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:02:13.0799 2816 RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:02:13.0861 2816 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:02:13.0955 2816 RemoteAccess - ok
20:02:14.0017 2816 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:02:14.0049 2816 RemoteRegistry - ok
20:02:14.0080 2816 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:02:14.0095 2816 rimmptsk - ok
20:02:14.0127 2816 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:02:14.0189 2816 rimsptsk - ok
20:02:14.0220 2816 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:02:14.0314 2816 rismxdp - ok
20:02:14.0345 2816 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:02:14.0376 2816 RpcLocator - ok
20:02:14.0485 2816 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:02:14.0579 2816 RpcSs - ok
20:02:14.0641 2816 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:02:14.0719 2816 rspndr - ok
20:02:14.0797 2816 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:02:14.0844 2816 SamSs - ok
20:02:14.0938 2816 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:02:14.0969 2816 sbp2port - ok
20:02:15.0031 2816 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:02:15.0094 2816 SCardSvr - ok
20:02:15.0203 2816 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:02:15.0312 2816 Schedule - ok
20:02:15.0406 2816 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:02:15.0437 2816 SCPolicySvc - ok
20:02:15.0499 2816 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:02:15.0546 2816 sdbus - ok
20:02:15.0702 2816 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:02:15.0749 2816 SDRSVC - ok
20:02:15.0967 2816 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:02:15.0999 2816 SeaPort - ok
20:02:16.0030 2816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:02:16.0108 2816 secdrv - ok
20:02:16.0139 2816 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:02:16.0201 2816 seclogon - ok
20:02:16.0342 2816 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:02:16.0404 2816 SENS - ok
20:02:16.0404 2816 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:02:16.0467 2816 Serenum - ok
20:02:16.0513 2816 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:02:16.0576 2816 Serial - ok
20:02:16.0654 2816 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:02:16.0669 2816 sermouse - ok
20:02:16.0794 2816 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:02:16.0872 2816 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:02:16.0872 2816 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:02:16.0919 2816 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:02:16.0981 2816 SessionEnv - ok
20:02:17.0059 2816 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:02:17.0106 2816 sffdisk - ok
20:02:17.0169 2816 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:02:17.0262 2816 sffp_mmc - ok
20:02:17.0309 2816 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:02:17.0340 2816 sffp_sd - ok
20:02:17.0340 2816 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:02:17.0418 2816 sfloppy - ok
20:02:17.0481 2816 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:02:17.0512 2816 SharedAccess - ok
20:02:17.0621 2816 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:02:17.0652 2816 ShellHWDetection - ok
20:02:17.0683 2816 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
20:02:17.0699 2816 sisagp - ok
20:02:17.0715 2816 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:02:17.0730 2816 SiSRaid2 - ok
20:02:17.0746 2816 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:02:17.0761 2816 SiSRaid4 - ok
20:02:18.0183 2816 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:02:18.0573 2816 slsvc - ok
20:02:18.0947 2816 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:02:19.0025 2816 SLUINotify - ok
20:02:19.0072 2816 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:02:19.0134 2816 Smb - ok
20:02:19.0197 2816 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:02:19.0228 2816 SNMPTRAP - ok
20:02:19.0259 2816 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:02:19.0290 2816 spldr - ok
20:02:19.0415 2816 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:02:19.0446 2816 Spooler - ok
20:02:19.0524 2816 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:02:19.0571 2816 srv - ok
20:02:19.0633 2816 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:02:19.0680 2816 srv2 - ok
20:02:19.0711 2816 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:02:19.0758 2816 srvnet - ok
20:02:19.0789 2816 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:02:19.0883 2816 SSDPSRV - ok
20:02:19.0945 2816 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:02:19.0992 2816 SstpSvc - ok
20:02:20.0055 2816 ssudmdm (1b4052f016ba5e087689aba536a0a927) C:\Windows\system32\DRIVERS\ssudmdm.sys
20:02:20.0070 2816 ssudmdm - ok
20:02:20.0133 2816 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
20:02:20.0195 2816 STacSV - ok
20:02:20.0257 2816 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
20:02:20.0320 2816 STHDA - ok
20:02:20.0367 2816 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
20:02:20.0429 2816 StillCam - ok
20:02:20.0554 2816 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:02:20.0616 2816 stisvc - ok
20:02:20.0694 2816 stllssvr - ok
20:02:20.0741 2816 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:02:20.0772 2816 swenum - ok
20:02:20.0850 2816 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:02:20.0928 2816 swprv - ok
20:02:21.0037 2816 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:02:21.0053 2816 Symc8xx - ok
