| |
| |||||||
Log-Analyse und Auswertung: Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.07.2012, 18:42
| #1 |
| | ![Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe - Standard](images/icons/icon1.gif){kind=icon} Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Hallo Zusammen, Von meinem GMX-Account wurde heute ohne mein Zutun eine Mail mit ominösem Link an alle meine Kontakte geschickt. Ich wurde darauf aufmerksam, indem ich eine Benachrichtigung erhalten habe, dass manche der Mails nicht zugestellt werden konnten (e-mail nicht aktuell, Spamschutz) Nachdem ich eine Warnung an alle Kontakte verfasst hatte, habe ich Passwörter mit Hilfe eines 2. Rechners geändert und mich auf die Suche nach dem Grund gemacht. Dabei ist Malwarebytes auf 4 Programme gestossen (csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe), die nun in der Quarantäne sind. Habe ich damit den Trojaner/Virenbefall beseitigt, oder muss ich noch weitere Schritte unternehmen? Sind Euch diese Schadprogramme bekannt? Was könnten sie noch angestellt haben, bzw. wo könnte ich mich infiziert haben? Vielen Dank für Eure Hilfe. Zu eurer Info hier das Log-file von Malwarebytes sowie OTL: ------------------------------------------------- Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 XXXLLL :: MYPC [Administrator] Schutz: Aktiviert 05.07.2012 14:11:19 mbam-log-2012-07-05 (14-11-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 742377 Laufzeit: 2 Stunde(n), 22 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\XXXLLL\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: explorer.exe,C:\Users\XXXLLL\AppData\Roaming\dwm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOG7C3U\doclhmfmarfwhmfmj[1].exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVFK2JLO\info[1].exe (Backdoor.Cycbot.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ------------------------------------------------- OTL logfile created on: 05.07.2012 18:25:35 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXLLL\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,20% Memory free 7,98 Gb Paging File | 6,12 Gb Available in Paging File | 76,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,32 Gb Total Space | 723,46 Gb Free Space | 77,68% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MYPC | User Name: XXXLLL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 18:12:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXLLL\Downloads\OTL.exe PRC - [2012.07.05 18:11:59 | 000,050,477 | ---- | M] () -- C:\Users\XXXLLL\Downloads\Defogger.exe PRC - [2012.06.30 19:24:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.12.08 20:01:36 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.11.20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.05.19 18:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.06.10 09:39:54 | 011,415,552 | ---- | M] (ZyXEL Communications Corp.) -- C:\Program Files (x86)\ZyXEL\NWD271N\NWD271N.exe PRC - [2006.10.27 19:13:54 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) -- C:\ProgramData\Simulia\Documentation\monitor.exe PRC - [2004.10.01 15:12:18 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe ========== Modules (No Company Name) ========== MOD - [2012.07.05 18:11:59 | 000,050,477 | ---- | M] () -- C:\Users\XXXLLL\Downloads\Defogger.exe MOD - [2012.06.30 19:24:41 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2008.06.10 09:39:52 | 000,413,696 | ---- | M] () -- C:\Program Files (x86)\ZyXEL\NWD271N\NICDLL.dll MOD - [2004.10.01 15:13:12 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btkeyind.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.30 19:24:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.24 11:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 14:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.08 20:01:36 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.11.20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2006.10.27 19:13:54 | 004,493,312 | ---- | M] (Expansion Programs International, Inc.) [Auto | Running] -- C:\ProgramData\Simulia\Documentation\monitor.exe -- (Texis Monitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.12.08 20:01:36 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 06:02:32 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E60x64.sys -- (L1E) DRV:64bit: - [2009.02.06 18:42:12 | 000,061,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2008.12.19 05:43:18 | 001,048,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2008.10.03 06:08:28 | 000,225,296 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.06.10 09:39:54 | 000,517,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WLANUHN.sys -- (ZY271NV64) ZyXEL 802.11n NWD271N Driver(vista) DRV:64bit: - [2008.06.10 09:39:54 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ZDCNDIS6a64.sys -- (ZDCNDIS6a64) DRV:64bit: - [2008.01.02 13:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV:64bit: - [2007.04.20 21:29:52 | 001,037,312 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CBPSp50a64.sys -- (CBPSp50a64) DRV:64bit: - [2006.11.01 00:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.06.10 09:39:54 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ZDCNDIS6a64.sys -- (ZDCNDIS6a64) DRV - [2004.10.01 14:50:26 | 000,023,271 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\btserial.sys -- (BTSERIAL) DRV - [2004.10.01 14:50:20 | 000,222,876 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\btslbcsp.sys -- (BTSLBCSP) DRV - [2004.10.01 14:48:30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\btkrnl.sys -- (BTKRNL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CE3C0FBC-2505-4E4F-BE5E-E389891E7F4D}: "URL" = hxxp://ch.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61657 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://eu.ixquick.com/deu/" FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 61657 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.06.26 12:30:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:24:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 00:01:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.05.08 19:24:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.06.26 12:30:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.30 19:24:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.21 00:01:05 | 000,000,000 | ---D | M] [2010.12.07 22:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Extensions [2010.12.07 22:49:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.04 19:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions [2011.08.28 19:56:46 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.07.23 12:44:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.10.12 23:15:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXXLLL\AppData\Roaming\mozilla\Firefox\Profiles\yh4ez24o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.30 00:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.03 00:47:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.06.30 19:24:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.30 19:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.30 19:24:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.30 19:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 19:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.30 19:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 19:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_13\bin\jp2ssv.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [conhost] C:\Users\XXXLLL\AppData\Roaming\Microsoft\conhost.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{568187EF-AD8B-4E73-8652-F830317E6289}: DhcpNameServer = 192.168.0.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BBAE320-575C-4516-AE50-32F672FDC1EE}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\widimg - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\SysWOW64\BTXPPanel.dll (Broadcom Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.18 15:47:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{c84741d2-17ac-11e1-85db-000272c3f002}\Shell - "" = AutoRun O33 - MountPoints2\{c84741d2-17ac-11e1-85db-000272c3f002}\Shell\AutoRun\command - "" = J:\SecureDataUSBDrive.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 14:09:18 | 000,000,000 | ---D | C] -- C:\Users\XXXLLL\AppData\Roaming\Malwarebytes [2012.07.05 14:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.05 14:09:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.05 14:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\XXXLLL\Desktop\*.tmp files -> C:\Users\XXXLLL\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.05 18:24:12 | 000,000,000 | ---- | M] () -- C:\Users\XXXLLL\defogger_reenable [2012.07.05 17:49:39 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:49:39 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:46:50 | 001,499,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.05 17:46:50 | 000,653,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.05 17:46:50 | 000,615,276 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.05 17:46:50 | 000,131,260 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.05 17:46:50 | 000,107,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.05 17:41:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 17:41:38 | 3214,737,408 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 17:27:18 | 004,459,849 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG_0002.pdf [2012.07.05 16:55:37 | 002,027,969 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG_0001.pdf [2012.07.05 16:20:15 | 000,348,364 | ---- | M] () -- C:\Users\XXXLLL\Desktop\IMG.pdf [2012.07.01 17:01:24 | 000,001,687 | ---- | M] () -- C:\Users\XXXLLL\Desktop\E-Finance Java.lnk [2012.06.30 19:22:26 | 513,453,698 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.14 03:33:43 | 000,473,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 00:36:42 | 000,000,000 | ---- | M] () -- C:\Users\XXXLLL\Desktop\test.stl [2012.06.13 00:10:49 | 003,741,684 | ---- | M] () -- C:\Users\XXXLLL\Desktop\frosch.stl [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\XXXLLL\Desktop\*.tmp files -> C:\Users\XXXLLL\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.05 18:24:12 | 000,000,000 | ---- | C] () -- C:\Users\XXXLLL\defogger_reenable [2012.07.05 17:27:25 | 004,459,849 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG_0002.pdf [2012.07.05 16:55:59 | 002,027,969 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG_0001.pdf [2012.07.05 16:28:18 | 000,348,364 | ---- | C] () -- C:\Users\XXXLLL\Desktop\IMG.pdf [2012.06.13 23:44:46 | 003,741,684 | ---- | C] () -- C:\Users\XXXLLL\Desktop\frosch.stl [2012.06.05 22:22:21 | 005,071,578 | ---- | C] () -- C:\Users\XXXLLL\Desktop\Girl_head.stl [2012.05.03 00:14:43 | 000,007,670 | ---- | C] () -- C:\Users\XXXLLL\AppData\Local\Resmon.ResmonCfg [2011.12.08 00:47:45 | 000,000,586 | ---- | C] () -- C:\Users\XXXLLL\.octave_hist [2011.12.07 23:05:29 | 000,000,038 | ---- | C] () -- C:\Users\XXXLLL\.lesshst [2011.06.05 22:04:16 | 000,002,736 | ---- | C] () -- C:\Users\XXXLLL\AppData\Roaming\EC7A.5A5 [2010.11.24 21:56:16 | 000,019,456 | ---- | C] () -- C:\Users\XXXLLL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.19 19:27:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.12 23:20:03 | 000,009,390 | ---- | C] () -- C:\Users\XXXLLL\abaqus_v6.8.gpr [2009.08.09 17:47:51 | 000,027,528 | ---- | C] () -- C:\Users\XXXLLL\AppData\Roaming\UserTile.png ========== LOP Check ========== [2011.05.26 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\5571918 [2009.12.29 16:32:14 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\AquaSoft [2010.09.18 16:03:11 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Autodesk [2010.02.27 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Canon [2012.01.22 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2009.12.29 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DassaultSystemes [2012.07.02 21:02:37 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoft [2011.10.12 23:15:50 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers [2010.04.15 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\GARMIN [2009.12.29 16:32:17 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\J River [2012.01.22 15:15:37 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\MAGIX [2012.05.31 23:04:46 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\MediaMonkey [2012.03.18 00:08:18 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Mobile Atlas Creator [2011.06.26 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Nokia [2011.06.26 14:02:13 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Nokia Ovi Suite [2009.12.29 16:32:55 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\OpenOffice.org [2011.05.14 22:03:02 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\PC Suite [2009.08.09 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\PeerNetworking [2010.12.07 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Thunderbird [2009.12.29 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\XXXLLL\AppData\Roaming\Ulead Systems [2012.05.26 13:00:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > --------------------------------------------------------------- OTL Extras logfile created on: 05.07.2012 18:25:35 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\XXXLLL\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,20% Memory free 7,98 Gb Paging File | 6,12 Gb Available in Paging File | 76,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,32 Gb Total Space | 723,46 Gb Free Space | 77,68% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MYPC | User Name: XXXLLL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08DC3FD4-A721-4C4F-A018-8B3AF463027D}" = rport=445 | protocol=6 | dir=out | app=system | "{2DEDED3F-6B5A-4B8F-9674-61360F271F0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{39A71540-238E-4E10-B143-1D60C06B3DA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{43F1150A-ECFF-490B-A35E-BE5E3CE31FAF}" = lport=137 | protocol=17 | dir=in | app=system | "{57C7A617-6315-4D37-9E38-79B870230DDB}" = rport=137 | protocol=17 | dir=out | app=system | "{61E6B53E-899B-4D39-ACF8-98E343A4AB5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{66713D54-401D-4336-8A22-78C8E8F75D64}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CD0235E-B18E-49B2-B78A-C50FA6D4F62A}" = rport=10243 | protocol=6 | dir=out | app=system | "{7530E86C-9E6A-498D-8891-523BB5DCF030}" = lport=2869 | protocol=6 | dir=in | app=system | "{807B303F-0460-48FF-83B8-B5A25B6D77DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C58FBE4-EA07-4284-B0EA-6279F472781F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D8CB942-34C9-4078-A4E1-B3A6022C02FA}" = rport=139 | protocol=6 | dir=out | app=system | "{A4350BC6-7363-4C33-90A3-5863CD9AE79C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A76DAB26-16E2-497F-B56A-5D2C6947C063}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{A7D9DEB4-C9DB-4377-BB69-975F9C32681D}" = lport=2869 | protocol=6 | dir=in | app=system | "{AF2D3AD0-8BEA-4FD6-89C4-CE63C0F87A6F}" = lport=445 | protocol=6 | dir=in | app=system | "{C1C27CCA-E711-405D-A5B7-C2AFF2C57957}" = lport=139 | protocol=6 | dir=in | app=system | "{C515A402-1EDF-4BC7-A009-CAAB7CC8EA3A}" = rport=138 | protocol=17 | dir=out | app=system | "{D625448D-A9CE-43D6-B202-2F0BA269FA6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D6C37273-1669-425D-A338-F72FA1E5B274}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7F9BD0D-C075-46A9-9982-B2F2EF158C23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E39AF3A7-8F7F-4EB4-A203-4BBA6B8324C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F2C48805-7A13-41CE-9203-762C27FA8EED}" = lport=138 | protocol=17 | dir=in | app=system | "{F81BBF13-29AF-4D49-ABB7-4F42AB08641D}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0587B06E-1EA2-462A-A122-708F413DE8A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{1FFE50FC-5984-43B6-ADD0-A566725FBCEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2011B51A-4A43-4F63-A8D3-CAAC36BFCC7F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{2373D966-B911-492F-97EA-607E74C76EA0}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{2A4AA3C9-09AE-43DF-9408-7F6C0BE74DAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3224AF8D-F5C1-418B-A686-8AB713369CB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4AC5DBE2-8343-4EA3-BFC9-7ECD41766D41}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{52B3DB50-6B52-466F-BF5A-FA4A990F9DE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5C2916BD-C8D0-4E5F-A9F4-ABA99F86E7C3}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{61155993-FEAA-4E0C-84D0-5A53ECB7D60E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{67027E2A-BEA6-4C2C-8968-D2502F3E51BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D8365A7-932F-4761-8C66-0F59785FDCF2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{75802EA4-8ECA-4653-80E4-03E923828A1C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{7C0BF9A9-FEB2-4011-87C3-8AFC99AB827F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7E0AD250-6A02-43B4-B6CA-11FBB7EEDD3A}" = protocol=6 | dir=out | app=system | "{8212A4E7-835D-4A8B-9402-650B2CF18119}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{839F0032-5CE5-4E99-8F6D-ADA031741610}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | "{8B30D6EC-DAD1-45BC-8B0C-EB0B1DA8CA13}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{8BC9E354-57CD-456C-88DA-D65F0076DE20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8DC7A4DD-A36A-4642-9F78-40B0A5E2699D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{90DA0958-B5E2-42C4-8674-088CCD029B73}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{989CB802-468A-496E-BB16-1ECF0A158711}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9A7896D7-E6ED-4B45-ACCD-DB0798F91979}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9F097E4D-877B-40A4-A34A-6DAA64F63CD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A130342E-3ACD-4635-A10A-F78101AD0356}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB268677-8817-49CF-BF01-7DCEDB3A9ACA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B43790F8-C62F-4158-9CAE-A999917B1AB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BA277F18-1817-40DF-A9B6-60F3972E595D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C9DC398D-A6E2-4290-8E37-4BB646C55D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{CB830483-DDF9-4D6B-A230-1804443574A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D209D572-89DC-42DD-82A2-DC1CF9D4C592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D40661D4-7A96-4627-9403-6AB1BE2E7A05}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | "{E53E010A-4AB9-4053-BF37-9D22CA854A6A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F31FF48F-F42D-4393-ACE0-1D2B78AE71CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{0F99D3BD-5C84-4D90-A15E-638964A11006}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{2022B12E-0BB8-47F3-AE5D-66341EE72E76}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | "TCP Query User{2FFB6C81-9BF0-42A8-BA63-2A572D22B6BE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{73B86D6B-8C23-4173-AE08-8F5A7A33BE10}C:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe | "TCP Query User{7CB33364-F197-40F3-8795-7F86B3B3A670}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "TCP Query User{AFC6F395-91A3-4346-8BF9-DF77FF85E9A8}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "TCP Query User{D9CF0CE9-0650-447C-848C-58FDA1C7EA17}C:\programdata\simulia\6.8-2se\exec\abq_pde.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abq_pde.exe | "TCP Query User{E88A5824-2606-483F-A86C-978E0C659832}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | "TCP Query User{EF83B80A-8F8B-48AD-AF1E-00CFC5DE5D24}C:\programdata\simulia\6.8-2se\exec\abqcaeg.exe" = protocol=6 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaeg.exe | "UDP Query User{1C92403B-B469-462D-AE26-C72CE1BAC72A}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | "UDP Query User{2C2E05B9-3FA3-483C-A217-654694D72BC6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{4108A891-FFA0-46C5-8806-0EFF0A6B675E}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "UDP Query User{486D198E-F6E9-4C9D-A505-2AB44FC0224C}C:\programdata\simulia\6.8-2se\exec\abqcaek.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaek.exe | "UDP Query User{5CFD7A5E-D6E0-4BFB-AF55-1E24872E095A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{9071AE47-7096-4430-BA4F-BDE4ABC2F157}C:\programdata\simulia\6.8-2se\exec\abqcaeg.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abqcaeg.exe | "UDP Query User{B5A87A34-7D73-4DF4-9912-1C432BACAAD0}C:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\XXXLLL\appdata\local\temp\i1250107917\windows\resource\jre\bin\javaw.exe | "UDP Query User{CB128986-834D-4A96-82AD-8682EBBFD7C7}C:\programdata\simulia\6.8-2se\exec\abq_pde.exe" = protocol=17 | dir=in | app=c:\programdata\simulia\6.8-2se\exec\abq_pde.exe | "UDP Query User{D8C46321-5020-4AE4-BF27-8EB9100C7798}C:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dassault systemes\b19\intel_a\code\bin\cnext.