| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.07.2012, 18:18
| #1 |
 |  Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hallo, ich habe vorgestern Abend eine Email von einem Freund geöffnet und habe auf den Link, der in der Email war, drauf geklickt. Es war eine Seite mit Diätpillen oder sowas. Ich habe die Seite sofort wieder verlassen, da ich mir dachte, dass das nicht von ihm sein kann. Der Link lautet: ***EDIT:Larusso Da hier stand, dass man alles genau aufschreiben soll werde ich das dann auch mal tun. Ich habe die Mail am nächsten Morgen nach dem ich erfahren habe, dass die Email nicht von meinem Kumpel kam, leider gelöscht  . Abends habe ich mich im Internet mal informiert, was das eigentlich sein könnte und bin auf euch gestoßen. Die Email war weder in meinem Outlook in den gelöschten Mails zu finden noch in meinem googlemail Emailaccount, jedoch auf meinem iPhone. Ich habe mir das Programm Malwarebytes Anti-Malware heruntergeladen und habe den Scan zwei Mal durchlaufen lassen. die Ergebnisdatei des ersten Scanns sind folgendermaßen: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.16.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ella :: ELLA-PC [Administrator] Schutz: Aktiviert 16.07.2012 19:29:20 mbam-log-2012-07-16 (19-29-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 405461 Laufzeit: 1 Stunde(n), 14 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Ella\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ella\Downloads\SoftonicDownloader_fuer_gpl-mpeg-1-2-directshow-decoder-filter.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Beim zweiten Durchlauf wurde nichts mehr gefunden. Ich bin mir jetzt nichts sicher ob mein PC noch infiziert ist oder nicht. Habe jetzt mein Passwort in meinem Emailaccount geändert weiß aber nicht ob das ausreicht. Auf meinem Laptop ist Avast! Free installiert. Könnt ihr mir da weiter helfen? Vielen lieben Dank im Voraus. Ella Geändert von Larusso (18.07.2012 um 14:07 Uhr) |
|
18.07.2012, 14:08
| #2 |
| /// Selecta Jahrusso   | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Bitte folge den Anweisungen hier und poste die geforderten Logfiles. http://www.trojaner-board.de/69886-a...-beachten.html
__________________ |
|
19.07.2012, 00:42
| #3 |
| | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hallo Daniel,
__________________vielen Dank für die Antwort. ich habe jetzt den 1. & 2. Schritt gemacht. Der defrogger hat keine Fehlermeldung angezeigt. Anbei zuerst das OTL.txt Dokument:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.07.2012 01:02:50 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ella\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,00% Memory free
7,93 Gb Paging File | 6,01 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,80 Gb Total Space | 130,13 Gb Free Space | 46,34% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,90 Gb Free Space | 46,00% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 1,21 Gb Free Space | 61,01% Space Free | Partition Type: FAT32
Computer Name: ELLA-PC | User Name: Ella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.19 00:59:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ella\Downloads\OTL (1).exe
PRC - [2012.07.19 00:53:27 | 000,050,477 | ---- | M] () -- C:\Users\Ella\Downloads\Defogger.exe
PRC - [2012.07.06 18:17:04 | 001,192,664 | ---- | M] () -- C:\Users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ella\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe
PRC - [2009.10.30 13:28:54 | 000,135,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2009.06.17 09:56:16 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.06.17 09:56:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.19 00:53:27 | 000,050,477 | ---- | M] () -- C:\Users\Ella\Downloads\Defogger.exe
MOD - [2012.07.06 18:17:04 | 001,192,664 | ---- | M] () -- C:\Users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.30 13:29:16 | 001,387,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzvbi_plugin.dll
MOD - [2009.10.30 13:29:16 | 001,201,171 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,074,259 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,037,395 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll
MOD - [2009.10.30 13:29:16 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll
MOD - [2009.10.30 13:29:14 | 002,448,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll
MOD - [2009.10.30 13:29:14 | 001,191,443 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,306,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,248,339 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,121,363 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,059,923 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_directx_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,047,635 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,046,099 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubtitle_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsdec_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,037,907 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libvobsub_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,033,811 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,032,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,028,691 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll
MOD - [2009.10.30 13:29:14 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll
MOD - [2009.10.30 13:29:12 | 009,607,699 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,725,011 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,285,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libsdl_image_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll
MOD - [2009.10.30 13:29:12 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll
MOD - [2009.10.30 13:29:10 | 001,298,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,205,331 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,128,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,096,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,033,299 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll
MOD - [2009.10.30 13:29:10 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll
MOD - [2009.10.30 13:29:08 | 001,728,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll
MOD - [2009.10.30 13:29:08 | 001,705,491 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,309,267 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,270,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,216,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,195,603 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,173,587 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,148,499 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,143,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvbsub_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,134,163 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,101,907 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libkate_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,070,675 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,052,755 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,051,731 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,047,123 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,046,099 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,035,859 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,835 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,034,323 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvmem_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_mmx_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,715 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,028,691 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll
MOD - [2009.10.30 13:29:08 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_plugin.dll
MOD - [2009.10.30 13:29:06 | 005,003,795 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,053,779 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,045,075 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,042,003 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_float_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,042,003 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcmml_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,033,299 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll
MOD - [2009.10.30 13:29:06 | 000,029,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,043,539 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,041,491 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,036,371 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libadpcm_plugin.dll
MOD - [2009.10.30 13:29:02 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,073,747 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,064,019 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,032,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,031,763 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_file_plugin.dll
MOD - [2009.10.30 13:29:00 | 000,028,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll
MOD - [2009.10.30 13:28:58 | 002,112,531 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2009.10.30 13:28:58 | 000,114,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2009.10.30 13:28:54 | 000,135,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.05.13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.08.04 12:52:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.15 14:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010.11.13 12:18:16 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Ella\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.28 19:52:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.30 18:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.17 09:56:16 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.04 03:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.01.13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.08.04 13:26:00 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 03:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 13:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 13:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 13:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.04 10:10:00 | 000,406,528 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2009.05.18 14:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.07 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 1E 8E CC 5A C5 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {949ADDEF-83E1-4FB5-A1F6-444B62034615}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VD&o=14770&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{949ADDEF-83E1-4FB5-A1F6-444B62034615}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.1:80
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ella\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ella\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.23 07:49:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.23 07:49:06 | 000,000,000 | ---D | M]
[2010.11.09 21:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ella\AppData\Roaming\mozilla\Extensions
[2010.11.09 21:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ella\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.28 21:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
========== Chrome ==========
CHR - homepage: Search
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Search
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ella\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Ella\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ella\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ella\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: MeasureIt! = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Web Developer = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: Ultimate YouTube Downloader = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.1.1_0\
CHR - Extension: YouTube = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: colorPicker 0.9 = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\jegimleidpfmpepbfajjlielaheedkdo\0.9.90_0\
CHR - Extension: Skype Click to Call = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: AT_ChloeV4 = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pillplnpmfjckedkedpaoembffbpklnf\2_0\
CHR - Extension: Google Mail = C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ella\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E33D596-9741-42D3-9E99-E719ACF5D396}: DhcpNameServer = 217.237.150.51 217.237.148.22 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC41AD0E-1BBC-46D5-9A0D-3F023D4A9682}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E54F5B44-8B21-41B6-9178-D2BB265116B3}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{10cb17a3-24a1-11df-be5a-0027135dcaa7}\Shell - "" = AutoRun
O33 - MountPoints2\{10cb17a3-24a1-11df-be5a-0027135dcaa7}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{d2ea87ed-3906-11df-b7a7-0027135dcaa7}\Shell - "" = AutoRun
O33 - MountPoints2\{d2ea87ed-3906-11df-b7a7-0027135dcaa7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.16 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\Ella\AppData\Roaming\Malwarebytes
[2012.07.16 19:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 19:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 19:25:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 19:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\Ella\AppData\Roaming\DiskSpaceFan
[2012.07.14 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4 Free
[2012.07.14 23:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cookapp
[2012.07.14 21:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.02 11:35:17 | 002,131,336 | ---- | C] (Ask.com ) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
[2010.02.14 16:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files (x86)\mplayerc.exe
========== Files - Modified Within 30 Days ==========
[2012.07.19 01:01:56 | 000,001,444 | ---- | M] () -- C:\Users\Ella\Desktop\OTL (1) - Verknüpfung.lnk
[2012.07.19 00:55:33 | 000,000,000 | ---- | M] () -- C:\Users\Ella\defogger_reenable
[2012.07.19 00:43:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000UA.job
[2012.07.19 00:23:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 00:23:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 20:09:30 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.18 20:09:30 | 000,657,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.18 20:09:30 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.18 20:09:30 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.18 20:09:30 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.18 20:06:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 07:47:21 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000Core.job
