| |
| |||||||
Log-Analyse und Auswertung: Infizierte Registrierungsschlüssel: PUP.VShareRedirWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.10.2012, 12:47
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Infizierte Registrierungsschlüssel: PUP.VShareRedir Warum hast du OTL nicht neu runtergeladen? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.10.2012, 16:55
| #17 |
 | Infizierte Registrierungsschlüssel: PUP.VShareRedir OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 11.10.2012 17:25:04 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Filip\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 65,85% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 337,62 Gb Free Space | 75,74% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,51 Gb Free Space | 47,58% Space Free | Partition Type: FAT32
Computer Name: FILIP-PC | User Name: Filip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Filip\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDPop3.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
PRC - C:\Windows\system\w98eject.exe (Sigmatel)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (AlertService) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (NMSCore) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (DQLWinService) -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (GUCI_AVS) -- C:\Windows\System32\drivers\GUCI_AVS.sys (PixArt Imaging Incorporation)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{1645A33F-0A96-4315-904E-29E188E7720E}: "URL" = hxxp://startsear.ch/?q={searchTerms}
IE - HKLM\..\SearchScopes\{E025798A-3E41-4287-9627-7AA0F745750A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 B2 22 84 9A 17 CB 01 [binary data]
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=e4f63b00-2045-11e1-9afa-001d922dc31b&q={searchTerms}
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\SearchScopes\{AD10C2D3-A1E0-4843-B252-E4E0B3FE7C3F}: "URL" = hxxp://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=5103F4C6-7A3E-40F6-B640-0AEB2E4FBAB0&apn_sauid=1CE7932A-EA67-4A9C-BDF4-20FA40EE8C5B
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\SearchScopes\{E025798A-3E41-4287-9627-7AA0F745750A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1005\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: {988da70d-b78d-44a1-a9c7-ed11832a9e2e}:1.3
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledAddons: {dd05fd3d-18df-4ce4-ae53-e795339c5f01}:1.01
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..extensions.enabledAddons: {3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}:6.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: StrataBuddy@ReduxTeam:0.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Filip\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Filip\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Filip\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.21 16:05:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.14 21:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.10 16:19:37 | 000,000,000 | ---D | M]
[2010.08.30 21:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\Extensions
[2012.09.24 18:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions
[2011.12.06 22:07:31 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2012.09.24 18:32:09 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}
[2012.06.28 01:55:09 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.08.27 20:11:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions
[2010.07.12 23:26:23 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010.08.21 22:33:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.08.18 19:22:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.13 15:42:01 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.07.21 22:39:15 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions\firefox@ghostery.com
[2010.08.13 15:42:02 | 000,000,000 | ---D | M] (HTTPS-Everywhere (Development branch)) -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions\https-everywhere@eff.org
[2010.08.22 22:29:48 | 000,000,000 | ---D | M] (UnPlug) -- C:\Users\Filip\AppData\Roaming\mozilla\Profiles\xj2hvq8l.Filip\extensions\unplug@compunach
[2011.11.21 23:54:37 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\extensions\youtube2mp3@mondayx.de.xpi
[2012.05.04 20:12:55 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.05.01 00:00:28 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2012.09.14 21:45:44 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.07.24 22:56:24 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.23 00:46:21 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.05.17 19:23:12 | 000,003,295 | ---- | M] () -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\searchplugins\search-results.xml
[2011.06.14 23:41:58 | 000,002,024 | ---- | M] () -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\searchplugins\transfermarktde.xml
[2012.10.10 16:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.05 16:52:14 | 000,000,000 | ---D | M] (vShare Add-On) -- C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}
[2011.06.05 16:52:14 | 000,000,000 | ---D | M] (vShare Add-On) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}