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{C17EE011-15A9-4542-91FA-567B0F3D123F}" = Windows Live Family Safety "{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Dassault Systemes B19_0" = Dassault Systemes Software B19 "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3ad61ee5-81d2-4d7e-adef-da1dd37277d1}" = Python 3.1 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite "{63C5DD30-4C46-4968-B96A-A3E2992769FE}" = MAGIX Screenshare "{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4 "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = WIDCOMM Bluetooth Software "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR "{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service "{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B252FEC0-C63B-4AF6-8459-D105B3E3FC70}" = MAGIX Foto Manager 10 "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b) "{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{CC7CD33C-E63D-4E73-8726-9AD3FF322409}" = Draadloze N USB adapter voorziening "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT "{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update "{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "Abaqus 6.8 Student Edition" = Abaqus 6.8 Student Edition "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Canon MP560 series Benutzerregistrierung" = Canon MP560 series Benutzerregistrierung "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Dassault Systemes Doc English B19" = Dassault Systemes Doc English CATIA P3 B19 "de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "E-Finance Java" = E-Finance Java "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Free Studio_is1" = Free Studio version 5.2.1 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12 "MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MatlabR2008b" = MATLAB R2008b "MediaMonkey_is1" = MediaMonkey 4.0 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "Nokia Ovi Suite" = Nokia Ovi Suite "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "PSPad editor_is1" = PSPad editor "SystemRequirementsLab" = System Requirements Lab "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.0 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.06.2012 06:09:46 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 25.06.2012 07:04:36 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 26.06.2012 08:51:12 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 27.06.2012 17:41:18 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 28.06.2012 17:42:51 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 30.06.2012 13:24:01 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 01.07.2012 06:39:17 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 04.07.2012 13:28:37 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 07:07:48 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 11:43:16 | Computer Name = myPC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 05.07.2012 07:06:29 | Computer Name = myPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Port Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 05.07.2012 07:06:39 | Computer Name = myPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: BTKRNL Error - 05.07.2012 07:07:27 | Computer Name = myPC | Source = DCOM | ID = 10016 Description = Error - 05.07.2012 11:41:43 | Computer Name = myPC | Source = BTHUSB | ID = 327685 Description = Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde. Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btserial.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Serial Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\btslbcsp.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 05.07.2012 11:42:02 | Computer Name = myPC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Bluetooth Port Client Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 05.07.2012 11:42:25 | Computer Name = myPC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: BTKRNL Error - 05.07.2012 11:43:22 | Computer Name = myPC | Source = DCOM | ID = 10016 Description = < End of report > |
|
05.07.2012, 19:49
| #2 |
| /// Malware-holic   | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe hi
__________________hast du den link noch, wenn ja mal als private nachicht an mich
__________________ |
|
09.07.2012, 21:36
| #3 |
| | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Hallo,
__________________Gibt es schon was neues? Grüsse Markus |
|
12.07.2012, 21:34
| #4 |
| | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe niemand? Schade... |
|
13.07.2012, 11:12
| #5 | |
| /// Malware-holic | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe hattest du mir den link gesendet? sorry antwort vom 09.07 übersehen. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.07.2012, 10:43
| #6 |
| | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Hallo Die Links habe ich dir nochmal weitergeleitet. Bitte melde dich, falls du keine Nachricht bekommen hast. Hier das Combofix.txt: Code:
ATTFilter ComboFix 12-07-13.03 - XXXLLL 14.07.2012 11:01:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4088.2698 [GMT 2:00]
ausgeführt von:: c:\users\XXXLLL\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\UA000107.DLL
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-14 bis 2012-07-14 ))))))))))))))))))))))))))))))
.
.
2012-07-14 09:12 . 2012-07-14 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 09:12 . 2012-07-14 09:12 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-07-12 22:44 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 16:18 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 16:17 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 16:17 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-08 21:26 . 2012-07-08 21:26 -------- d-----w- c:\users\XXXLLL\AppData\Roaming\AVG2012
2012-07-08 21:25 . 2012-07-08 21:25 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-08 21:23 . 2012-07-08 21:23 -------- d-----w- C:\$AVG
2012-07-08 21:23 . 2012-07-13 22:18 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-08 21:23 . 2012-07-08 21:32 -------- d-----w- c:\programdata\AVG2012
2012-07-08 21:20 . 2012-07-08 21:20 -------- d-----w- c:\program files (x86)\AVG
2012-07-08 21:15 . 2012-07-14 08:44 -------- d-----w- c:\programdata\MFAData
2012-07-08 21:15 . 2012-07-08 21:15 -------- d--h--w- c:\programdata\Common Files
2012-07-06 12:08 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C725FF10-71AB-4942-BB13-128A6A647D57}\mpengine.dll
2012-07-05 12:09 . 2012-07-05 12:09 -------- d-----w- c:\users\XXXLLL\AppData\Roaming\Malwarebytes
2012-07-05 12:09 . 2012-07-05 12:09 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 12:09 . 2012-07-05 12:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 12:09 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 17:24 . 2012-06-30 17:24 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-30 17:24 . 2012-06-30 17:24 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-22 18:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 18:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 18:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 18:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 18:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 18:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 18:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 17:51 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 17:51 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 10:52 . 2012-06-13 19:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-13 19:51 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-13 19:51 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-13 19:52 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-13 19:51 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-13 19:52 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-13 19:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-13 19:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:59 . 2012-06-13 19:51 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-13 19:51 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-13 19:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 19:51 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-13 19:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-13 19:51 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-19 02:50 . 2012-04-19 02:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2008-12-30 17713152]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\XXXLLL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows-Zubehör\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe [2004-10-1 565309]
Draadloze N USB adapter voorziening.lnk - c:\program files (x86)\ZyXEL\NWD271N\NWD271N.exe [2009-8-23 11415552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 Texis Monitor;Texis Monitor;c:\programdata\Simulia\Documentation\monitor.exe [2006-10-27 4493312]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2007-04-20 1037312]
R3 CBPSp50a64;CBPSp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50a64.sys [2006-11-28 41280]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-30 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-29 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 ZDCNDIS6a64;ZDCNDIS Protocol Driver;c:\windows\system32\ZDCNDIS6a64.sys [2008-06-10 41280]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2008-10-03 225296]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [2008-01-02 24848]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-19 1048064]
S3 ZY271NV64;ZyXEL 802.11n NWD271N Driver(vista);c:\windows\system32\DRIVERS\WLANUHN.sys [2008-06-10 517120]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avgntflt
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:61657
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\XXXLLL\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\program files (x86)\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\XXXLLL\AppData\Roaming\Mozilla\Firefox\Profiles\yh4ez24o.default\
FF - prefs.js: browser.startup.homepage - hxxp://eu.ixquick.com/deu/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 61657
FF - prefs.js: network.proxy.type - 4
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %*
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-conhost - c:\users\XXXLLL\AppData\Roaming\Microsoft\conhost.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14 11:23:32
ComboFix-quarantined-files.txt 2012-07-14 09:23
.
Vor Suchlauf: 17 Verzeichnis(se), 810.201.001.984 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 817.141.727.232 Bytes frei
.