[2012.07.18 01:21:23 | 000,015,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 01:21:23 | 000,015,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 21:23:42 | 3193,122,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 19:25:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 22:17:10 | 002,363,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.14 21:26:49 | 000,153,244 | ---- | M] () -- C:\Users\Ella\Documents\cc_20120714_212637.reg
[2012.07.14 21:21:30 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.06 12:59:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.05 15:57:56 | 002,238,083 | ---- | M] () -- C:\Users\Ella\Documents\lookbook 1 version.pdf
[2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.07.03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012.07.19 01:01:56 | 000,001,444 | ---- | C] () -- C:\Users\Ella\Desktop\OTL (1) - Verknüpfung.lnk
[2012.07.19 00:55:33 | 000,000,000 | ---- | C] () -- C:\Users\Ella\defogger_reenable
[2012.07.16 19:25:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 21:26:41 | 000,153,244 | ---- | C] () -- C:\Users\Ella\Documents\cc_20120714_212637.reg
[2012.07.14 21:21:30 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.05 15:57:56 | 002,238,083 | ---- | C] () -- C:\Users\Ella\Documents\lookbook 1 version.pdf
[2012.05.06 17:13:55 | 000,007,602 | ---- | C] () -- C:\Users\Ella\AppData\Local\Resmon.ResmonCfg
[2011.10.27 08:00:05 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011.09.30 00:38:30 | 000,015,364 | -H-- | C] () -- C:\Users\Ella\.DS_Store
[2011.04.30 19:36:28 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.09 01:38:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.28 21:54:33 | 000,005,632 | ---- | C] () -- C:\Users\Ella\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2011.10.28 22:40:01 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Design Science
[2012.07.16 21:04:59 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Desktopicon
[2012.07.15 00:06:18 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\DiskSpaceFan
[2012.07.16 22:47:20 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Dropbox
[2011.10.29 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\DVDVideoSoft
[2011.09.25 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.13 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Mikogo
[2010.03.03 23:10:02 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\oald7
[2010.02.28 20:33:32 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Opera
[2010.12.28 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\ScreeNet iSaver
[2012.07.15 08:12:32 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Spotify
[2010.11.09 21:50:57 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Thunderbird
[2011.01.15 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Titanium
[2011.09.26 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\Toolbars
[2011.10.30 11:58:11 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\TuneUp Software
[2012.07.14 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\Ella\AppData\Roaming\uTorrent
[2012.02.21 17:22:44 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 60 bytes -> C:\Users\Ella\Documents\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Ella\.DS_Store:AFP_AfpInfo
< End of report >
und die Extras.txt DateiOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.07.2012 01:02:50 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ella\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,00% Memory free
7,93 Gb Paging File | 6,01 Gb Available in Paging File | 75,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280,80 Gb Total Space | 130,13 Gb Free Space | 46,34% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,90 Gb Free Space | 46,00% Space Free | Partition Type: NTFS
Drive E: | 1,99 Gb Total Space | 1,21 Gb Free Space | 61,01% Space Free | Partition Type: FAT32
Computer Name: ELLA-PC | User Name: Ella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [myprinting Fotobuch] -- "C:\Program Files (x86)\myprinting\myprinting Fotobuch\myprinting Fotobuch.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [myprinting Fotobuch] -- "C:\Program Files (x86)\myprinting\myprinting Fotobuch\myprinting Fotobuch.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0992780E-9443-482A-B20C-FB83A88721A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0D0CAB99-19F7-49A9-80F7-FFD29201C727}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1249C422-7870-4B2E-BD45-B4CD471F3269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{198BEB14-A919-48C1-87D0-53DB86C283F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{19928518-E2DF-44A7-AF00-C92BDB292327}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FBC266C-CDC4-4DCF-AECE-BCD3F5B155C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32268428-2F11-49AF-A5F2-0309607CF788}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{328528CD-7A41-4AE4-A5AB-E219F73E5170}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4509F441-DF0A-4FBE-87EC-7F15EBFF949D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5DB42007-F4AB-4F1B-93B2-E1CC88ABD8A4}" = lport=137 | protocol=17 | dir=in | app=system |
"{6279759A-02BA-4B53-8F53-C3529483E3DC}" = lport=445 | protocol=6 | dir=in | app=system |
"{6ED7AF9B-FB42-4999-84B4-DD4C26767DF0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{724963E5-3FC4-4FD4-A9C2-907541DAB64D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{752A10CA-5F01-4108-8B27-5E7CBDAE54D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{853662AB-3A90-4991-A50D-DB7D3035687A}" = rport=138 | protocol=17 | dir=out | app=system |
"{93ADAEB2-5EFA-4FF9-8CB1-03B678B6EDCD}" = lport=139 | protocol=6 | dir=in | app=system |
"{A18EE7DE-8EB0-4A3A-87C8-2B285F869581}" = rport=445 | protocol=6 | dir=out | app=system |
"{A2299AAE-95E7-4D58-B727-F7AEF97BE338}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A39F5AFD-BF71-4E17-B0F4-A03CEB0C9722}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5E0512E-C4DA-452F-BA0A-4100BBEDD936}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BCF84318-7518-495B-966F-54A14806DD17}" = rport=137 | protocol=17 | dir=out | app=system |
"{BEC6A320-CA9C-4116-ADB6-20340C508352}" = rport=2077 | protocol=6 | dir=out | name=stablehost webdisc |
"{C92A1DC2-0DF7-41F7-BF0B-C2C086FF8A5E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D241D959-777F-43C2-8966-86A6F0BE6488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5A7D855-757D-4BA2-AC68-86B730E3A914}" = lport=138 | protocol=17 | dir=in | app=system |
"{D85CD5C6-548A-4EEF-9F3C-00826219657D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC489C49-499A-48A5-95BD-87B3F4E06B99}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023B85E4-7A7F-4372-927F-7B66E891485F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03000544-B398-44CF-A480-BC8D6E9B7E69}" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe |
"{034A88B5-00E7-479C-BF1C-5AA25E0627BB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0EA38895-E8C2-4667-9F7C-08D96CDD12E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{1B620C5B-80FC-4DB1-B826-D2E4A9AAAB06}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{1F8456A2-7106-4857-B803-59DEE2F71CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{20944839-2AC9-4433-BFC6-CBC59E32BB78}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{28256EB9-8EA2-4141-B42A-A5A057E501BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{31B74E7A-651C-4CB0-B12E-07C3804459FF}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3D038487-74C8-45EE-89AD-49BAFBC2E480}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3F3F0F36-F7A4-4A4F-91D6-638E29E4B5AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4123055E-C052-458A-9ACE-B77C075AC4C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45D3C913-2F96-4625-81CE-4E21B143CFE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4A77290E-BB0F-4A9D-90C7-B6AE478CFB73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DB1A2A4-EBBD-4BED-95E6-65713724C492}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{510CB2D7-9084-4DA5-B20B-F1C648CFB807}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{56DC20EB-3A2A-4492-AABB-63A4E3EF99EA}" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe |
"{58C19595-B937-49BA-832A-AA30EA32BD3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{61806BEF-574E-4760-B6F3-747B7B80FB56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A3FD83D-74CD-4C2C-97A6-DDAB2C75C8AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E907539-8978-4841-B724-B86C31F04D96}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E95FE85-7A9F-4AE1-9205-8326BAD10A6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{707D546F-4875-4D84-8C5C-105F13DED6C4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{7BF2093A-0E83-4528-AF55-7ED844033DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7ED3FB86-55DC-4BD6-8675-38C678BAD47A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85509F8E-756D-4685-B190-A0225F54FE45}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E96128D-BD60-40CC-9895-42F2DF6867CA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A131DD11-1EFF-488D-9117-B7B0CDEDE947}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A9F90066-60A7-4225-84D4-3586CB7EE45A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B2EA1AB6-01F6-4ABA-A617-0F8830FD966C}" = protocol=6 | dir=out | app=system |
"{B56564CC-C802-44C6-B210-B009C0480507}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |
"{BA4E7049-AECC-45B2-A79B-067CD6FD279A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC4496CB-5970-49FA-AD2D-63E4F4FB4FE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2F792D0-55E8-4360-9B78-5B411664E52F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3849E83-DB98-4BDF-975F-7E16D01C443D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D576BCFE-3EF8-4C83-8767-1082000EDF8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D58A244D-B2AF-4AF6-814C-3592BC6186CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6CC332E-2E8F-48B2-B5BA-D7D6C76A116B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D9F24D50-88CC-43B1-B21E-FE87DAAD6F24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB7C9627-6795-416F-8912-3FFDEDAD6CF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD35157D-07FB-4835-9F56-94BC9887572B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E9535F73-108F-4687-B2C5-CF29BF133779}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F424DD41-C779-429D-ADFA-8F4CFBFB3D8C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F70C19C3-6029-48C5-BDA8-4A7BE1C3D246}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7BA44A1-07A1-49E0-981B-F5D7496E034C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2133BC64-0CF2-4159-8752-92A15091E96F}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe |
"TCP Query User{47596608-7AAC-456C-B875-B9DA70A5BD57}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{70F658CF-1866-4D70-B399-AD7359631036}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{72A65344-31EA-4F6F-9FD5-B89CB33EAD00}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{897D6C5D-7A9A-451D-8FC9-AE852A56E9CB}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe |
"TCP Query User{90C97022-BC30-4138-AF32-1EB8E066FF5A}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"TCP Query User{9E5EE22E-C4CE-4945-A381-9908FF3473E9}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A4D929AB-FB02-4B22-8CC8-47F2E8E89F68}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"TCP Query User{A5013A40-9B3F-42B1-AD43-725BCD691D9E}C:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E4E203A8-0C0E-4140-95CB-15918A0B14D6}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{0673EB1E-4E19-4ABE-AC8E-31302EFF516D}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{2A50BD70-F9FF-4CF5-AE40-A828B99D6FF7}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{4B6145A0-EB36-4B30-9AAD-82E4FBB6176E}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{926E4751-20FB-4660-B50F-2CA8B5B693BE}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{B351106E-1C2B-41A1-B246-1F24E3EFC347}C:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BA07727D-57B7-48AD-97C4-4C5CE7C86E00}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{CE036039-FF2A-4AE7-8A47-153AF8990366}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |
"UDP Query User{D4944456-3A52-4D73-AAF4-86E8C5FCC41F}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E3E98C2C-786A-4F9D-B7E6-4946E37ACF8C}C:\users\ella\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ella\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F3CAFE50-3562-4912-A06B-AF4F54D61DAF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ABD3650-2D22-6C01-3CD6-9744E8819CD0}" = ATI Catalyst Install Manager
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}" = Bonjour-Druckdienste
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DEF8812-6379-A0B9-DD09-49FB8F2BCDCF}" = ccc-utility64
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows-Treiberpaket - Intel (NETw5v64) net (09/15/2009 13.0.0.107)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"FB8C5A1BB9B0EB1DBE21E5BBBF6942439C4FB2F9" = Windows-Treiberpaket - Intel net (09/15/2009 13.0.0.107)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 30
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4850C1AE-BD1D-468C-9ABC-5486DC21E1E5}" = HP ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66D31A57-0446-3886-AEFF-201E1E7C4854}" = Google Talk Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B11BCAC-CE60-418E-A0BD-F773EC1194E5}" = HP QuickLook
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEACD7BE-7E12-490D-80B2-C7DEBDBD8915}" = Windows 7 Default Setting
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 9.15 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Audiograbber" = Audiograbber 1.83 SE
"avast" = avast! Free Antivirus
"Disk Space Fan 4 Free_is1" = Disk Space Fan 4 Free (4.0.2.100)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DSMT6" = MathType 6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HaaliMkx" = Haali Media Splitter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mediaport" = Mediaport
"Mikogo" = Mikogo
"myprinting Fotobuch" = myprinting Fotobuch
"OALD7" = Oxford Advanced Learner's Dictionary - 7th edition
"Picasa 3" = Picasa 3
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 03.06.2012 09:34:13 | Computer Name = Ella-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
[ OSession Events ]
Error - 09.11.2010 16:33:37 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7795
seconds with 3420 seconds of active time. This session ended with a crash.