[2012.06.21 16:05:59 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 16:05:49 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Filip\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Filip\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Filip\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Filip\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Filip\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Adblock Plus (Beta) = C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Adventure Time - Tree Fort 2 = C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijlhfjbpidahjpmhimhammdcdoaalenc\1.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [GUCI_AVS] C:\Windows\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PAP7501_Monitor] C:\Windows\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Programme\QuickTime\Plugins\DeleteMe1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe" File not found
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004..\Run: [XtraRichi] C:\Program Files\Richi\Richi_Skype_Com.exe /OnStartUp File not found
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C55CB12A-6555-42DC-AEA0-97E167EF3AA2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Filip\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Filip\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{eb97ac30-e2d3-11e1-959f-001d922dc31b}\Shell - "" = AutoRun
O33 - MountPoints2\{eb97ac30-e2d3-11e1-959f-001d922dc31b}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - File not found
MsConfig - StartUpReg: TVEService - hkey= - key= - File not found
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.10.10 22:43:26 | 000,000,000 | ---D | C] -- C:\Users\Filip\Desktop\Kartenbildas
[2012.10.10 11:59:07 | 000,000,000 | -HSD | C] -- C:\found.001
[2012.10.10 00:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.06 22:47:53 | 000,000,000 | ---D | C] -- C:\Users\Filip\Desktop\Neuer Ordner
[2012.10.06 22:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.10.06 22:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.09.25 01:54:18 | 000,000,000 | ---D | C] -- C:\Users\Filip\.gimp-2.8
[2012.09.25 01:51:00 | 000,000,000 | ---D | C] -- C:\Users\Filip\.thumbnails
[2012.09.25 01:46:22 | 000,000,000 | ---D | C] -- C:\Users\Filip\AppData\Local\fontconfig
[2012.09.25 01:46:20 | 000,000,000 | ---D | C] -- C:\Users\Filip\AppData\Local\gegl-0.2
[2012.09.25 01:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.09.22 20:56:57 | 000,000,000 | ---D | C] -- C:\Users\Filip\Desktop\Crackow
[2012.09.14 21:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.13 12:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.13 12:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.13 12:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.11 17:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 17:23:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.11 17:08:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3135599266-4225035208-4072581666-1004UA.job
[2012.10.11 17:06:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.11 17:06:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 17:06:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 17:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 17:05:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 12:04:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.10 22:10:15 | 000,002,046 | ---- | M] () -- C:\Users\Filip\Desktop\Google Chrome.lnk
[2012.10.10 18:08:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3135599266-4225035208-4072581666-1004Core.job
[2012.10.10 18:01:08 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FA0E4B79-AB00-4E89-9CFE-BD42FB45F81E}.job
[2012.10.01 15:23:59 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.01 15:23:59 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.01 15:23:59 | 000,130,700 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.01 15:23:59 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.01 11:46:04 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 13:05:40 | 000,003,990 | ---- | M] () -- C:\Users\Filip\AppData\Local\recently-used.xbel
[2012.09.25 01:54:16 | 000,000,884 | ---- | M] () -- C:\Users\Filip\Desktop\GIMP 2.lnk
[2012.09.14 21:41:13 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.13 12:47:32 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.01 11:45:12 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 13:05:40 | 000,003,990 | ---- | C] () -- C:\Users\Filip\AppData\Local\recently-used.xbel
[2012.09.25 01:54:16 | 000,000,884 | ---- | C] () -- C:\Users\Filip\Desktop\GIMP 2.lnk
[2012.09.25 01:43:36 | 000,000,884 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.09.14 21:41:13 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.14 21:41:13 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.13 12:47:32 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.02.02 14:31:10 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.07.30 12:30:48 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.07.30 12:30:48 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.06.30 20:39:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads
[2011.06.30 20:39:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2011.06.30 20:39:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Basics
[2011.06.30 20:39:11 | 000,000,268 | RH-- | C] () -- C:\Users\Filip\AppData\Roaming\Sync Schema
[2011.06.30 20:39:11 | 000,000,268 | RH-- | C] () -- C:\Users\Filip\AppData\Roaming\SupportPrinters
[2011.06.30 20:39:11 | 000,000,268 | RH-- | C] () -- C:\Users\Filip\AppData\Roaming\Super Strings
[2011.06.30 20:39:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.06.30 20:39:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.06.30 20:39:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.06.30 20:39:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Trumpet Section
[2011.06.30 20:39:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Tremolo
[2011.06.30 20:39:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Transportation
[2011.03.17 20:38:08 | 000,022,236 | ---- | C] () -- C:\Windows\hpqins19.dat