20:02:21.0084 2816 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:02:21.0100 2816 Sym_hi - ok
20:02:21.0131 2816 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:02:21.0147 2816 Sym_u3 - ok
20:02:21.0193 2816 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
20:02:21.0225 2816 SynTP - ok
20:02:21.0287 2816 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:02:21.0365 2816 SysMain - ok
20:02:21.0412 2816 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:02:21.0443 2816 TabletInputService - ok
20:02:21.0615 2816 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:02:21.0677 2816 TapiSrv - ok
20:02:21.0739 2816 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:02:21.0786 2816 TBS - ok
20:02:21.0958 2816 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
20:02:22.0051 2816 Tcpip - ok
20:02:22.0067 2816 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
20:02:22.0176 2816 Tcpip6 - ok
20:02:22.0223 2816 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
20:02:22.0285 2816 tcpipreg - ok
20:02:22.0410 2816 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:02:22.0457 2816 TDPIPE - ok
20:02:22.0504 2816 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:02:22.0551 2816 TDTCP - ok
20:02:22.0597 2816 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:02:22.0629 2816 tdx - ok
20:02:22.0707 2816 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:02:22.0722 2816 TermDD - ok
20:02:22.0800 2816 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:02:22.0894 2816 TermService - ok
20:02:22.0956 2816 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:02:22.0987 2816 Themes - ok
20:02:23.0019 2816 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:02:23.0065 2816 THREADORDER - ok
20:02:23.0190 2816 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:02:23.0268 2816 TrkWks - ok
20:02:23.0346 2816 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:02:23.0409 2816 TrustedInstaller - ok
20:02:23.0440 2816 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:23.0487 2816 tssecsrv - ok
20:02:23.0518 2816 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:02:23.0565 2816 tunmp - ok
20:02:23.0627 2816 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:02:23.0643 2816 tunnel - ok
20:02:23.0689 2816 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:02:23.0721 2816 uagp35 - ok
20:02:23.0814 2816 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:02:23.0861 2816 udfs - ok
20:02:23.0986 2816 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:02:24.0017 2816 UI0Detect - ok
20:02:24.0033 2816 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
20:02:24.0048 2816 uliagpkx - ok
20:02:24.0079 2816 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:02:24.0111 2816 uliahci - ok
20:02:24.0126 2816 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:02:24.0142 2816 UlSata - ok
20:02:24.0204 2816 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:02:24.0220 2816 ulsata2 - ok
20:02:24.0251 2816 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:02:24.0282 2816 umbus - ok
20:02:24.0345 2816 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:02:24.0423 2816 upnphost - ok
20:02:24.0657 2816 UPnPService (2f791a77655e6f61a21482f200c3864d) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:02:24.0719 2816 UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:02:24.0719 2816 UPnPService - detected UnsignedFile.Multi.Generic (1)
20:02:24.0813 2816 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:24.0844 2816 usbccgp - ok
20:02:24.0922 2816 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:02:25.0031 2816 usbcir - ok
20:02:25.0062 2816 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:02:25.0093 2816 usbehci - ok
20:02:25.0156 2816 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:02:25.0218 2816 usbhub - ok
20:02:25.0249 2816 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:02:25.0374 2816 usbohci - ok
20:02:25.0437 2816 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:02:25.0483 2816 usbprint - ok
20:02:25.0546 2816 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:02:25.0577 2816 USBSTOR - ok
20:02:25.0655 2816 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:02:25.0671 2816 usbuhci - ok
20:02:25.0749 2816 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:02:25.0795 2816 UxSms - ok
20:02:25.0858 2816 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:02:25.0967 2816 vds - ok
20:02:26.0014 2816 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:26.0076 2816 vga - ok
20:02:26.0123 2816 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:02:26.0170 2816 VgaSave - ok
20:02:26.0201 2816 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
20:02:26.0217 2816 viaagp - ok
20:02:26.0248 2816 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:02:26.0295 2816 ViaC7 - ok
20:02:26.0341 2816 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
20:02:26.0357 2816 viaide - ok
20:02:26.0404 2816 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:02:26.0404 2816 volmgr - ok
20:02:26.0482 2816 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:02:26.0497 2816 volmgrx - ok
20:02:26.0544 2816 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:02:26.0560 2816 volsnap - ok
20:02:26.0591 2816 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:02:26.0607 2816 vsmraid - ok
20:02:26.0794 2816 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:02:26.0903 2816 VSS - ok
20:02:26.0950 2816 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:02:27.0012 2816 W32Time - ok
20:02:27.0121 2816 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:02:27.0215 2816 WacomPen - ok