Error - 08.01.2011 10:50:50 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1694
seconds with 0 seconds of active time. This session ended with a crash.
Error - 21.03.2011 11:06:30 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 161
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.07.2011 16:25:57 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.09.2011 12:22:51 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1010
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.11.2011 09:26:05 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 613448
seconds with 6180 seconds of active time. This session ended with a crash.
Error - 07.01.2012 20:57:14 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54409
seconds with 2760 seconds of active time. This session ended with a crash.
Error - 21.01.2012 03:29:56 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 222376
seconds with 1980 seconds of active time. This session ended with a crash.
Error - 09.02.2012 20:00:09 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49813
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 20.04.2012 05:30:21 | Computer Name = Ella-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 220982
seconds with 5580 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.07.2012 15:24:22 | Computer Name = Ella-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 16.07.2012 15:24:22 | Computer Name = Ella-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 17.07.2012 01:16:46 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.07.2012 12:36:15 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.07.2012 19:27:46 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.07.2012 01:47:07 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.07.2012 08:21:04 | Computer Name = Ella-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18.07.2012 08:21:04 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.07.2012 14:06:29 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 18.07.2012 14:06:33 | Computer Name = Ella-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Vielen Dank im voraus für die Hilfe. Viele Grüße Ella |
|
19.07.2012, 11:34
| #4 |
| /// Selecta Jahrusso | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Macht der Rechner irgendwelche Probleme ? Ich seh da nichts, was mich beunruhigen würde. Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
19.07.2012, 22:03
| #5 |
| | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hallo Daniel, vielen Dank für deine Hilfe. Ich habe jetzt Java aktualisiert. Zu der Frage über das Problem. Mein PC ist langsam und laut... und was mir noch aufgefallen ist, ist das als ich den Ordner mit meinen Bilder öffnen wollte waren alle Bilder erst mal weg und kamen nach einander wieder. Anbei die Logfile. Es wurden 6 Threats gefunden, eine davon hatte im Namen trojan... Danke im Voraus für die Antwort. Viele Grüße Ella |
|
20.07.2012, 10:20
| #6 |
| /// Selecta Jahrusso | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? |
|
20.07.2012, 10:46
| #7 |
| | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hallo Daniel, vielen DANK für die Mühe!  Also ich habe das jetzt herunter geladen und das kam dabei raus (konnte es nicht als txt Datei speichern es hat mich nicht danach gefragt und ich habe leider nicht herausfinden können wo ich das machen könnte, sorry): 11:31:21.0818 7156 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 11:31:23.0846 7156 ============================================================ 11:31:23.0846 7156 Current date / time: 2012/07/20 11:31:23.0846 11:31:23.0846 7156 SystemInfo: 11:31:23.0846 7156 11:31:23.0846 7156 OS Version: 6.1.7601 ServicePack: 1.0 11:31:23.0846 7156 Product type: Workstation 11:31:23.0846 7156 ComputerName: ELLA-PC 11:31:23.0846 7156 UserName: Ella 11:31:23.0846 7156 Windows directory: C:\Windows 11:31:23.0846 7156 System windows directory: C:\Windows 11:31:23.0846 7156 Running under WOW64 11:31:23.0846 7156 Processor architecture: Intel x64 11:31:23.0846 7156 Number of processors: 2 11:31:23.0846 7156 Page size: 0x1000 11:31:23.0846 7156 Boot type: Normal boot 11:31:23.0846 7156 ============================================================ 11:31:24.0595 7156 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:31:24.0595 7156 Drive \Device\Harddisk1\DR1 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:31:28.0323 7156 Drive \Device\Harddisk2\DR2 - Size: 0x3BB000000 (14.92 Gb), SectorSize: 0x200, Cylinders: 0x79B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:31:28.0323 7156 Drive \Device\Harddisk3\DR3 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 11:31:28.0705 7156 ============================================================ 11:31:28.0705 7156 \Device\Harddisk0\DR0: 11:31:28.0745 7156 MBR partitions: 11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000 11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197800 11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322E000, BlocksNum 0x1E00000 11:31:28.0745 7156 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502E000, BlocksNum 0x3FD800 11:31:28.0745 7156 \Device\Harddisk1\DR1: 11:31:28.0745 7156 MBR partitions: 11:31:28.0745 7156 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800 11:31:28.0745 7156 \Device\Harddisk2\DR2: 11:31:28.0745 7156 MBR partitions: 11:31:28.0745 7156 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DD6080 11:31:28.0745 7156 \Device\Harddisk3\DR3: 11:31:28.0745 7156 MBR partitions: 11:31:28.0745 7156 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682 11:31:28.0745 7156 ============================================================ 11:31:28.0775 7156 C: <-> \Device\Harddisk0\DR0\Partition1 11:31:28.0835 7156 D: <-> \Device\Harddisk0\DR0\Partition2 11:31:28.0845 7156 E: <-> \Device\Harddisk0\DR0\Partition3 11:31:28.0855 7156 I: <-> \Device\Harddisk3\DR3\Partition0 11:31:28.0915 7156 K: <-> \Device\Harddisk1\DR1\Partition0 11:31:28.0915 7156 ============================================================ 11:31:28.0915 7156 Initialize success 11:31:28.0915 7156 ============================================================ 11:32:28.0747 1828 ============================================================ 11:32:28.0747 1828 Scan started 11:32:28.0747 1828 Mode: Manual; 11:32:28.0747 1828 ============================================================ 11:32:30.0650 1828 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:32:30.0650 1828 1394ohci - ok 11:32:30.0713 1828 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys 11:32:30.0713 1828 Accelerometer - ok 11:32:30.0806 1828 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:32:30.0806 1828 ACPI - ok 11:32:30.0822 1828 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:32:30.0822 1828 AcpiPmi - ok 11:32:30.0916 1828 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys 11:32:30.0931 1828 ADIHdAudAddService - ok 11:32:31.0056 1828 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:32:31.0056 1828 AdobeARMservice - ok 11:32:31.0150 1828 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:32:31.0165 1828 adp94xx - ok 11:32:31.0228 1828 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:32:31.0243 1828 adpahci - ok 11:32:31.0274 1828 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:32:31.0274 1828 adpu320 - ok 11:32:31.0306 1828 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE 11:32:31.0321 1828 AEADIFilters - ok 11:32:31.0337 1828 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:32:31.0337 1828 AeLookupSvc - ok 11:32:31.0446 1828 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:32:31.0446 1828 AFD - ok 11:32:31.0571 1828 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys 11:32:31.0586 1828 AgereSoftModem - ok 11:32:31.0649 1828 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:32:31.0664 1828 agp440 - ok 11:32:31.0680 1828 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:32:31.0680 1828 ALG - ok 11:32:31.0711 1828 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:32:31.0711 1828 aliide - ok 11:32:31.0774 1828 AMD External Events Utility (b77ad31137f1d997dd97e2ed426b42ea) C:\Windows\system32\atiesrxx.exe 11:32:31.0774 1828 AMD External Events Utility - ok 11:32:31.0820 1828 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:32:31.0820 1828 amdide - ok 11:32:31.0867 1828 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:32:31.0867 1828 AmdK8 - ok 11:32:31.0883 1828 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:32:31.0898 1828 AmdPPM - ok 11:32:31.0961 1828 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:32:31.0961 1828 amdsata - ok 11:32:31.0992 1828 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:32:32.0008 1828 amdsbs - ok 11:32:32.0023 1828 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:32:32.0023 1828 amdxata - ok 11:32:32.0086 1828 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:32:32.0086 1828 AppID - ok 11:32:32.0117 1828 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:32:32.0117 1828 AppIDSvc - ok 11:32:32.0164 1828 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:32:32.0179 1828 Appinfo - ok 11:32:32.0320 1828 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:32:32.0320 1828 Apple Mobile Device - ok 11:32:32.0382 1828 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 11:32:32.0382 1828 AppMgmt - ok 11:32:32.0413 1828 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:32:32.0413 1828 arc - ok 11:32:32.0444 1828 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:32:32.0444 1828 arcsas - ok 11:32:32.0476 1828 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys 11:32:32.0476 1828 aswFsBlk - ok 11:32:32.0507 1828 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys 11:32:32.0507 1828 aswMonFlt - ok 11:32:32.0569 1828 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys 11:32:32.0569 1828 aswRdr - ok 11:32:32.0710 1828 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys 11:32:32.0725 1828 aswSnx - ok 11:32:32.0772 1828 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys 11:32:32.0788 1828 aswSP - ok 11:32:32.0803 1828 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys 11:32:32.0803 1828 aswTdi - ok 11:32:32.0819 1828 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:32:32.0819 1828 AsyncMac - ok 11:32:32.0881 1828 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:32:32.0881 1828 atapi - ok 11:32:32.0928 1828 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys 11:32:32.0944 1828 AtiHdmiService - ok 11:32:33.0536 1828 atikmdag (c7c8a63a356d34823aae5a226c1048f1) C:\Windows\system32\DRIVERS\atikmdag.sys 11:32:33.0630 1828 atikmdag - ok 11:32:33.0833 1828 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:32:33.0848 1828 AudioEndpointBuilder - ok 11:32:33.0864 1828 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:32:33.0864 1828 AudioSrv - ok 11:32:33.0958 1828 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 11:32:33.0958 1828 avast! Antivirus - ok 11:32:34.0020 1828 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:32:34.0036 1828 AxInstSV - ok 