- - End Of File - - AC0DCB38C2910AED557AD5AB67EF3E6A
Gruss und Danke |
|
14.07.2012, 14:49
| #7 |
| /// Malware-holic | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe hab ich bekommen, danke waren das alle Malwarebytes logs, falls nein, öffnen, berichte, logs mit funden posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.07.2012, 17:04
| #8 |
| | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Hallo Das ist das einzige log-file von einem Suchlauf: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 XXXLLL :: MYPC [Administrator] Schutz: Aktiviert 05.07.2012 14:11:19 mbam-log-2012-07-05 (14-11-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 742377 Laufzeit: 2 Stunde(n), 22 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Daten: C:\Users\XXXLLL\AppData\Local\Temp\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: explorer.exe,C:\Users\XXXLLL\AppData\Roaming\dwm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOG7C3U\doclhmfmarfwhmfmj[1].exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\XXXLLL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVFK2JLO\info[1].exe (Backdoor.Cycbot.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
16.07.2012, 18:39
| #9 |
| /// Malware-holic | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe nein danke download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.07.2012, 21:36
| #10 |
| | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Voilà TDSS Killer Log: Code:
ATTFilter 22:24:58.0398 1896 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
22:24:58.0538 1896 ============================================================
22:24:58.0538 1896 Current date / time: 2012/07/16 22:24:58.0538
22:24:58.0538 1896 SystemInfo:
22:24:58.0538 1896
22:24:58.0538 1896 OS Version: 6.1.7600 ServicePack: 0.0
22:24:58.0538 1896 Product type: Workstation
22:24:58.0538 1896 ComputerName: MYPC
22:24:58.0538 1896 UserName: XXXLLL
22:24:58.0538 1896 Windows directory: C:\Windows
22:24:58.0538 1896 System windows directory: C:\Windows
22:24:58.0538 1896 Running under WOW64
22:24:58.0538 1896 Processor architecture: Intel x64
22:24:58.0538 1896 Number of processors: 4
22:24:58.0538 1896 Page size: 0x1000
22:24:58.0538 1896 Boot type: Normal boot
22:24:58.0538 1896 ============================================================
22:25:00.0083 1896 Drive \Device\Harddisk0\DR0 - Size: 0xE8D4A40000 (931.32 Gb), SectorSize: 0x200, Cylinders: 0x1DAE8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:25:00.0098 1896 ============================================================
22:25:00.0098 1896 \Device\Harddisk0\DR0:
22:25:00.0098 1896 MBR partitions:
22:25:00.0098 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746A4000
22:25:00.0098 1896 ============================================================
22:25:00.0114 1896 C: <-> \Device\Harddisk0\DR0\Partition0
22:25:00.0114 1896 ============================================================
22:25:00.0114 1896 Initialize success
22:25:00.0114 1896 ============================================================
22:25:34.0653 5372 ============================================================
22:25:34.0653 5372 Scan started
22:25:34.0653 5372 Mode: Manual; SigCheck; TDLFS;
22:25:34.0653 5372 ============================================================
22:25:36.0883 5372 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:25:37.0211 5372 1394ohci - ok
22:25:37.0258 5372 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:25:37.0305 5372 ACPI - ok
22:25:37.0367 5372 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:25:37.0476 5372 AcpiPmi - ok
22:25:37.0554 5372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:25:37.0617 5372 adp94xx - ok
22:25:37.0663 5372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:25:37.0710 5372 adpahci - ok
22:25:37.0741 5372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:25:37.0773 5372 adpu320 - ok
22:25:37.0819 5372 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:25:38.0007 5372 AeLookupSvc - ok
22:25:38.0116 5372 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:25:38.0209 5372 AFD - ok
22:25:38.0256 5372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:25:38.0287 5372 agp440 - ok
22:25:38.0350 5372 ahcix64s (97dd49ccdb89a22cfcea78b29d393d87) C:\Windows\system32\DRIVERS\ahcix64s.sys
22:25:38.0443 5372 ahcix64s - ok
22:25:38.0490 5372 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:25:38.0568 5372 ALG - ok
22:25:38.0599 5372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:25:38.0631 5372 aliide - ok
22:25:38.0662 5372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:25:38.0693 5372 amdide - ok
22:25:38.0724 5372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:25:38.0787 5372 AmdK8 - ok
22:25:38.0818 5372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:25:38.0865 5372 AmdPPM - ok
22:25:38.0911 5372 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:25:38.0943 5372 amdsata - ok
22:25:38.0989 5372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:25:39.0021 5372 amdsbs - ok
22:25:39.0052 5372 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:25:39.0083 5372 amdxata - ok
22:25:39.0145 5372 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:25:39.0239 5372 AppID - ok
22:25:39.0270 5372 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:25:39.0395 5372 AppIDSvc - ok
22:25:39.0442 5372 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:25:39.0535 5372 Appinfo - ok
22:25:39.0847 5372 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:25:39.0879 5372 arc - ok
22:25:39.0910 5372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:25:39.0941 5372 arcsas - ok
22:25:39.0972 5372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:25:40.0066 5372 AsyncMac - ok
22:25:40.0081 5372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:25:40.0113 5372 atapi - ok
22:25:40.0206 5372 athrusb (4bc451a93db4915569c97fdab020e6e7) C:\Windows\system32\DRIVERS\athrxusb.sys
22:25:40.0315 5372 athrusb - ok
22:25:40.0393 5372 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:25:40.0503 5372 AudioEndpointBuilder - ok
22:25:40.0534 5372 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:25:40.0643 5372 AudioSrv - ok
22:25:41.0033 5372 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
22:25:41.0267 5372 AVGIDSAgent - ok
22:25:41.0454 5372 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:25:41.0485 5372 AVGIDSDriver - ok
22:25:41.0501 5372 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
22:25:41.0532 5372 AVGIDSFilter - ok
22:25:41.0595 5372 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
22:25:41.0626 5372 AVGIDSHA - ok
22:25:41.0688 5372 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
22:25:41.0735 5372 Avgldx64 - ok
22:25:41.0797 5372 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:25:41.0829 5372 Avgmfx64 - ok
22:25:41.0875 5372 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:25:41.0907 5372 Avgrkx64 - ok
22:25:41.0969 5372 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
22:25:42.0016 5372 Avgtdia - ok
22:25:42.0234 5372 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:25:42.0265 5372 avgwd - ok
22:25:42.0359 5372 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:25:42.0484 5372 AxInstSV - ok
22:25:42.0546 5372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:25:42.0609 5372 b06bdrv - ok
22:25:42.0655 5372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:25:42.0702 5372 b57nd60a - ok
22:25:42.0733 5372 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:25:42.0796 5372 BDESVC - ok
22:25:42.0843 5372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:25:42.0952 5372 Beep - ok
22:25:43.0030 5372 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:25:43.0186 5372 BFE - ok
22:25:43.0279 5372 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
22:25:43.0420 5372 BITS - ok
22:25:43.0498 5372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:25:43.0545 5372 blbdrive - ok
22:25:43.0576 5372 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:25:43.0638 5372 bowser - ok
22:25:43.0654 5372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:25:43.0716 5372 BrFiltLo - ok
22:25:43.0732 5372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:25:43.0763 5372 BrFiltUp - ok
22:25:43.0841 5372 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:25:43.0966 5372 BridgeMP - ok
22:25:44.0028 5372 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:25:44.0137 5372 Browser - ok
22:25:44.0200 5372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:25:44.0309 5372 Brserid - ok
22:25:44.0356 5372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:25:44.0418 5372 BrSerWdm - ok
22:25:44.0434 5372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:25:44.0512 5372 BrUsbMdm - ok
22:25:44.0527 5372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:25:44.0574 5372 BrUsbSer - ok
22:25:44.0652 5372 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:25:44.0730 5372 BthEnum - ok
22:25:44.0777 5372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:25:44.0839 5372 BTHMODEM - ok
22:25:44.0964 5372 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:25:45.0027 5372 BthPan - ok
22:25:45.0105 5372 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
22:25:45.0183 5372 BTHPORT - ok
22:25:45.0245 5372 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:25:45.0354 5372 bthserv - ok
22:25:45.0417 5372 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
22:25:45.0463 5372 BTHUSB - ok
22:25:45.0526 5372 BTKRNL - ok
22:25:45.0541 5372 BTSERIAL - ok
22:25:45.0557 5372 BTSLBCSP - ok
22:25:45.0682 5372 btwdins (ea3cbf6ec25bee3304557cee21c8819c) C:\Program Files (x86)\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:25:45.0697 5372 btwdins ( UnsignedFile.Multi.Generic ) - warning
22:25:45.0697 5372 btwdins - detected UnsignedFile.Multi.Generic (1)
22:25:45.0713 5372 catchme - ok
22:25:45.0744 5372 CBPSp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\CBPSp50a64.sys
22:25:45.0791 5372 CBPSp50a64 - ok
22:25:45.0853 5372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:25:45.0963 5372 cdfs - ok
22:25:46.0025 5372 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:25:46.0072 5372 cdrom - ok
22:25:46.0119 5372 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:25:46.0243 5372 CertPropSvc - ok
22:25:46.0321 5372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:25:46.0399 5372 circlass - ok
22:25:46.0446 5372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:25:46.0493 5372 CLFS - ok
22:25:46.0587 5372 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:25:46.0618 5372 clr_optimization_v2.0.50727_32 - ok
22:25:46.0696 5372 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:25:46.0727 5372 clr_optimization_v2.0.50727_64 - ok