[2010.12.05 13:25:53 | 000,000,000 | ---- | C] () -- C:\Users\Filip\AppData\Roaming\Default.PLS
[2009.08.14 16:19:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.21 19:07:28 | 000,002,600 | ---- | C] () -- C:\Users\Filip\AppData\Roaming\wklnhst.dat
[2009.02.12 21:03:16 | 000,027,648 | ---- | C] () -- C:\Users\Filip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.04 17:53:20 | 000,007,592 | ---- | C] () -- C:\Users\Filip\AppData\Local\d3d9caps.dat
[2009.02.03 18:05:16 | 000,000,093 | ---- | C] () -- C:\Users\Filip\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.09.30 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\.minecraft
[2011.08.31 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Amazon
[2009.02.03 18:26:41 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Buhl Data Service GmbH
[2012.07.09 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Canon
[2012.08.30 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\com.nikon.thisday.5DD04D4F9EDFC6E26D64F40C9A4D0BF9D42A9E0F.1
[2010.05.17 18:28:53 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2009.10.10 14:11:54 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\EA
[2011.06.29 14:27:14 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\go
[2011.06.30 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Nikon
[2009.03.10 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Nokia
[2009.03.10 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\PC Suite
[2012.03.20 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\QuickScan
[2010.02.12 23:48:00 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Samsung
[2009.02.21 19:07:30 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Template
[2010.09.02 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\UDC Profiles
[2011.07.31 18:41:34 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Ulead Systems
[2012.01.20 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Unity
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.09.30 23:02:50 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\.minecraft
[2011.02.23 00:08:33 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Adobe
[2011.08.31 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Amazon
[2011.11.28 17:34:14 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Apple Computer
[2012.08.14 11:59:30 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Avira
[2009.02.03 18:26:41 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Buhl Data Service GmbH
[2012.07.09 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Canon
[2012.08.30 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\com.nikon.thisday.5DD04D4F9EDFC6E26D64F40C9A4D0BF9D42A9E0F.1
[2010.12.05 13:26:05 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\CyberLink
[2010.05.17 18:28:53 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2010.10.20 22:04:01 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\DivX
[2009.10.10 14:11:54 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\EA
[2011.06.29 14:27:14 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\go
[2009.02.04 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Google
[2009.02.03 18:05:15 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\GTek
[2009.02.03 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Identities
[2009.10.04 19:51:00 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\InstallShield
[2009.02.04 14:03:52 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Macromedia
[2012.09.09 01:32:39 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Malwarebytes
[2012.10.01 01:15:54 | 000,000,000 | --SD | M] -- C:\Users\Filip\AppData\Roaming\Microsoft
[2010.08.30 21:01:00 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Mozilla
[2010.10.20 21:53:10 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\NCH Software
[2009.08.16 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Nero
[2011.06.30 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Nikon
[2009.03.10 19:52:10 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Nokia
[2012.08.24 20:29:13 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\NVIDIA
[2009.03.10 19:26:46 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\PC Suite
[2012.03.20 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\QuickScan
[2012.06.21 16:05:47 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Real
[2010.02.12 23:48:00 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Samsung
[2012.09.13 21:11:46 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Skype
[2011.05.29 10:57:25 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\skypePM
[2009.02.21 19:07:30 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Template
[2010.09.02 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\UDC Profiles
[2011.07.31 18:41:34 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Ulead Systems
[2012.01.20 18:30:25 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\Unity
[2009.10.25 21:36:18 | 000,000,000 | ---D | M] -- C:\Users\Filip\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2009.09.29 20:29:09 | 000,006,144 | ---- | M] (Electronic Arts Canada) -- C:\Users\Filip\AppData\Roaming\EA\EASW\GameFace\DetectOpenGLConsole.exe
[2009.09.29 20:29:08 | 000,005,120 | ---- | M] (Electronic Arts Canada) -- C:\Users\Filip\AppData\Roaming\EA\EASW\GameFace\DownloadSourcePhotoConsole.exe
[2009.10.10 14:11:54 | 000,030,208 | ---- | M] (Electronic Arts Canada) -- C:\Users\Filip\AppData\Roaming\EA\EASW\GameFace\FileDownloadConsole.exe
[2009.09.30 19:15:50 | 000,013,312 | ---- | M] (Electronic Arts Canada) -- C:\Users\Filip\AppData\Roaming\EA\EASW\GameFace\PhotoFaceConsole.exe