11:32:34.0145 1828 B-Service (c3edb060c0427607eb9344ec861585ff) C:\Users\Ella\AppData\Roaming\Mikogo\B-Service.exe 11:32:34.0145 1828 B-Service - ok 11:32:34.0254 1828 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:32:34.0254 1828 b06bdrv - ok 11:32:34.0301 1828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:32:34.0316 1828 b57nd60a - ok 11:32:34.0348 1828 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:32:34.0363 1828 BDESVC - ok 11:32:34.0379 1828 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:32:34.0379 1828 Beep - ok 11:32:34.0504 1828 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:32:34.0504 1828 BFE - ok 11:32:34.0597 1828 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 11:32:34.0613 1828 BITS - ok 11:32:34.0675 1828 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:32:34.0675 1828 blbdrive - ok 11:32:34.0800 1828 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:32:34.0800 1828 Bonjour Service - ok 11:32:34.0862 1828 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:32:34.0862 1828 bowser - ok 11:32:34.0878 1828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:32:34.0878 1828 BrFiltLo - ok 11:32:34.0894 1828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:32:34.0894 1828 BrFiltUp - ok 11:32:34.0956 1828 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:32:34.0956 1828 Browser - ok 11:32:35.0003 1828 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:32:35.0018 1828 Brserid - ok 11:32:35.0034 1828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:32:35.0034 1828 BrSerWdm - ok 11:32:35.0050 1828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:32:35.0065 1828 BrUsbMdm - ok 11:32:35.0065 1828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:32:35.0065 1828 BrUsbSer - ok 11:32:35.0128 1828 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 11:32:35.0128 1828 BthEnum - ok 11:32:35.0174 1828 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:32:35.0174 1828 BTHMODEM - ok 11:32:35.0221 1828 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 11:32:35.0221 1828 BthPan - ok 11:32:35.0346 1828 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 11:32:35.0362 1828 BTHPORT - ok 11:32:35.0408 1828 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:32:35.0408 1828 bthserv - ok 11:32:35.0440 1828 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 11:32:35.0440 1828 BTHUSB - ok 11:32:35.0518 1828 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 11:32:35.0518 1828 btwaudio - ok 11:32:35.0549 1828 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys 11:32:35.0549 1828 btwavdt - ok 11:32:35.0669 1828 btwdins (17da11c703b8e86ac3df8f796a118aef) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 11:32:35.0679 1828 btwdins - ok 11:32:35.0699 1828 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 11:32:35.0709 1828 btwl2cap - ok 11:32:35.0709 1828 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 11:32:35.0709 1828 btwrchid - ok 11:32:35.0749 1828 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:32:35.0749 1828 cdfs - ok 11:32:35.0819 1828 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 11:32:35.0819 1828 cdrom - ok 11:32:35.0889 1828 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:32:35.0889 1828 CertPropSvc - ok 11:32:35.0919 1828 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:32:35.0929 1828 circlass - ok 11:32:35.0969 1828 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:32:35.0979 1828 CLFS - ok 11:32:36.0039 1828 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:32:36.0049 1828 clr_optimization_v2.0.50727_32 - ok 11:32:36.0099 1828 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:32:36.0099 1828 clr_optimization_v2.0.50727_64 - ok 11:32:36.0179 1828 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:32:36.0209 1828 clr_optimization_v4.0.30319_32 - ok 11:32:36.0259 1828 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:32:36.0259 1828 clr_optimization_v4.0.30319_64 - ok 11:32:36.0299 1828 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:32:36.0299 1828 CmBatt - ok 11:32:36.0349 1828 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:32:36.0349 1828 cmdide - ok 11:32:36.0439 1828 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 11:32:36.0449 1828 CNG - ok 11:32:36.0489 1828 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:32:36.0499 1828 Compbatt - ok 11:32:36.0559 1828 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:32:36.0559 1828 CompositeBus - ok 11:32:36.0569 1828 COMSysApp - ok 11:32:36.0589 1828 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:32:36.0589 1828 crcdisk - ok 11:32:36.0659 1828 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 11:32:36.0669 1828 CryptSvc - ok 11:32:36.0759 1828 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 11:32:36.0769 1828 CSC - ok 11:32:36.0850 1828 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 11:32:36.0860 1828 CscService - ok 11:32:36.0900 1828 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:32:36.0910 1828 DcomLaunch - ok 11:32:36.0960 1828 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:32:36.0960 1828 defragsvc - ok 11:32:37.0050 1828 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:32:37.0060 1828 DfsC - ok 11:32:37.0110 1828 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:32:37.0120 1828 Dhcp - ok 11:32:37.0150 1828 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:32:37.0150 1828 discache - ok 11:32:37.0190 1828 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:32:37.0190 1828 Disk - ok 11:32:37.0250 1828 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 11:32:37.0260 1828 Dnscache - ok 11:32:37.0310 1828 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:32:37.0310 1828 dot3svc - ok 11:32:37.0380 1828 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:32:37.0380 1828 DPS - ok 11:32:37.0420 1828 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:32:37.0420 1828 drmkaud - ok 11:32:37.0550 1828 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:32:37.0570 1828 DXGKrnl - ok 11:32:37.0600 1828 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:32:37.0600 1828 EapHost - ok 11:32:37.0870 1828 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:32:37.0920 1828 ebdrv - ok 11:32:38.0070 1828 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 11:32:38.0080 1828 EFS - ok 11:32:38.0170 1828 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:32:38.0180 1828 ehRecvr - ok 11:32:38.0220 1828 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:32:38.0220 1828 ehSched - ok 11:32:38.0320 1828 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys 11:32:38.0320 1828 ElbyCDIO - ok 11:32:38.0390 1828 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:32:38.0400 1828 elxstor - ok 11:32:38.0450 1828 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:32:38.0450 1828 ErrDev - ok 11:32:38.0540 1828 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:32:38.0550 1828 EventSystem - ok 11:32:38.0580 1828 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:32:38.0590 1828 exfat - ok 11:32:38.0620 1828 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:32:38.0620 1828 fastfat - ok 11:32:38.0730 1828 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:32:38.0740 1828 Fax - ok 11:32:38.0760 1828 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:32:38.0760 1828 fdc - ok 11:32:38.0780 1828 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:32:38.0790 1828 fdPHost - ok 11:32:38.0810 1828 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:32:38.0810 1828 FDResPub - ok 11:32:38.0820 1828 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:32:38.0830 1828 FileInfo - ok 11:32:38.0860 1828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:32:38.0860 1828 Filetrace - ok 11:32:38.0980 1828 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 11:32:38.0990 1828 FLEXnet Licensing Service - ok 11:32:39.0020 1828 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:32:39.0020 1828 flpydisk - ok 11:32:39.0060 1828 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:32:39.0070 1828 FltMgr - ok 11:32:39.0190 1828 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:32:39.0200 1828 FontCache - ok 11:32:39.0290 1828 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:32:39.0290 1828 FontCache3.0.0.0 - ok 11:32:39.0340 1828 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:32:39.0340 1828 FsDepends - ok 11:32:39.0387 1828 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 11:32:39.0387 1828 Fs_Rec - ok 11:32:39.0478 1828 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:32:39.0478 1828 fvevol - ok 11:32:39.0508 1828 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:32:39.0518 1828 gagp30kx - ok 11:32:39.0548 1828 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:32:39.0548 1828 GEARAspiWDM - ok 11:32:39.0648 1828 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:32:39.0658 1828 gpsvc - ok 11:32:39.0848 1828 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:32:39.0848 1828 gupdate - ok 11:32:39.0878 1828 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:32:39.0878 1828 gupdatem - ok 11:32:39.0938 1828 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 11:32:39.0938 1828 gusvc - ok 11:32:39.0968 1828 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:32:39.0978 1828 hcw85cir - ok 11:32:40.0048 1828 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 11:32:40.0058 1828 HdAudAddService - ok 11:32:40.0088 1828 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 11:32:40.0088 1828 HDAudBus - ok 11:32:40.0108 1828 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:32:40.0118 1828 HidBatt - ok 11:32:40.0138 1828 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:32:40.0138 1828 HidBth - ok 11:32:40.0158 1828 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:32:40.0158 1828 HidIr - ok 11:32:40.0188 1828 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 11:32:40.0188 1828 hidserv - ok 11:32:40.0248 1828 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 11:32:40.0248 1828 HidUsb - ok 11:32:40.0308 1828 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:32:40.0308 1828 hkmsvc - ok 11:32:40.0378 1828 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:32:40.0388 1828 HomeGroupListener - ok 11:32:40.0448 1828 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:32:40.0458 1828 HomeGroupProvider - ok 11:32:40.0508 1828 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys 11:32:40.0508 1828 hpdskflt - ok 11:32:40.0618 1828 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 11:32:40.0618 1828 hpqwmiex - ok 11:32:40.0688 1828 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:32:40.0688 1828 HpSAMD - ok 11:32:40.0738 1828 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe 11:32:40.0738 1828 hpsrv - ok 11:32:40.0818 1828 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:32:40.0828 1828 HTTP - ok 11:32:40.0878 1828 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:32:40.0878 1828 hwpolicy - ok 11:32:40.0938 1828 