22:25:46.0789 5372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:25:46.0852 5372 CmBatt - ok
22:25:46.0867 5372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:25:46.0914 5372 cmdide - ok
22:25:46.0992 5372 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
22:25:47.0117 5372 CNG - ok
22:25:47.0148 5372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:25:47.0179 5372 Compbatt - ok
22:25:47.0211 5372 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:25:47.0273 5372 CompositeBus - ok
22:25:47.0289 5372 COMSysApp - ok
22:25:47.0289 5372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:25:47.0320 5372 crcdisk - ok
22:25:47.0429 5372 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
22:25:47.0507 5372 CryptSvc - ok
22:25:47.0585 5372 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:25:47.0710 5372 DcomLaunch - ok
22:25:47.0788 5372 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:25:47.0913 5372 defragsvc - ok
22:25:47.0959 5372 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:25:48.0006 5372 DfsC - ok
22:25:48.0053 5372 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:25:48.0193 5372 Dhcp - ok
22:25:48.0225 5372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:25:48.0334 5372 discache - ok
22:25:48.0365 5372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:25:48.0396 5372 Disk - ok
22:25:48.0443 5372 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:25:48.0490 5372 Dnscache - ok
22:25:48.0537 5372 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:25:48.0661 5372 dot3svc - ok
22:25:48.0708 5372 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:25:48.0817 5372 DPS - ok
22:25:48.0895 5372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:25:48.0927 5372 drmkaud - ok
22:25:49.0020 5372 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:25:49.0083 5372 DXGKrnl - ok
22:25:49.0114 5372 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:25:49.0223 5372 EapHost - ok
22:25:49.0473 5372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:25:49.0629 5372 ebdrv - ok
22:25:49.0738 5372 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:25:49.0769 5372 EFS - ok
22:25:49.0847 5372 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:25:49.0925 5372 ehRecvr - ok
22:25:50.0128 5372 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:25:50.0190 5372 ehSched - ok
22:25:50.0455 5372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:25:50.0518 5372 elxstor - ok
22:25:50.0533 5372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:25:50.0580 5372 ErrDev - ok
22:25:50.0674 5372 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:25:50.0799 5372 EventSystem - ok
22:25:50.0861 5372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:25:50.0955 5372 exfat - ok
22:25:51.0033 5372 Fabs - ok
22:25:51.0079 5372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:25:51.0189 5372 fastfat - ok
22:25:51.0267 5372 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:25:51.0376 5372 Fax - ok
22:25:51.0407 5372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:25:51.0454 5372 fdc - ok
22:25:51.0516 5372 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:25:51.0625 5372 fdPHost - ok
22:25:51.0657 5372 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:25:51.0781 5372 FDResPub - ok
22:25:51.0828 5372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:25:51.0859 5372 FileInfo - ok
22:25:51.0891 5372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:25:51.0984 5372 Filetrace - ok
22:25:52.0187 5372 FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:25:52.0405 5372 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
22:25:52.0405 5372 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
22:25:52.0561 5372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:25:52.0624 5372 flpydisk - ok
22:25:52.0702 5372 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:25:52.0749 5372 FltMgr - ok
22:25:52.0842 5372 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
22:25:52.0936 5372 FontCache - ok
22:25:53.0045 5372 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:25:53.0061 5372 FontCache3.0.0.0 - ok
22:25:53.0123 5372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:25:53.0154 5372 FsDepends - ok
22:25:53.0185 5372 fssfltr (0e330639b19feb8de20b685576d9bf9d) C:\Windows\system32\DRIVERS\fssfltr.sys
22:25:53.0217 5372 fssfltr - ok
22:25:53.0295 5372 fsssvc (9b1622ebeb31b3411b13382ffcb8737d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:25:53.0357 5372 fsssvc - ok
22:25:53.0388 5372 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:25:53.0435 5372 Fs_Rec - ok
22:25:53.0513 5372 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:25:53.0560 5372 fvevol - ok
22:25:53.0638 5372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:25:53.0685 5372 gagp30kx - ok
22:25:53.0778 5372 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:25:53.0856 5372 gpsvc - ok
22:25:53.0887 5372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:25:53.0950 5372 hcw85cir - ok
22:25:53.0981 5372 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:25:54.0028 5372 HDAudBus - ok
22:25:54.0059 5372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:25:54.0121 5372 HidBatt - ok
22:25:54.0199 5372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:25:54.0262 5372 HidBth - ok
22:25:54.0309 5372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:25:54.0340 5372 HidIr - ok
22:25:54.0371 5372 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:25:54.0496 5372 hidserv - ok
22:25:54.0543 5372 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:25:54.0589 5372 HidUsb - ok
22:25:54.0667 5372 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:25:54.0761 5372 hkmsvc - ok
22:25:54.0792 5372 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:25:54.0855 5372 HomeGroupListener - ok
22:25:54.0917 5372 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:25:54.0964 5372 HomeGroupProvider - ok
22:25:55.0011 5372 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:25:55.0042 5372 HpSAMD - ok
22:25:55.0151 5372 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:25:55.0291 5372 HTTP - ok
22:25:55.0307 5372 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:25:55.0338 5372 hwpolicy - ok
22:25:55.0401 5372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:25:55.0432 5372 i8042prt - ok
22:25:55.0900 5372 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:25:55.0947 5372 iaStorV - ok
22:25:56.0103 5372 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:25:56.0165 5372 idsvc - ok
22:25:56.0181 5372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:25:56.0212 5372 iirsp - ok
22:25:56.0305 5372 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:25:56.0446 5372 IKEEXT - ok
22:25:56.0461 5372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:25:56.0493 5372 intelide - ok
22:25:56.0524 5372 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:25:56.0555 5372 intelppm - ok
22:25:56.0617 5372 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:25:56.0727 5372 IPBusEnum - ok
22:25:56.0773 5372 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:25:56.0883 5372 IpFilterDriver - ok
22:25:56.0961 5372 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:25:57.0070 5372 iphlpsvc - ok
22:25:57.0085 5372 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:25:57.0148 5372 IPMIDRV - ok
22:25:57.0195 5372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:25:57.0304 5372 IPNAT - ok
22:25:57.0351 5372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:25:57.0397 5372 IRENUM - ok
22:25:57.0413 5372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:25:57.0444 5372 isapnp - ok
22:25:57.0522 5372 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:25:57.0553 5372 iScsiPrt - ok
22:25:57.0600 5372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:25:57.0631 5372 kbdclass - ok
22:25:57.0647 5372 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:25:57.0694 5372 kbdhid - ok
22:25:57.0725 5372 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:25:57.0756 5372 KeyIso - ok
22:25:57.0803 5372 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
22:25:57.0834 5372 KSecDD - ok
22:25:57.0897 5372 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
22:25:57.0928 5372 KSecPkg - ok
22:25:57.0959 5372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:25:58.0053 5372 ksthunk - ok
22:25:58.0131 5372 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:25:58.0240 5372 KtmRm - ok
22:25:58.0302 5372 L1E (036accb27be3b3db1cdf9516a7d64b5c) C:\Windows\system32\DRIVERS\L1E60x64.sys
22:25:58.0349 5372 L1E - ok
22:25:58.0411 5372 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
22:25:58.0489 5372 LanmanServer - ok
22:25:58.0536 5372 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:25:58.0661 5372 LanmanWorkstation - ok
22:25:58.0692 5372 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:25:58.0817 5372 lltdio - ok
22:25:58.0879 5372 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:25:58.0989 5372 lltdsvc - ok
22:25:59.0004 5372 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:25:59.0113 5372 lmhosts - ok
22:25:59.0160 5372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:25:59.0191 5372 LSI_FC - ok
22:25:59.0223 5372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:25:59.0254 5372 LSI_SAS - ok
22:25:59.0301 5372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:25:59.0332 5372 LSI_SAS2 - ok
22:25:59.0347 5372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:25:59.0410 5372 LSI_SCSI - ok
22:25:59.0457 5372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:25:59.0566 5372 luafv - ok
22:25:59.0597 5372 LUMDriver (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
22:25:59.0628 5372 LUMDriver - ok
22:25:59.0769 5372 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:25:59.0800 5372 MBAMProtector - ok
22:25:59.0909 5372 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:25:59.0971 5372 MBAMService - ok
22:26:00.0018 5372 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:26:00.0081 5372 Mcx2Svc - ok
22:26:00.0112 5372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:26:00.0143 5372 megasas - ok
22:26:00.0190 5372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:26:00.0237 5372 MegaSR - ok
22:26:00.0283 5372 Microsoft SharePoint Workspace Audit Service - ok
22:26:00.0346 5372 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:00.0455 5372 MMCSS - ok
22:26:00.0486 5372 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:26:00.0595 5372 Modem - ok
22:26:00.0611 5372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:26:00.0642 5372 monitor - ok
22:26:00.0673 5372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:26:00.0705 5372 mouclass - ok
22:26:00.0736 5372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:26:00.0783 5372 mouhid - ok