20:02:27.0340 2816 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:02:27.0387 2816 Wanarp - ok
20:02:27.0387 2816 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:02:27.0418 2816 Wanarpv6 - ok
20:02:27.0527 2816 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:02:27.0621 2816 wcncsvc - ok
20:02:27.0761 2816 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:02:27.0808 2816 WcsPlugInService - ok
20:02:27.0870 2816 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:02:27.0886 2816 Wd - ok
20:02:27.0948 2816 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:02:27.0979 2816 Wdf01000 - ok
20:02:28.0042 2816 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:02:28.0120 2816 WdiServiceHost - ok
20:02:28.0120 2816 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:02:28.0151 2816 WdiSystemHost - ok
20:02:28.0229 2816 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:02:28.0260 2816 WebClient - ok
20:02:28.0291 2816 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:02:28.0323 2816 Wecsvc - ok
20:02:28.0385 2816 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:02:28.0416 2816 wercplsupport - ok
20:02:28.0463 2816 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:02:28.0494 2816 WerSvc - ok
20:02:28.0603 2816 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:02:28.0697 2816 winachsf - ok
20:02:28.0822 2816 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:02:28.0853 2816 WinDefend - ok
20:02:28.0853 2816 WinHttpAutoProxySvc - ok
20:02:28.0962 2816 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:02:28.0978 2816 Winmgmt - ok
20:02:29.0243 2816 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:02:29.0368 2816 WinRM - ok
20:02:29.0524 2816 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
20:02:29.0571 2816 WinUSB - ok
20:02:29.0649 2816 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:02:29.0742 2816 Wlansvc - ok
20:02:29.0883 2816 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:02:29.0929 2816 WmiAcpi - ok
20:02:30.0007 2816 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:02:30.0054 2816 wmiApSrv - ok
20:02:30.0335 2816 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:02:30.0475 2816 WMPNetworkSvc - ok
20:02:30.0538 2816 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:02:30.0600 2816 WPCSvc - ok
20:02:30.0756 2816 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:02:30.0787 2816 WPDBusEnum - ok
20:02:30.0975 2816 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:02:31.0006 2816 WpdUsb - ok
20:02:31.0333 2816 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:02:31.0411 2816 WPFFontCache_v0400 - ok
20:02:31.0489 2816 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:02:31.0552 2816 ws2ifsl - ok
20:02:31.0630 2816 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:02:31.0661 2816 wscsvc - ok
20:02:31.0661 2816 WSearch - ok
20:02:31.0957 2816 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:02:32.0098 2816 wuauserv - ok
20:02:32.0285 2816 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:02:32.0332 2816 WUDFRd - ok
20:02:32.0535 2816 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:02:32.0597 2816 wudfsvc - ok
20:02:32.0628 2816 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:02:32.0675 2816 XAudio - ok
20:02:32.0737 2816 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
20:02:32.0769 2816 XAudioService - ok
20:02:32.0800 2816 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:02:33.0096 2816 \Device\Harddisk0\DR0 - ok
20:02:33.0127 2816 Boot (0x1200) (99282695dd965eb622a5b3a63e83e954) \Device\Harddisk0\DR0\Partition0
20:02:33.0127 2816 \Device\Harddisk0\DR0\Partition0 - ok
20:02:33.0127 2816 Boot (0x1200) (3afe329dacc3b6eabad337e8dd88e6d0) \Device\Harddisk0\DR0\Partition1
20:02:33.0143 2816 \Device\Harddisk0\DR0\Partition1 - ok
20:02:33.0143 2816 ============================================================
20:02:33.0143 2816 Scan finished
20:02:33.0143 2816 ============================================================
20:02:33.0159 1680 Detected object count: 12
20:02:33.0159 1680 Actual detected object count: 12
20:04:16.0181 1680 DBService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0181 1680 DBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0181 1680 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0181 1680 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0197 1680 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0197 1680 dsunidrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680 dsunidrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0197 1680 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0197 1680 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0197 1680 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0197 1680 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0197 1680 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0212 1680 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0212 1680 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0212 1680 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:04:16.0212 1680 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:04:16.0212 1680 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
annascott10 |
|
| Themen zu habe mir evtl. Trojaner eingefangen |
| anhang, anleitung, ausgeführt, befallen, checken, eingefangen, entschieden, ergebnisse, gefangen, gen, gmer, homepage, informationen, mail, malwarebytes, notebook, rechnung, stelle, troja, trojaner, upgrade, vorgehen, würde, würdet, zeichen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