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 11:32:40.0938 1828 i8042prt - ok 11:32:41.0008 1828 IAANTMON (0d2d28a3f60fb0b69812d6861bcbfebd) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 11:32:41.0018 1828 IAANTMON - ok 11:32:41.0058 1828 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 11:32:41.0068 1828 iaStor - ok 11:32:41.0158 1828 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:32:41.0168 1828 iaStorV - ok 11:32:41.0338 1828 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:32:41.0348 1828 idsvc - ok 11:32:41.0398 1828 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:32:41.0408 1828 iirsp - ok 11:32:41.0543 1828 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:32:41.0559 1828 IKEEXT - ok 11:32:41.0575 1828 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:32:41.0575 1828 intelide - ok 11:32:41.0600 1828 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:32:41.0600 1828 intelppm - ok 11:32:41.0640 1828 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:32:41.0640 1828 IPBusEnum - ok 11:32:41.0700 1828 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:32:41.0700 1828 IpFilterDriver - ok 11:32:41.0770 1828 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 11:32:41.0780 1828 iphlpsvc - ok 11:32:41.0840 1828 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:32:41.0840 1828 IPMIDRV - ok 11:32:41.0860 1828 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:32:41.0860 1828 IPNAT - ok 11:32:42.0050 1828 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 11:32:42.0070 1828 iPod Service - ok 11:32:42.0090 1828 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:32:42.0090 1828 IRENUM - ok 11:32:42.0140 1828 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:32:42.0140 1828 isapnp - ok 11:32:42.0180 1828 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:32:42.0190 1828 iScsiPrt - ok 11:32:42.0220 1828 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 11:32:42.0220 1828 kbdclass - ok 11:32:42.0250 1828 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 11:32:42.0270 1828 kbdhid - ok 11:32:42.0310 1828 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:32:42.0320 1828 KeyIso - ok 11:32:42.0370 1828 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 11:32:42.0380 1828 KSecDD - ok 11:32:42.0430 1828 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 11:32:42.0440 1828 KSecPkg - ok 11:32:42.0460 1828 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:32:42.0460 1828 ksthunk - ok 11:32:42.0520 1828 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:32:42.0530 1828 KtmRm - ok 11:32:42.0610 1828 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 11:32:42.0610 1828 LanmanServer - ok 11:32:42.0670 1828 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:32:42.0680 1828 LanmanWorkstation - ok 11:32:42.0720 1828 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:32:42.0720 1828 lltdio - ok 11:32:42.0780 1828 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:32:42.0780 1828 lltdsvc - ok 11:32:42.0800 1828 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:32:42.0810 1828 lmhosts - ok 11:32:42.0860 1828 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:32:42.0860 1828 LSI_FC - ok 11:32:42.0870 1828 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:32:42.0880 1828 LSI_SAS - ok 11:32:42.0900 1828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:32:42.0900 1828 LSI_SAS2 - ok 11:32:42.0930 1828 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:32:42.0940 1828 LSI_SCSI - ok 11:32:42.0970 1828 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:32:42.0980 1828 luafv - ok 11:32:43.0020 1828 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 11:32:43.0020 1828 MBAMProtector - ok 11:32:43.0140 1828 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 11:32:43.0150 1828 MBAMService - ok 11:32:43.0200 1828 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:32:43.0210 1828 Mcx2Svc - ok 11:32:43.0270 1828 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:32:43.0270 1828 megasas - ok 11:32:43.0330 1828 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:32:43.0330 1828 MegaSR - ok 11:32:43.0410 1828 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 11:32:43.0410 1828 Microsoft Office Groove Audit Service - ok 11:32:43.0450 1828 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:32:43.0460 1828 MMCSS - ok 11:32:43.0480 1828 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:32:43.0480 1828 Modem - ok 11:32:43.0500 1828 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:32:43.0510 1828 monitor - ok 11:32:43.0560 1828 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 11:32:43.0560 1828 mouclass - ok 11:32:43.0580 1828 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:32:43.0580 1828 mouhid - ok 11:32:43.0650 1828 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:32:43.0650 1828 mountmgr - ok 11:32:43.0707 1828 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:32:43.0723 1828 mpio - ok 11:32:43.0738 1828 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:32:43.0738 1828 mpsdrv - ok 11:32:43.0863 1828 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:32:43.0879 1828 MpsSvc - ok 11:32:43.0941 1828 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:32:43.0941 1828 MRxDAV - ok 11:32:44.0003 1828 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:32:44.0003 1828 mrxsmb - ok 11:32:44.0081 1828 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:32:44.0081 1828 mrxsmb10 - ok 11:32:44.0113 1828 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:32:44.0113 1828 mrxsmb20 - ok 11:32:44.0175 1828 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:32:44.0175 1828 msahci - ok 11:32:44.0206 1828 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:32:44.0206 1828 msdsm - ok 11:32:44.0253 1828 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:32:44.0253 1828 MSDTC - ok 11:32:44.0284 1828 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:32:44.0300 1828 Msfs - ok 11:32:44.0315 1828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:32:44.0315 1828 mshidkmdf - ok 11:32:44.0361 1828 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:32:44.0361 1828 msisadrv - ok 11:32:44.0411 1828 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:32:44.0411 1828 MSiSCSI - ok 11:32:44.0421 1828 msiserver - ok 11:32:44.0471 1828 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:32:44.0471 1828 MSKSSRV - ok 11:32:44.0481 1828 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:32:44.0491 1828 MSPCLOCK - ok 11:32:44.0491 1828 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:32:44.0491 1828 MSPQM - ok 11:32:44.0561 1828 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:32:44.0571 1828 MsRPC - ok 11:32:44.0591 1828 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:32:44.0591 1828 mssmbios - ok 11:32:44.0601 1828 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:32:44.0601 1828 MSTEE - ok 11:32:44.0621 1828 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:32:44.0621 1828 MTConfig - ok 11:32:44.0631 1828 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:32:44.0641 1828 Mup - ok 11:32:44.0701 1828 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:32:44.0711 1828 napagent - ok 11:32:44.0751 1828 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:32:44.0761 1828 NativeWifiP - ok 11:32:44.0821 1828 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:32:44.0831 1828 NDIS - ok 11:32:44.0851 1828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:32:44.0851 1828 NdisCap - ok 11:32:44.0871 1828 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:32:44.0881 1828 NdisTapi - ok 11:32:44.0931 1828 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:32:44.0931 1828 Ndisuio - ok 11:32:44.0991 1828 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:32:45.0001 1828 NdisWan - ok 11:32:45.0051 1828 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:32:45.0061 1828 NDProxy - ok 11:32:45.0091 1828 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys 11:32:45.0091 1828 Netaapl - ok 11:32:45.0131 1828 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:32:45.0131 1828 NetBIOS - ok 11:32:45.0201 1828 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:32:45.0201 1828 NetBT - ok 11:32:45.0261 1828 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:32:45.0271 1828 Netlogon - ok 11:32:45.0351 1828 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:32:45.0361 1828 Netman - ok 11:32:45.0411 1828 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:32:45.0421 1828 netprofm - ok 11:32:45.0511 1828 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:32:45.0511 1828 NetTcpPortSharing - ok 11:32:46.0191 1828 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys 11:32:46.0301 1828 NETw5s64 - ok 11:32:46.0455 1828 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:32:46.0455 1828 nfrd960 - ok 11:32:46.0564 1828 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:32:46.0564 1828 NlaSvc - ok 11:32:46.0579 1828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:32:46.0579 1828 Npfs - ok 11:32:46.0611 1828 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:32:46.0611 1828 nsi - ok 11:32:46.0626 1828 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:32:46.0626 1828 nsiproxy - ok 11:32:46.0751 1828 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:32:46.0767 1828 Ntfs - ok 11:32:46.0829 1828 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:32:46.0845 1828 Null - ok 11:32:46.0907 1828 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:32:46.0907 1828 nvraid - ok 11:32:46.0938 1828 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:32:46.0954 1828 nvstor - ok 11:32:46.0969 1828 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:32:46.0969 1828 nv_agp - ok 11:32:47.0110 1828 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:32:47.0110 1828 odserv - ok 11:32:47.0172 1828 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:32:47.0172 1828 ohci1394 - ok 11:32:47.0203 1828 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:32:47.0203 1828 ose - ok 11:32:47.0281 1828 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:32:47.0281 1828 p2pimsvc - ok 11:32:47.0359 1828 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:32:47.0375 1828 p2psvc - ok 11:32:47.0391 1828 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:32:47.0406 1828 Parport - ok 11:32:47.0453 1828 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 11:32:47.0453 1828 partmgr - ok 11:32:47.0484 1828 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:32:47.0484 1828 PcaSvc - ok 11:32:47.0547 1828 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:32:47.0562 1828 pci - ok 11:32:47.0578 1828 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:32:47.0578 1828 pciide - ok 11:32:47.0625 1828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:32:47.0625 1828 pcmcia - ok 11:32:47.0640 1828 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:32:47.0656 1828 pcw - ok 11:32:47.0734 1828 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:32:47.0749 