22:26:00.0814 5372 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:26:00.0845 5372 mountmgr - ok
22:26:00.0985 5372 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:26:01.0017 5372 MozillaMaintenance - ok
22:26:01.0063 5372 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:26:01.0110 5372 mpio - ok
22:26:01.0126 5372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:26:01.0219 5372 mpsdrv - ok
22:26:01.0297 5372 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:26:01.0422 5372 MpsSvc - ok
22:26:01.0516 5372 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:26:01.0578 5372 MRxDAV - ok
22:26:01.0641 5372 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:26:01.0687 5372 mrxsmb - ok
22:26:01.0734 5372 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:26:01.0781 5372 mrxsmb10 - ok
22:26:01.0797 5372 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:26:01.0843 5372 mrxsmb20 - ok
22:26:01.0875 5372 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:26:01.0921 5372 msahci - ok
22:26:01.0968 5372 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:26:01.0999 5372 msdsm - ok
22:26:02.0046 5372 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:26:02.0109 5372 MSDTC - ok
22:26:02.0140 5372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:26:02.0233 5372 Msfs - ok
22:26:02.0249 5372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:26:02.0343 5372 mshidkmdf - ok
22:26:02.0358 5372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:26:02.0389 5372 msisadrv - ok
22:26:02.0452 5372 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:26:02.0577 5372 MSiSCSI - ok
22:26:02.0592 5372 msiserver - ok
22:26:02.0608 5372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:26:02.0701 5372 MSKSSRV - ok
22:26:02.0733 5372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:26:02.0795 5372 MSPCLOCK - ok
22:26:02.0826 5372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:26:02.0873 5372 MSPQM - ok
22:26:02.0935 5372 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:26:02.0982 5372 MsRPC - ok
22:26:02.0998 5372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:26:03.0045 5372 mssmbios - ok
22:26:03.0060 5372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:26:03.0154 5372 MSTEE - ok
22:26:03.0169 5372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:26:03.0216 5372 MTConfig - ok
22:26:03.0247 5372 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
22:26:03.0279 5372 MTsensor - ok
22:26:03.0310 5372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:26:03.0341 5372 Mup - ok
22:26:03.0403 5372 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:26:03.0513 5372 napagent - ok
22:26:03.0575 5372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:26:03.0637 5372 NativeWifiP - ok
22:26:03.0700 5372 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:26:03.0762 5372 NDIS - ok
22:26:03.0793 5372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:26:03.0887 5372 NdisCap - ok
22:26:03.0903 5372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:26:04.0027 5372 NdisTapi - ok
22:26:04.0059 5372 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:26:04.0152 5372 Ndisuio - ok
22:26:04.0199 5372 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:26:04.0293 5372 NdisWan - ok
22:26:04.0308 5372 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:26:04.0417 5372 NDProxy - ok
22:26:04.0449 5372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:26:04.0558 5372 NetBIOS - ok
22:26:04.0605 5372 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:26:04.0698 5372 NetBT - ok
22:26:04.0729 5372 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:26:04.0761 5372 Netlogon - ok
22:26:04.0885 5372 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:26:04.0995 5372 Netman - ok
22:26:05.0041 5372 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:26:05.0166 5372 netprofm - ok
22:26:05.0307 5372 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:05.0338 5372 NetTcpPortSharing - ok
22:26:05.0369 5372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:26:05.0400 5372 nfrd960 - ok
22:26:05.0447 5372 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:26:05.0572 5372 NlaSvc - ok
22:26:05.0587 5372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:26:05.0697 5372 Npfs - ok
22:26:05.0728 5372 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:26:05.0837 5372 nsi - ok
22:26:05.0868 5372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:26:05.0977 5372 nsiproxy - ok
22:26:06.0508 5372 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:26:06.0601 5372 Ntfs - ok
22:26:06.0726 5372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:26:06.0820 5372 Null - ok
22:26:07.0366 5372 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:26:07.0959 5372 nvlddmkm - ok
22:26:08.0068 5372 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:26:08.0083 5372 nvraid - ok
22:26:08.0115 5372 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:26:08.0146 5372 nvstor - ok
22:26:08.0177 5372 nvsvc (4dffb8ddba4a0e8222e0e8d2cd590803) C:\Windows\system32\nvvsvc.exe
22:26:08.0193 5372 nvsvc - ok
22:26:08.0239 5372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:26:08.0255 5372 nv_agp - ok
22:26:08.0286 5372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:26:08.0333 5372 ohci1394 - ok
22:26:08.0473 5372 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:26:08.0505 5372 ose - ok
22:26:08.0785 5372 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:26:09.0004 5372 osppsvc - ok
22:26:09.0144 5372 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:09.0222 5372 p2pimsvc - ok
22:26:09.0300 5372 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:26:09.0347 5372 p2psvc - ok
22:26:09.0409 5372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:26:09.0441 5372 Parport - ok
22:26:09.0550 5372 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
22:26:09.0581 5372 partmgr - ok
22:26:09.0659 5372 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:26:09.0721 5372 PcaSvc - ok
22:26:09.0784 5372 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
22:26:09.0862 5372 pccsmcfd - ok
22:26:09.0893 5372 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:26:09.0940 5372 pci - ok
22:26:09.0955 5372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:26:09.0987 5372 pciide - ok
22:26:10.0065 5372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:26:10.0111 5372 pcmcia - ok
22:26:10.0143 5372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:26:10.0174 5372 pcw - ok
22:26:10.0221 5372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:26:10.0345 5372 PEAUTH - ok
22:26:10.0455 5372 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:26:10.0517 5372 PerfHost - ok
22:26:10.0657 5372 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:26:10.0813 5372 pla - ok
22:26:10.0891 5372 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:26:10.0969 5372 PlugPlay - ok
22:26:11.0001 5372 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:26:11.0047 5372 PNRPAutoReg - ok
22:26:11.0110 5372 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:11.0141 5372 PNRPsvc - ok
22:26:11.0203 5372 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:26:11.0328 5372 PolicyAgent - ok
22:26:11.0391 5372 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:26:11.0515 5372 Power - ok
22:26:11.0796 5372 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:26:11.0921 5372 PptpMiniport - ok
22:26:11.0968 5372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:26:12.0030 5372 Processor - ok
22:26:12.0108 5372 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
22:26:12.0171 5372 ProfSvc - ok
22:26:12.0249 5372 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:26:12.0280 5372 ProtectedStorage - ok
22:26:12.0311 5372 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:26:12.0420 5372 Psched - ok
22:26:12.0529 5372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:26:12.0623 5372 ql2300 - ok
22:26:12.0779 5372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:26:12.0810 5372 ql40xx - ok
22:26:12.0873 5372 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:26:12.0919 5372 QWAVE - ok
22:26:12.0935 5372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:26:12.0997 5372 QWAVEdrv - ok
22:26:13.0029 5372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:26:13.0138 5372 RasAcd - ok
22:26:13.0200 5372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:26:13.0294 5372 RasAgileVpn - ok
22:26:13.0341 5372 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:26:13.0450 5372 RasAuto - ok
22:26:13.0512 5372 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:26:13.0637 5372 Rasl2tp - ok
22:26:13.0699 5372 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:26:13.0809 5372 RasMan - ok
22:26:13.0855 5372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:26:13.0965 5372 RasPppoe - ok
22:26:13.0996 5372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:26:14.0089 5372 RasSstp - ok
22:26:14.0136 5372 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:26:14.0245 5372 rdbss - ok
22:26:14.0277 5372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:26:14.0339 5372 rdpbus - ok
22:26:14.0355 5372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:26:14.0464 5372 RDPCDD - ok
22:26:14.0495 5372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:26:14.0604 5372 RDPENCDD - ok
22:26:14.0635 5372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:26:14.0729 5372 RDPREFMP - ok
22:26:14.0823 5372 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
22:26:14.0885 5372 RDPWD - ok
22:26:14.0963 5372 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:26:14.0994 5372 rdyboost - ok
22:26:15.0057 5372 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:26:15.0166 5372 RemoteAccess - ok
22:26:15.0244 5372 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:26:15.0369 5372 RemoteRegistry - ok
22:26:15.0447 5372 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:26:15.0509 5372 RFCOMM - ok
22:26:15.0727 5372 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:26:15.0837 5372 RpcEptMapper - ok
22:26:15.0868 5372 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:26:15.0930 5372 RpcLocator - ok
22:26:15.0993 5372 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:26:16.0086 5372 RpcSs - ok
22:26:16.0149 5372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:26:16.0242 5372 rspndr - ok
22:26:16.0273 5372 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:26:16.0305 5372 SamSs - ok
22:26:16.0336 5372 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:26:16.0383 5372 sbp2port - ok
22:26:16.0445 5372 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:26:16.0554 5372 SCardSvr - ok
22:26:16.0570 5372 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:26:16.0679 5372 scfilter - ok