[2009.09.29 20:29:04 | 000,009,216 | ---- | M] (Electronic Arts Canada) -- C:\Users\Filip\AppData\Roaming\EA\EASW\GameFace\UploadPhotofitConsole.exe
[2010.06.17 15:29:07 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Filip\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.02.08 20:08:18 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Filip\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.02.05 21:08:20 | 000,010,134 | R--- | M] () -- C:\Users\Filip\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.06.30 20:39:49 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Filip\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2007.08.29 16:36:06 | 000,167,424 | ---- | M] () -- C:\Users\Filip\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe
[2008.02.13 08:07:36 | 000,393,216 | ---- | M] () -- C:\Users\Filip\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe
[2007.11.27 08:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Filip\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
[2012.06.18 12:32:00 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Msg\1_1338861647\RealPlayer_de.exe
[2010.02.05 21:52:05 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.05.26 16:10:00 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.09.13 18:13:30 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Update\setup3.12\setup.exe
[2010.12.04 19:55:28 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2012.10.01 12:00:41 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2012.10.01 12:00:41 | 000,450,712 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2012.06.20 17:54:35 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Filip\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2010.02.13 00:14:33 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Filip\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.23 15:20:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008.01.23 15:20:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\drivers\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 10:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.01.23 15:20:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2008.01.23 15:20:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007.10.09 00:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007.10.09 00:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.09.26 14:10:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.26 14:10:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C
< End of report >
|
|
11.10.2012, 18:57
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel: PUP.VShareRedir Hm, da ist immer noch Toolbar-Müll drin
__________________Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ |
|
12.10.2012, 16:01
| #19 |
| | Infizierte Registrierungsschlüssel: PUP.VShareRedirCode:
ATTFilter # AdwCleaner v2.004 - Datei am 12/10/2012 um 16:57:31 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Filip - FILIP-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Filip\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19328
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\jo8527dt.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v22.0.1229.94
Datei : C:\Users\Filip\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [10968 octets] - [10/10/2012 14:25:48]
AdwCleaner[S1].txt - [10707 octets] - [10/10/2012 16:15:07]
AdwCleaner[R2].txt - [1028 octets] - [12/10/2012 16:57:31]
########## EOF - C:\AdwCleaner[R2].txt - [1088 octets] ##########
|
|
12.10.2012, 18:02
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel: PUP.VShareRedirZitat:
 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=e4f63b00-2045-11e1-9afa-001d922dc31b&q={searchTerms}
IE - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004\..\SearchScopes\{AD10C2D3-A1E0-4843-B252-E4E0B3FE7C3F}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=STC-SRS&o=41648033&src=crm&q={searchTerms}&locale=&apn_ptnrs=96&apn_dtid=YYYYYYYYDE&apn_uid=5103F4C6-7A3E-40F6-B640-0AEB2E4FBAB0&apn_sauid=1CE7932A-EA67-4A9C-BDF4-20FA40EE8C5B
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
[2011.12.06 22:07:31 | 000,000,000 | ---D | M] (VshareComplete - Speed up your search with your personal search suggestions tool) -- C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}
[2011.05.17 19:23:12 | 000,003,295 | ---- | M] () -- C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\searchplugins\search-results.xml
[2011.06.05 16:52:14 | 000,000,000 | ---D | M] (vShare Add-On) -- C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}
[2011.06.05 16:52:14 | 000,000,000 | ---D | M] (vShare Add-On) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004..\Run: [Twoje TVN24] "C:\Program Files\Pasek TVN24\tvn-ustawienia.exe" File not found
O4 - HKU\S-1-5-21-3135599266-4225035208-4072581666-1004..\Run: [XtraRichi] C:\Program Files\Richi\Richi_Skype_Com.exe /OnStartUp File not found
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C
:Files
C:\found.*
C:\Program Files\Yontoo Layers
C:\ProgramData\Tarma Installer
C:\Users\All Users\Tarma Installer
C:\Users\Filip\Downloads\livevdo-plugin.exe
C:\Users\Filip\Downloads\SoftonicDownloader*
C:\Users\Filip\Downloads\vshare*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 21:50
| #21 |
| | Infizierte Registrierungsschlüssel: PUP.VShareRedirCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3135599266-4225035208-4072581666-1004\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-3135599266-4225035208-4072581666-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AD10C2D3-A1E0-4843-B252-E4E0B3FE7C3F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD10C2D3-A1E0-4843-B252-E4E0B3FE7C3F}\ not found.