1828 PEAUTH - ok 11:32:47.0843 1828 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 11:32:47.0874 1828 PeerDistSvc - ok 11:32:47.0968 1828 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:32:47.0968 1828 PerfHost - ok 11:32:48.0249 1828 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:32:48.0280 1828 pla - ok 11:32:48.0358 1828 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 11:32:48.0373 1828 PlugPlay - ok 11:32:48.0405 1828 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:32:48.0405 1828 PNRPAutoReg - ok 11:32:48.0451 1828 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:32:48.0451 1828 PNRPsvc - ok 11:32:48.0545 1828 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys 11:32:48.0545 1828 Point64 - ok 11:32:48.0592 1828 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:32:48.0592 1828 PolicyAgent - ok 11:32:48.0639 1828 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:32:48.0654 1828 Power - ok 11:32:48.0717 1828 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:32:48.0732 1828 PptpMiniport - ok 11:32:48.0763 1828 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:32:48.0763 1828 Processor - ok 11:32:48.0826 1828 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 11:32:48.0826 1828 ProfSvc - ok 11:32:48.0873 1828 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:32:48.0888 1828 ProtectedStorage - ok 11:32:48.0951 1828 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:32:48.0951 1828 Psched - ok 11:32:49.0107 1828 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:32:49.0122 1828 ql2300 - ok 11:32:49.0278 1828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:32:49.0278 1828 ql40xx - ok 11:32:49.0341 1828 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:32:49.0341 1828 QWAVE - ok 11:32:49.0372 1828 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:32:49.0372 1828 QWAVEdrv - ok 11:32:49.0387 1828 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:32:49.0387 1828 RasAcd - ok 11:32:49.0434 1828 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:32:49.0434 1828 RasAgileVpn - ok 11:32:49.0465 1828 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:32:49.0465 1828 RasAuto - ok 11:32:49.0528 1828 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:32:49.0528 1828 Rasl2tp - ok 11:32:49.0606 1828 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:32:49.0621 1828 RasMan - ok 11:32:49.0637 1828 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:32:49.0637 1828 RasPppoe - ok 11:32:49.0668 1828 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:32:49.0668 1828 RasSstp - ok 11:32:49.0715 1828 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:32:49.0715 1828 rdbss - ok 11:32:49.0731 1828 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:32:49.0746 1828 rdpbus - ok 11:32:49.0746 1828 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:32:49.0746 1828 RDPCDD - ok 11:32:49.0824 1828 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 11:32:49.0824 1828 RDPDR - ok 11:32:49.0840 1828 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:32:49.0840 1828 RDPENCDD - ok 11:32:49.0855 1828 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:32:49.0871 1828 RDPREFMP - ok 11:32:49.0933 1828 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 11:32:49.0933 1828 RDPWD - ok 11:32:50.0011 1828 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:32:50.0011 1828 rdyboost - ok 11:32:50.0043 1828 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:32:50.0043 1828 RemoteAccess - ok 11:32:50.0089 1828 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:32:50.0089 1828 RemoteRegistry - ok 11:32:50.0136 1828 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 11:32:50.0136 1828 RFCOMM - ok 11:32:50.0167 1828 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:32:50.0167 1828 RpcEptMapper - ok 11:32:50.0199 1828 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:32:50.0199 1828 RpcLocator - ok 11:32:50.0292 1828 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:32:50.0308 1828 RpcSs - ok 11:32:50.0339 1828 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:32:50.0339 1828 rspndr - ok 11:32:50.0396 1828 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 11:32:50.0396 1828 s3cap - ok 11:32:50.0446 1828 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:32:50.0456 1828 SamSs - ok 11:32:50.0476 1828 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:32:50.0476 1828 sbp2port - ok 11:32:50.0506 1828 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:32:50.0516 1828 SCardSvr - ok 11:32:50.0566 1828 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:32:50.0566 1828 scfilter - ok 11:32:50.0696 1828 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:32:50.0716 1828 Schedule - ok 11:32:50.0766 1828 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:32:50.0776 1828 SCPolicySvc - ok 11:32:50.0826 1828 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:32:50.0836 1828 SDRSVC - ok 11:32:50.0906 1828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:32:50.0916 1828 secdrv - ok 11:32:50.0966 1828 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:32:50.0966 1828 seclogon - ok 11:32:51.0006 1828 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 11:32:51.0016 1828 SENS - ok 11:32:51.0026 1828 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:32:51.0036 1828 SensrSvc - ok 11:32:51.0056 1828 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:32:51.0056 1828 Serenum - ok 11:32:51.0076 1828 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:32:51.0076 1828 Serial - ok 11:32:51.0126 1828 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:32:51.0126 1828 sermouse - ok 11:32:51.0196 1828 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:32:51.0196 1828 SessionEnv - ok 11:32:51.0246 1828 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:32:51.0246 1828 sffdisk - ok 11:32:51.0276 1828 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:32:51.0276 1828 sffp_mmc - ok 11:32:51.0296 1828 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:32:51.0306 1828 sffp_sd - ok 11:32:51.0336 1828 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:32:51.0336 1828 sfloppy - ok 11:32:51.0396 1828 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:32:51.0406 1828 SharedAccess - ok 11:32:51.0486 1828 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:32:51.0496 1828 ShellHWDetection - ok 11:32:51.0526 1828 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:32:51.0526 1828 SiSRaid2 - ok 11:32:51.0556 1828 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:32:51.0556 1828 SiSRaid4 - ok 11:32:51.0996 1828 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 11:32:52.0036 1828 Skype C2C Service - ok 11:32:52.0146 1828 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe 11:32:52.0156 1828 SkypeUpdate - ok 11:32:52.0296 1828 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:32:52.0296 1828 Smb - ok 11:32:52.0326 1828 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:32:52.0336 1828 SNMPTRAP - ok 11:32:52.0346 1828 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:32:52.0356 1828 spldr - ok 11:32:52.0446 1828 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:32:52.0456 1828 Spooler - ok 11:32:52.0830 1828 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:32:52.0877 1828 sppsvc - ok 11:32:53.0002 1828 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:32:53.0017 1828 sppuinotify - ok 11:32:53.0127 1828 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:32:53.0142 1828 srv - ok 11:32:53.0189 1828 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:32:53.0189 1828 srv2 - ok 11:32:53.0220 1828 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:32:53.0236 1828 srvnet - ok 11:32:53.0286 1828 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:32:53.0296 1828 SSDPSRV - ok 11:32:53.0326 1828 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:32:53.0336 1828 SstpSvc - ok 11:32:53.0356 1828 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:32:53.0366 1828 stexstor - ok 11:32:53.0466 1828 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:32:53.0476 1828 stisvc - ok 11:32:53.0526 1828 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 11:32:53.0536 1828 storflt - ok 11:32:53.0566 1828 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 11:32:53.0576 1828 StorSvc - ok 11:32:53.0596 1828 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 11:32:53.0596 1828 storvsc - ok 11:32:53.0636 1828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:32:53.0636 1828 swenum - ok 11:32:53.0696 1828 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:32:53.0706 1828 swprv - ok 11:32:53.0906 1828 SynTP (d268d2a0db2a2bbe963e688d0b039267) C:\Windows\system32\DRIVERS\SynTP.sys 11:32:53.0936 1828 SynTP - ok 11:32:54.0236 1828 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:32:54.0266 1828 SysMain - ok 11:32:54.0406 1828 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:32:54.0406 1828 TabletInputService - ok 11:32:54.0456 1828 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:32:54.0466 1828 TapiSrv - ok 11:32:54.0496 1828 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:32:54.0506 1828 TBS - ok 11:32:54.0746 1828 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 11:32:54.0766 1828 Tcpip - ok 11:32:55.0116 1828 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 11:32:55.0126 1828 TCPIP6 - ok 11:32:55.0256 1828 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:32:55.0256 1828 tcpipreg - ok 11:32:55.0303 1828 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:32:55.0303 1828 TDPIPE - ok 11:32:55.0349 1828 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 11:32:55.0349 1828 TDTCP - ok 11:32:55.0412 1828 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:32:55.0427 1828 tdx - ok 11:32:55.0771 1828 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 11:32:55.0802 1828 TeamViewer7 - ok 11:32:55.0973 1828 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:32:55.0973 1828 TermDD - ok 11:32:56.0083 1828 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:32:56.0098 1828 TermService - ok 11:32:56.0129 1828 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:32:56.0129 1828 Themes - ok 11:32:56.0176 1828 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:32:56.0176 1828 THREADORDER - ok 11:32:56.0223 1828 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:32:56.0223 1828 TrkWks - ok 11:32:56.0301 1828 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:32:56.0301 1828 TrustedInstaller - ok 11:32:56.0348 1828 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:32:56.0363 1828 tssecsrv - ok 11:32:56.0395 1828 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:32:56.0395 1828 TsUsbFlt - ok 11:32:56.0457 1828 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:32:56.0473 1828 tunnel - ok 11:32:56.0504 1828 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:32:56.0504 1828 uagp35 - ok 11:32:56.0582 1828 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:32:56.0582 