22:26:16.0773 5372 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:26:16.0851 5372 Schedule - ok
22:26:16.0929 5372 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:26:17.0022 5372 SCPolicySvc - ok
22:26:17.0069 5372 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:26:17.0131 5372 SDRSVC - ok
22:26:17.0209 5372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:26:17.0319 5372 secdrv - ok
22:26:17.0334 5372 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:26:17.0443 5372 seclogon - ok
22:26:17.0506 5372 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:26:17.0615 5372 SENS - ok
22:26:17.0646 5372 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:26:17.0709 5372 SensrSvc - ok
22:26:17.0740 5372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:26:17.0771 5372 Serenum - ok
22:26:17.0818 5372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:26:17.0880 5372 Serial - ok
22:26:17.0896 5372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:26:17.0943 5372 sermouse - ok
22:26:18.0067 5372 ServiceLayer (12b41d84a4d058adc60853c365dbfcca) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
22:26:18.0083 5372 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:26:18.0083 5372 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:26:18.0145 5372 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:26:18.0239 5372 SessionEnv - ok
22:26:18.0255 5372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:26:18.0317 5372 sffdisk - ok
22:26:18.0333 5372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:26:18.0395 5372 sffp_mmc - ok
22:26:18.0411 5372 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:26:18.0442 5372 sffp_sd - ok
22:26:18.0457 5372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:26:18.0520 5372 sfloppy - ok
22:26:18.0598 5372 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:26:18.0723 5372 SharedAccess - ok
22:26:18.0769 5372 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:26:18.0832 5372 ShellHWDetection - ok
22:26:18.0847 5372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:26:18.0894 5372 SiSRaid2 - ok
22:26:18.0941 5372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:26:18.0972 5372 SiSRaid4 - ok
22:26:19.0019 5372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:26:19.0128 5372 Smb - ok
22:26:19.0175 5372 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:26:19.0222 5372 SNMPTRAP - ok
22:26:19.0253 5372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:26:19.0284 5372 spldr - ok
22:26:19.0362 5372 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:26:19.0409 5372 Spooler - ok
22:26:19.0581 5372 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:26:19.0752 5372 sppsvc - ok
22:26:19.0893 5372 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:26:20.0002 5372 sppuinotify - ok
22:26:20.0111 5372 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:26:20.0189 5372 srv - ok
22:26:20.0251 5372 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:26:20.0298 5372 srv2 - ok
22:26:20.0329 5372 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:26:20.0376 5372 srvnet - ok
22:26:20.0454 5372 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:26:20.0563 5372 SSDPSRV - ok
22:26:20.0626 5372 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:26:20.0735 5372 SstpSvc - ok
22:26:20.0829 5372 Stereo Service (7c28d81fc104d0dea13ce1c54280feb5) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:26:20.0860 5372 Stereo Service - ok
22:26:20.0891 5372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:26:20.0938 5372 stexstor - ok
22:26:20.0985 5372 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:26:21.0047 5372 stisvc - ok
22:26:21.0063 5372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:26:21.0109 5372 swenum - ok
22:26:21.0141 5372 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:26:21.0265 5372 swprv - ok
22:26:21.0359 5372 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:26:21.0484 5372 SysMain - ok
22:26:21.0671 5372 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:26:21.0749 5372 TabletInputService - ok
22:26:21.0796 5372 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:26:21.0905 5372 TapiSrv - ok
22:26:21.0999 5372 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:26:22.0123 5372 TBS - ok
22:26:22.0591 5372 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
22:26:22.0716 5372 Tcpip - ok
22:26:22.0966 5372 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
22:26:23.0059 5372 TCPIP6 - ok
22:26:23.0137 5372 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:26:23.0231 5372 tcpipreg - ok
22:26:23.0262 5372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:26:23.0309 5372 TDPIPE - ok
22:26:23.0340 5372 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:26:23.0387 5372 TDTCP - ok
22:26:23.0418 5372 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:26:23.0527 5372 tdx - ok
22:26:23.0559 5372 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:26:23.0590 5372 TermDD - ok
22:26:23.0668 5372 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:26:23.0793 5372 TermService - ok
22:26:24.0073 5372 Texis Monitor (407db52b50c8c8154ff114dcec1fb73c) C:\ProgramData\Simulia\Documentation\monitor.exe
22:26:24.0229 5372 Texis Monitor ( UnsignedFile.Multi.Generic ) - warning
22:26:24.0229 5372 Texis Monitor - detected UnsignedFile.Multi.Generic (1)
22:26:24.0323 5372 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:26:24.0370 5372 Themes - ok
22:26:24.0385 5372 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:24.0479 5372 THREADORDER - ok
22:26:24.0526 5372 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:26:24.0635 5372 TrkWks - ok
22:26:24.0713 5372 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:26:24.0760 5372 TrustedInstaller - ok
22:26:24.0838 5372 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:26:24.0963 5372 tssecsrv - ok
22:26:25.0025 5372 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:26:25.0134 5372 tunnel - ok
22:26:25.0165 5372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:26:25.0212 5372 uagp35 - ok
22:26:25.0243 5372 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:26:25.0368 5372 udfs - ok
22:26:25.0415 5372 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:26:25.0462 5372 UI0Detect - ok
22:26:25.0477 5372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:26:25.0509 5372 uliagpkx - ok
22:26:25.0524 5372 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:26:25.0587 5372 umbus - ok
22:26:25.0633 5372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:26:25.0665 5372 UmPass - ok
22:26:25.0727 5372 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:26:25.0852 5372 upnphost - ok
22:26:25.0930 5372 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
22:26:26.0008 5372 usbccgp - ok
22:26:26.0039 5372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:26:26.0101 5372 usbcir - ok
22:26:26.0148 5372 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
22:26:26.0179 5372 usbehci - ok
22:26:26.0257 5372 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:26:26.0304 5372 usbhub - ok
22:26:26.0335 5372 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
22:26:26.0382 5372 usbohci - ok
22:26:26.0413 5372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:26:26.0476 5372 usbprint - ok
22:26:26.0538 5372 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:26:26.0585 5372 USBSTOR - ok
22:26:26.0632 5372 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
22:26:26.0679 5372 usbuhci - ok
22:26:26.0710 5372 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:26:26.0803 5372 UxSms - ok
22:26:26.0835 5372 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:26:26.0866 5372 VaultSvc - ok
22:26:26.0928 5372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:26:26.0959 5372 vdrvroot - ok
22:26:27.0006 5372 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:26:27.0084 5372 vds - ok
22:26:27.0115 5372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:26:27.0147 5372 vga - ok
22:26:27.0178 5372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:26:27.0287 5372 VgaSave - ok
22:26:27.0349 5372 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:26:27.0396 5372 vhdmp - ok
22:26:27.0474 5372 VIAHdAudAddService (4a441cef86dd95692984fce11d8fd530) C:\Windows\system32\drivers\viahduaa.sys
22:26:27.0568 5372 VIAHdAudAddService - ok
22:26:27.0661 5372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:26:27.0693 5372 viaide - ok
22:26:27.0942 5372 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:26:27.0973 5372 volmgr - ok
22:26:28.0020 5372 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:26:28.0067 5372 volmgrx - ok
22:26:28.0114 5372 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:26:28.0145 5372 volsnap - ok
22:26:28.0176 5372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:26:28.0223 5372 vsmraid - ok
22:26:28.0348 5372 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:26:28.0441 5372 VSS - ok
22:26:28.0613 5372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:26:28.0644 5372 vwifibus - ok
22:26:28.0691 5372 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:26:28.0785 5372 W32Time - ok
22:26:28.0816 5372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:26:28.0878 5372 WacomPen - ok
22:26:28.0925 5372 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:29.0019 5372 WANARP - ok
22:26:29.0034 5372 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:29.0128 5372 Wanarpv6 - ok
22:26:29.0237 5372 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:26:29.0315 5372 WatAdminSvc - ok
22:26:29.0409 5372 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:26:29.0502 5372 wbengine - ok
22:26:29.0783 5372 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:26:29.0830 5372 WbioSrvc - ok
22:26:29.0892 5372 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:26:29.0955 5372 wcncsvc - ok
22:26:29.0970 5372 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:26:30.0017 5372 WcsPlugInService - ok
22:26:30.0079 5372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:26:30.0111 5372 Wd - ok
22:26:30.0157 5372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:26:30.0220 5372 Wdf01000 - ok
22:26:30.0251 5372 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:30.0298 5372 WdiServiceHost - ok
22:26:30.0313 5372 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:30.0360 5372 WdiSystemHost - ok
22:26:30.0423 5372 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:26:30.0485 5372 WebClient - ok
22:26:30.0563 5372 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:26:30.0672 5372 Wecsvc - ok
22:26:30.0703 5372 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:26:30.0813 5372 wercplsupport - ok