1828 udfs - ok 11:32:56.0613 1828 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:32:56.0629 1828 UI0Detect - ok 11:32:56.0707 1828 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:32:56.0707 1828 uliagpkx - ok 11:32:56.0769 1828 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 11:32:56.0769 1828 umbus - ok 11:32:56.0785 1828 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:32:56.0785 1828 UmPass - ok 11:32:56.0909 1828 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 11:32:56.0925 1828 UmRdpService - ok 11:32:56.0972 1828 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:32:56.0987 1828 upnphost - ok 11:32:57.0034 1828 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 11:32:57.0034 1828 USBAAPL64 - ok 11:32:57.0097 1828 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 11:32:57.0097 1828 usbccgp - ok 11:32:57.0159 1828 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:32:57.0159 1828 usbcir - ok 11:32:57.0206 1828 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 11:32:57.0221 1828 usbehci - ok 11:32:57.0284 1828 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:32:57.0284 1828 usbhub - ok 11:32:57.0299 1828 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 11:32:57.0315 1828 usbohci - ok 11:32:57.0331 1828 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:32:57.0331 1828 usbprint - ok 11:32:57.0362 1828 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:32:57.0362 1828 USBSTOR - ok 11:32:57.0377 1828 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 11:32:57.0377 1828 usbuhci - ok 11:32:57.0424 1828 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 11:32:57.0424 1828 usbvideo - ok 11:32:57.0455 1828 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:32:57.0471 1828 UxSms - ok 11:32:57.0518 1828 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:32:57.0518 1828 VaultSvc - ok 11:32:57.0580 1828 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys 11:32:57.0580 1828 VClone - ok 11:32:57.0611 1828 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:32:57.0611 1828 vdrvroot - ok 11:32:57.0674 1828 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:32:57.0689 1828 vds - ok 11:32:57.0705 1828 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:32:57.0705 1828 vga - ok 11:32:57.0721 1828 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:32:57.0721 1828 VgaSave - ok 11:32:57.0793 1828 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:32:57.0803 1828 vhdmp - ok 11:32:57.0843 1828 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:32:57.0843 1828 viaide - ok 11:32:57.0913 1828 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 11:32:57.0923 1828 vmbus - ok 11:32:57.0943 1828 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 11:32:57.0943 1828 VMBusHID - ok 11:32:57.0973 1828 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:32:57.0973 1828 volmgr - ok 11:32:58.0053 1828 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:32:58.0063 1828 volmgrx - ok 11:32:58.0093 1828 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:32:58.0093 1828 volsnap - ok 11:32:58.0143 1828 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:32:58.0153 1828 vsmraid - ok 11:32:58.0343 1828 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:32:58.0373 1828 VSS - ok 11:32:58.0513 1828 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 11:32:58.0513 1828 vwifibus - ok 11:32:58.0543 1828 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:32:58.0543 1828 vwififlt - ok 11:32:58.0563 1828 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 11:32:58.0573 1828 vwifimp - ok 11:32:58.0623 1828 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:32:58.0643 1828 W32Time - ok 11:32:58.0663 1828 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:32:58.0673 1828 WacomPen - ok 11:32:58.0743 1828 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:32:58.0743 1828 WANARP - ok 11:32:58.0763 1828 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:32:58.0763 1828 Wanarpv6 - ok 11:32:58.0953 1828 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:32:58.0983 1828 wbengine - ok 11:32:59.0103 1828 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:32:59.0113 1828 WbioSrvc - ok 11:32:59.0193 1828 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:32:59.0203 1828 wcncsvc - ok 11:32:59.0223 1828 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:32:59.0223 1828 WcsPlugInService - ok 11:32:59.0283 1828 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:32:59.0283 1828 Wd - ok 11:32:59.0413 1828 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:32:59.0423 1828 Wdf01000 - ok 11:32:59.0463 1828 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:32:59.0473 1828 WdiServiceHost - ok 11:32:59.0483 1828 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:32:59.0483 1828 WdiSystemHost - ok 11:32:59.0553 1828 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:32:59.0563 1828 WebClient - ok 11:32:59.0603 1828 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:32:59.0613 1828 Wecsvc - ok 11:32:59.0643 1828 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:32:59.0643 1828 wercplsupport - ok 11:32:59.0683 1828 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:32:59.0693 1828 WerSvc - ok 11:32:59.0723 1828 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:32:59.0723 1828 WfpLwf - ok 11:32:59.0743 1828 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:32:59.0743 1828 WIMMount - ok 11:32:59.0773 1828 WinDefend - ok 11:32:59.0783 1828 WinHttpAutoProxySvc - ok 11:32:59.0844 1828 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:32:59.0844 1828 Winmgmt - ok 11:33:00.0109 1828 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:33:00.0141 1828 WinRM - ok 11:33:00.0343 1828 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 11:33:00.0343 1828 WinUsb - ok 11:33:00.0453 1828 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:33:00.0468 1828 Wlansvc - ok 11:33:00.0499 1828 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:33:00.0499 1828 WmiAcpi - ok 11:33:00.0562 1828 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:33:00.0562 1828 wmiApSrv - ok 11:33:00.0609 1828 WMPNetworkSvc - ok 11:33:00.0624 1828 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:33:00.0640 1828 WPCSvc - ok 11:33:00.0702 1828 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:33:00.0718 1828 WPDBusEnum - ok 11:33:00.0733 1828 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:33:00.0733 1828 ws2ifsl - ok 11:33:00.0749 1828 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 11:33:00.0765 1828 wscsvc - ok 11:33:00.0765 1828 WSearch - ok 11:33:01.0061 1828 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 11:33:01.0092 1828 wuauserv - ok 11:33:01.0279 1828 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:33:01.0279 1828 WudfPf - ok 11:33:01.0326 1828 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:33:01.0326 1828 WUDFRd - ok 11:33:01.0373 1828 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:33:01.0389 1828 wudfsvc - ok 11:33:01.0435 1828 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:33:01.0435 1828 WwanSvc - ok 11:33:01.0623 1828 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 11:33:01.0638 1828 YahooAUService - ok 11:33:01.0716 1828 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys 11:33:01.0716 1828 yukonw7 - ok 11:33:01.0779 1828 yukonx64 (87ed1e703e88b30182b46275f0e02b99) C:\Windows\system32\DRIVERS\yk60x64.sys 11:33:01.0779 1828 yukonx64 - ok 11:33:01.0841 1828 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 11:33:02.0215 1828 \Device\Harddisk0\DR0 - ok 11:33:02.0215 1828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 11:33:02.0215 1828 \Device\Harddisk1\DR1 - ok 11:33:02.0231 1828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2 11:33:02.0231 1828 \Device\Harddisk2\DR2 - ok 11:33:02.0231 1828 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk3\DR3 11:33:02.0247 1828 \Device\Harddisk3\DR3 - ok 11:33:02.0247 1828 Boot (0x1200) (a262899c9979d950a91b5811f183bbd3) \Device\Harddisk0\DR0\Partition0 11:33:02.0247 1828 \Device\Harddisk0\DR0\Partition0 - ok 11:33:02.0262 1828 Boot (0x1200) (e614bb0480363c307ec39685a4f11c4d) \Device\Harddisk0\DR0\Partition1 11:33:02.0262 1828 \Device\Harddisk0\DR0\Partition1 - ok 11:33:02.0293 1828 Boot (0x1200) (bb5ccc4987b0b371e199482e1906c860) \Device\Harddisk0\DR0\Partition2 11:33:02.0293 1828 \Device\Harddisk0\DR0\Partition2 - ok 11:33:02.0309 1828 Boot (0x1200) (41cf8c527065bd1037e64678716ec4a2) \Device\Harddisk0\DR0\Partition3 11:33:02.0309 1828 \Device\Harddisk0\DR0\Partition3 - ok 11:33:02.0325 1828 Boot (0x1200) (679468958eaf69d7baf921957bb6c2fa) \Device\Harddisk1\DR1\Partition0 11:33:02.0325 1828 \Device\Harddisk1\DR1\Partition0 - ok 11:33:02.0325 1828 Boot (0x1200) (9f463ba5f48157a26e3aabc300f84c6d) \Device\Harddisk2\DR2\Partition0 11:33:02.0340 1828 \Device\Harddisk2\DR2\Partition0 - ok 11:33:02.0340 1828 Boot (0x1200) (e4d2df4b8cba948575f0189d0042edeb) \Device\Harddisk3\DR3\Partition0 11:33:02.0340 1828 \Device\Harddisk3\DR3\Partition0 - ok 11:33:02.0340 1828 ============================================================ 11:33:02.0340 1828 Scan finished 11:33:02.0340 1828 ============================================================ 11:33:02.0356 5972 Detected object count: 0 11:33:02.0356 5972 Actual detected object count: 0 Ich habe noch eine Frage zum defrogger gibst du mir bescheid wann ich den wieder "re-enable" soll? Es hieß ja ich soll das nicht ohne Anweisung machen. Vielen Dank schon mal. und viele Grüße Ella |
|
20.07.2012, 10:51
| #8 | |
| /// Selecta Jahrusso | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Ja, sag ich dir. Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
20.07.2012, 10:58
| #9 |
| | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Ich glaube ich war zu voreilig Habe da jetzt was gefunden weiß nicht ob das etwas bringt. Aber sicher ist sicher Vielen DANK! Ella |
|
20.07.2012, 12:16
| #10 |
| | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hallo Daniel, habe jetzt Combofix erledigt, anbei die txt Datei. Vielen Dank. Liebe Grüße Ella |
|
20.07.2012, 12:17
| #11 |
| /// Selecta Jahrusso | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Was soll ich mit der Logfile ? Ich brauche die Combofixlog. Und bitte nicht anhängen. Danke Note: Planänderung bei mir. Ich muss jetzt weg ( Show Vorbereitungen ) und komm frühestens morgen am späten NM wieder an den Laptop
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
20.07.2012, 12:20
| #12 |
| | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hi, sorry kenn mich da leider nicht so aus Meinst du das? Combofix Logfile: Code:
ATTFilter ComboFix 12-07-20.01 - Ella 20.07.2012 12:10:19.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4060.2175 [GMT 2:00]
ausgeführt von:: c:\users\Ella\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ella\AppData\Roaming\Desktopicon
I:\autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-20 bis 2012-07-20 ))))))))))))))))))))))))))))))
.