22:26:30.0844 5372 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:26:30.0953 5372 WerSvc - ok
22:26:31.0031 5372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:26:31.0125 5372 WfpLwf - ok
22:26:31.0156 5372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:26:31.0187 5372 WIMMount - ok
22:26:31.0234 5372 WinDefend - ok
22:26:31.0249 5372 WinHttpAutoProxySvc - ok
22:26:31.0327 5372 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:26:31.0437 5372 Winmgmt - ok
22:26:31.0577 5372 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:26:31.0749 5372 WinRM - ok
22:26:31.0967 5372 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:26:32.0045 5372 WinUsb - ok
22:26:32.0139 5372 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:26:32.0217 5372 Wlansvc - ok
22:26:32.0248 5372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:26:32.0295 5372 WmiAcpi - ok
22:26:32.0404 5372 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:26:32.0466 5372 wmiApSrv - ok
22:26:32.0529 5372 WMPNetworkSvc - ok
22:26:32.0560 5372 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:26:32.0607 5372 WPCSvc - ok
22:26:32.0638 5372 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:26:32.0685 5372 WPDBusEnum - ok
22:26:32.0700 5372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:26:32.0809 5372 ws2ifsl - ok
22:26:32.0872 5372 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
22:26:32.0934 5372 wscsvc - ok
22:26:33.0059 5372 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:26:33.0121 5372 WSDPrintDevice - ok
22:26:33.0153 5372 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
22:26:33.0184 5372 WSDScan - ok
22:26:33.0199 5372 WSearch - ok
22:26:33.0355 5372 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:26:33.0496 5372 wuauserv - ok
22:26:33.0699 5372 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:26:33.0808 5372 WudfPf - ok
22:26:33.0839 5372 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:26:33.0933 5372 WUDFRd - ok
22:26:33.0979 5372 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:26:34.0089 5372 wudfsvc - ok
22:26:34.0167 5372 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:26:34.0229 5372 WwanSvc - ok
22:26:34.0276 5372 ZDCNDIS6a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\ZDCNDIS6a64.sys
22:26:34.0307 5372 ZDCNDIS6a64 - ok
22:26:34.0401 5372 ZY271NV64 (d506e6b213651c0fff9c315acb8e2aa3) C:\Windows\system32\DRIVERS\WLANUHN.sys
22:26:34.0479 5372 ZY271NV64 - ok
22:26:34.0510 5372 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:26:34.0775 5372 \Device\Harddisk0\DR0 - ok
22:26:34.0791 5372 Boot (0x1200) (37e59f3f92fd127dfd1ee78b3f1811aa) \Device\Harddisk0\DR0\Partition0
22:26:34.0791 5372 \Device\Harddisk0\DR0\Partition0 - ok
22:26:34.0791 5372 ============================================================
22:26:34.0791 5372 Scan finished
22:26:34.0791 5372 ============================================================
22:26:34.0900 5008 Detected object count: 4
22:26:34.0900 5008 Actual detected object count: 4
22:27:50.0732 5008 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:50.0732 5008 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:27:50.0732 5008 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:50.0732 5008 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:27:50.0732 5008 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:50.0732 5008 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:27:50.0732 5008 Texis Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:27:50.0732 5008 Texis Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.07.2012, 21:46
| #11 |
| /// Malware-holic | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe hi lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.07.2012, 21:11
| #12 |
| | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Hallo, Code:
ATTFilter Abaqus 6.8 Student Edition Dassault Systemes Simulia Corp. 29.12.2009 6.8.0.0 notwendig Adobe AIR Adobe Systems Incorporated 22.01.2012 3.1.0.4880 unbekannt Adobe Download Assistant Adobe Systems Incorporated 22.01.2012 1.0.6 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.12.2011 6,00MB 11.1.102.55 notwendig Adobe Reader 9.2 - Deutsch Adobe Systems Incorporated 29.08.2010 161MB 9.2.0 notwendig Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver Atheros Communications Inc. 20.07.2009 1.0.0.38 unbekannt AVG 2012 AVG Technologies 17.07.2012 2012.0.2197 notwendig Canon IJ Network Scan Utility 15.02.2010 unbekannt Canon IJ Network Tool 15.02.2010 unbekannt Canon MP Navigator EX 3.0 15.02.2010 unbekannt Canon MP560 series Benutzerregistrierung 15.02.2010 unbekannt Canon MP560 series MP Drivers 15.02.2010 notwendig Canon Utilities Easy-PhotoPrint EX 15.02.2010 notwendig Canon Utilities My Printer 15.02.2010 notwendig Canon Utilities Solution Menu 15.02.2010 notwendig CCleaner Piriform 22.06.2012 3.20 notwendig Cool & Quiet 29.12.2009 unbekannt Corel VideoStudio 12 Corel Corporation 25.10.2009 280MB 12.0.0.0000 notwendig CorelDRAW(R) Graphics Suite X4 Corel Corporation 29.12.2009 notwendig CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension Corel Corporation 29.12.2009 2,93MB unbekannt Dassault Systemes Doc English CATIA P3 B19 30.12.2009 notwendig Dassault Systemes Software B19 30.12.2009 notwendig Dassault Systemes Software Prerequisites x86-x64 Dassault Systemes 30.12.2009 5,96MB 8.1.3 notwendig Draadloze N USB adapter voorziening ZyXEL 23.08.2009 1.00.0000 notwendig E-Finance Java 08.09.2010 1.0.0.0 unnötig Firebird SQL Server - MAGIX Edition MAGIX AG 22.01.2012 11,5MB 2.1.31.0 unnötig Free PDF to Word Doc Converter v1.1 www.hellopdf.com 23.07.2009 1.1 notwendig Free Studio version 5.2.1 DVDVideoSoft Ltd. 12.10.2011 330MB notwendig Garmin City Navigator Europe NT 2010.31 Update Garmin Ltd or its subsidiaries 15.04.2010 2,19GB 13.31.0.0 unnötig Garmin USB Drivers Garmin Ltd or its subsidiaries 15.04.2010 121KB 2.3.0.0 unnötig Java(TM) 7 Update 3 (64-bit) Oracle 17.03.2012 93,6MB 7.0.30 notwendig MAGIX Foto Manager 10 MAGIX AG 22.01.2012 8.0.2.184 unnötig MAGIX Online Druck Service myphotobook GmbH 22.01.2012 1.1.0-478 unnötig MAGIX Screenshare MAGIX AG 22.01.2012 1,54MB 4.3.6.1987 unnötig Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 05.07.2012 18,0MB 1.61.0.1400 notwendig MATLAB R2008b The MathWorks, Inc. 29.12.2009 7.7 notwendig MediaMonkey 4.0 Ventis Media Inc. 19.02.2012 47,9MB 4.0 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.02.2011 38,8MB 4.0.30319 notwendig Microsoft Office Professional Plus 2010 Microsoft Corporation 30.11.2011 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 20.05.2012 50,6MB 5.1.10411.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 20.07.2009 1,74MB 3.1.0000 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 20.07.2009 624KB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 20.07.2009 1,44MB 1.0.1215.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 13.08.2009 251KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001 notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 29.07.2009 199KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 598KB 9.0.30729.5570 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 20.07.2009 590KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.09.2010 594KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 600KB 9.0.30729.6161 notwendig Mozilla Firefox 13.0.1 (x86 de) Mozilla 30.06.2012 37,4MB 13.0.1 notwendig Mozilla Maintenance Service Mozilla 30.06.2012 309KB 13.0.1 unbekannt Mozilla Thunderbird (3.1.10) Mozilla 08.05.2011 3.1.10 (de) notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 10.12.2010 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 10.12.2010 1,33MB 4.20.9876.0 unbekannt Nokia Connectivity Cable Driver Nokia 26.06.2011 3,90MB 7.1.41.0 notwendig Nokia Ovi Suite Nokia 26.06.2011 3.1.0.91 notwendig Nokia Ovi Suite Software Updater Nokia Corporation 26.06.2011 43,3MB 02.07.004.45780 unbekannt NVIDIA Display Control Panel NVIDIA Corporation 29.12.2009 1.10 unbekannt NVIDIA Drivers NVIDIA Corporation 29.12.2009 1.10 notwendig NVIDIA PhysX NVIDIA Corporation 29.12.2009 120MB 9.09.0814 unbekannt NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 29.12.2009 7.17.11.9562 unbekannt OpenOffice.org 3.1 OpenOffice.org 29.08.2009 367MB 3.1.9399 notwendig PC Connectivity Solution Nokia 26.06.2011 19,8MB 11.4.16.0 unbekannt PDFCreator Frank Heindörfer, Philip Chinery 07.12.2010 1.1.0 notwendig PSPad editor Jan Fiala 09.06.2011 notwendig Python 3.1 Python Software Foundation 23.07.2009 45,5MB 3.1.150 notwendig Skype Toolbars Skype Technologies S.A. 02.03.2011 5,75MB 5.0.4137 unnötig Skype™ 5.1 Skype Technologies S.A. 02.03.2011 22,6MB 5.1.112 notwendig System Requirements Lab 29.12.2009 unbekannt Uninstall 1.0.0.1 23.07.2009 unbekannt VIA Plattform-Geräte-Manager VIA Technologies, Inc. 20.07.2009 2,59MB 1.27 unbekannt Visual Studio 2008 x64 Redistributables AVG Technologies 08.07.2012 42,0KB 10.0.0.2 unbekannt VLC media player 1.0.0 VideoLAN Team 29.12.2009 1.0.0 notwendig WIDCOMM Bluetooth Software WIDCOMM, Inc. 14.05.2011 16,2MB 3.0.1.912 notwendig Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 15.04.2010 06/03/2009 2.3.0.0 unbekannt Windows Live Anmelde-Assistent Microsoft Corporation 20.07.2009 1,93MB 5.000.818.5 unbekannt Windows Live Essentials Microsoft Corporation 29.12.2009 14.0.8064.0206 unbekannt Windows Live Sync Microsoft Corporation 20.07.2009 2,79MB 14.0.8064.206 unbekannt Windows Live-Uploadtool Microsoft Corporation 20.07.2009 225KB 14.0.8014.1029 unbekannt Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 26.06.2011 08/22/2008 7.0.0.0 unbekannt WinRAR 30.12.2009 notwendig |
|
18.07.2012, 17:51
| #13 |
| /// Malware-holic | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: E-Finance Firebird Garmin : beide MAGIX : alle Microsoft Silverlight Skype Toolbars Windows Live : alle die, die du nicht nutzt öffne ccleaner, analysieren starten öffne otl, cleanup pc startet neu, testen wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.07.2012, 20:26
| #14 |
| | Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe Hallo, Ok, alles ausgeführt. Läuft soweit stabil. Keine negativen Vorkommnisse. |
|
| Themen zu Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe |
| alle kontakte, antivir, avira, backdoor.cycbot.gen, bho, canon, converter, desktop, e-mail, error, excel, firefox, flash player, gmx-account, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, logfile, microsoft office word, mozilla, mp3, plug-in, popup, registry, scan, searchscopes, security, senden, software, svchost.exe, trojaner, vdeck.exe, vista |
![Trojaner: csrss.exe, dwm.exe, doclhmfmarfwhmfmj[1].exe, info[1].exe](iconimages/log-analyse-auswertung/trojaner-csrss-exe-dwm-exe-doclhmfmarfwhmfmj-1-exe-info-1-exe_ltr.gif)
Linear-Darstellung