.
2012-07-20 10:20 . 2012-07-20 10:20 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-07-20 10:20 . 2012-07-20 10:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 16:25 . 2012-07-19 16:25 -------- d-----w- c:\program files (x86)\ESET
2012-07-19 14:19 . 2012-07-19 14:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-19 14:19 . 2012-07-19 14:19 -------- d-----w- c:\program files (x86)\Oracle
2012-07-19 14:18 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-17 16:48 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{703A6EAC-5F34-48AF-A7D3-5A64C6DF0F3B}\mpengine.dll
2012-07-16 17:26 . 2012-07-16 17:26 -------- d-----w- c:\users\Ella\AppData\Roaming\Malwarebytes
2012-07-16 17:25 . 2012-07-16 17:25 -------- d-----w- c:\programdata\Malwarebytes
2012-07-16 17:25 . 2012-07-16 17:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 17:25 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 21:11 . 2012-07-14 22:06 -------- d-----w- c:\users\Ella\AppData\Roaming\DiskSpaceFan
2012-07-14 21:11 . 2012-07-14 21:11 -------- d-----w- c:\program files (x86)\Cookapp
2012-07-14 20:13 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 19:21 . 2012-07-14 19:21 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 20:09 . 2010-08-01 16:25 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 20:06 . 2010-12-28 22:21 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 16:21 . 2012-02-26 19:04 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-05-17 21:39 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-02-28 18:15 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2010-02-28 18:15 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-02-28 18:15 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-02-28 18:15 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-06-30 13:27 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-02-28 18:14 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-16 19:42 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-11 21:09 . 2012-05-13 09:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 21:09 . 2012-02-21 07:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-18 22:27 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-18 22:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-18 22:27 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-18 22:27 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-18 22:27 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-18 22:27 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-18 22:27 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-18 22:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-18 22:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-02-28 16:50 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-13 00:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 00:49 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 00:49 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 00:49 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 00:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 00:49 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 00:49 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 00:49 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 00:48 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 00:48 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 00:48 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 00:48 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 00:48 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 00:48 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2011-01-15 20:53 . 2010-02-14 14:35 4411392 ----a-w- c:\program files (x86)\mplayerc.exe
2010-02-10 14:18 . 2010-04-02 09:35 2131336 ----a-w- c:\program files (x86)\Common Files\AskToolbarInstaller.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Ella\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-06 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ella\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 B-Service;B-Service;c:\users\Ella\AppData\Roaming\Mikogo\B-Service.exe [2010-11-13 185640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2009-06-04 406528]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 17849125
*NewlyCreated* - 22887611
*Deregistered* - 17849125
*Deregistered* - 22887611
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 21:53]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 21:53]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000Core.job
- c:\users\Ella\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 20:39]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2038908738-3831003741-2899279869-1000UA.job
- c:\users\Ella\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-28 20:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Ella\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 192.168.1.1:80
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Ella\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-20 12:24:55
ComboFix-quarantined-files.txt 2012-07-20 10:24
.
Vor Suchlauf: 11 Verzeichnis(se), 133.553.639.424 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 133.177.438.208 Bytes frei
.
- - End Of File - - F250AE59B5667767F5C426E5D289D9F7
Dankeschön viele Grüße Ella |
|
21.07.2012, 14:07
| #13 |
| /// Selecta Jahrusso | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hy und Sorry, scheint wir haben gleichzeitig geantwortet und nur die TDSSKiller Log gesehen Anyway, ich seh in den Logs nichts, was mir sorgen machen würde. Sonst noch Auffälligkeiten, zB braucht er lange zum Hochfahren ? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
22.07.2012, 15:46
| #14 |
| | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Hallo Daniel, vielen Dank für deine Mühen. Ich muss sagen mein Laptop ist so weit ok. Dieses Verschwinden und wieder auftauchen von Dateien kam nicht wieder vor. Ich habe meinen Laptop gescannt und hänge es dir an. Zur Info das Tool hat mich nicht gefragt ob ich den Scann mit Avast! beginnen möchte somit habe ich dann einfach auf scannen gedrückt. aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-22 15:57:16 ----------------------------- 15:57:16.617 OS Version: Windows x64 6.1.7601 Service Pack 1 15:57:16.617 Number of processors: 2 586 0x170A 15:57:16.619 ComputerName: ELLA-PC UserName: Ella 15:57:20.526 Initialize success 15:57:24.126 AVAST engine defs: 12072200 16:00:14.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:00:14.732 Disk 0 Vendor: TOSHIBA_ LH01 Size: 305245MB BusType: 3 16:00:14.744 Disk 0 MBR read successfully 16:00:14.748 Disk 0 MBR scan 16:00:14.768 Disk 0 Windows 7 default MBR code 16:00:14.786 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048 16:00:14.803 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287535 MB offset 616448 16:00:14.833 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589488128 16:00:14.854 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620945408 16:00:14.894 Disk 0 scanning C:\Windows\system32\drivers 16:00:27.048 Service scanning 16:00:47.962 Modules scanning 16:00:47.978 Disk 0 trace - called modules: 16:00:48.020 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll 16:00:48.030 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ce3690] 16:00:48.040 3 CLASSPNP.SYS[fffff88001b9043f] -> nt!IofCallDriver -> [0xfffffa8004ce3040] 16:00:48.050 5 hpdskflt.sys[fffff88001b37189] -> nt!IofCallDriver -> [0xfffffa8003cf5e40] 16:00:48.060 7 ACPI.sys[fffff88000f177a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b4b050] 16:00:49.180 AVAST engine scan C:\Windows 16:00:51.799 AVAST engine scan C:\Windows\system32 16:03:28.061 AVAST engine scan C:\Windows\system32\drivers 16:03:40.401 AVAST engine scan C:\Users\Ella 16:19:08.885 AVAST engine scan C:\ProgramData 16:20:55.973 Scan finished successfully 16:21:40.209 Disk 0 MBR has been saved successfully to "C:\Users\Ella\Documents\MBR.dat" 16:21:40.220 The log file has been saved successfully to "C:\Users\Ella\Documents\aswMBR.txt" Danke, und viele Grüße Ella |
|
22.07.2012, 17:23
| #15 |
| /// Selecta Jahrusso | Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? Würde mich auch wundern, ich seh da nichts mehr Starte bitte Defogger und klicke den Re-enable Button. Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen. Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier. Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Link in einer Email angeklickt! Ist mein Laptop jetzt infiziert? |
| administrator, adware.adon, anti-malware, appdata, autostart, avast, dateien, email, explorer, folge, free, gelöscht, heuristiks/extra, heuristiks/shuriken, infiziert, infiziert?, internet, laptop, link, malwarebytes, passwort, programm, quarantäne, roaming, scan, seite, speicher, test, version |
Linear-Darstellung