Prefs.js: vshare@toolbar:1.0.2 removed from extensions.enabledItems
C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\defaults\preferences folder moved successfully.
C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\defaults folder moved successfully.
C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\chrome\content folder moved successfully.
C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403}\chrome folder moved successfully.
C:\Users\Filip\AppData\Roaming\mozilla\Firefox\Profiles\jo8527dt.default\extensions\{3697b17c-b572-4862-a5e6-7f922c0f3403} folder moved successfully.
C:\Users\Filip\AppData\Roaming\mozilla\firefox\profiles\jo8527dt.default\searchplugins\search-results.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\chrome\skin folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01} folder moved successfully.
Folder C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}\ not found.
Registry value HKEY_USERS\S-1-5-21-3135599266-4225035208-4072581666-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Twoje TVN24 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3135599266-4225035208-4072581666-1004\Software\Microsoft\Windows\CurrentVersion\Run\\XtraRichi deleted successfully.
ADS C:\ProgramData\TEMP:6152D44C deleted successfully.
========== FILES ==========
C:\found.000\dir0006.chk folder moved successfully.
C:\found.000\dir0005.chk folder moved successfully.
C:\found.000\dir0004.chk\4C folder moved successfully.
C:\found.000\dir0004.chk\3E folder moved successfully.
C:\found.000\dir0004.chk\07 folder moved successfully.
C:\found.000\dir0004.chk folder moved successfully.
C:\found.000\dir0003.chk\26 folder moved successfully.
C:\found.000\dir0003.chk\19 folder moved successfully.
C:\found.000\dir0003.chk folder moved successfully.
C:\found.000\dir0002.chk\65 folder moved successfully.
C:\found.000\dir0002.chk\14 folder moved successfully.
C:\found.000\dir0002.chk folder moved successfully.
C:\found.000\dir0001.chk\B4 folder moved successfully.
C:\found.000\dir0001.chk\AD folder moved successfully.
C:\found.000\dir0001.chk\6C folder moved successfully.
C:\found.000\dir0001.chk folder moved successfully.
C:\found.000\dir0000.chk\F1 folder moved successfully.
C:\found.000\dir0000.chk\76 folder moved successfully.
C:\found.000\dir0000.chk\5E folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
C:\found.001\dir0002.chk folder moved successfully.
C:\found.001\dir0001.chk folder moved successfully.
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
C:\Program Files\Yontoo Layers folder moved successfully.
File\Folder C:\ProgramData\Tarma Installer not found.
File\Folder C:\Users\All Users\Tarma Installer not found.
C:\Users\Filip\Downloads\livevdo-plugin.exe moved successfully.
C:\Users\Filip\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe moved successfully.
C:\Users\Filip\Downloads\SoftonicDownloader_fuer_videopad-video-editor.exe moved successfully.
C:\Users\Filip\Downloads\SoftonicDownloader_fuer_zapmessenger.exe moved successfully.
C:\Users\Filip\Downloads\vshare-plugin(1).exe moved successfully.
C:\Users\Filip\Downloads\vshare-plugin.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Filip\Downloads\cmd.bat deleted successfully.
C:\Users\Filip\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Filip
->Temp folder emptied: 1783021508 bytes
->Temporary Internet Files folder emptied: 13367835 bytes
->Java cache emptied: 29422167 bytes
->FireFox cache emptied: 60352369 bytes
->Google Chrome cache emptied: 365082434 bytes
->Apple Safari cache emptied: 50294784 bytes
->Flash cache emptied: 1908175 bytes
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 515181603 bytes
RecycleBin emptied: 538327 bytes
Total Files Cleaned = 2.690,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10122012_221512
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET7F9A.tmp not found!
File\Folder C:\Windows\temp\JET9923.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
13.10.2012, 15:15
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel: PUP.VShareRedir Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.10.2012, 16:10
| #23 |
| | Infizierte Registrierungsschlüssel: PUP.VShareRedirCode:
ATTFilter 17:00:45.0992 7856 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:00:46.0019 7856 ============================================================
17:00:46.0020 7856 Current date / time: 2012/10/13 17:00:46.0019
17:00:46.0020 7856 SystemInfo:
17:00:46.0020 7856
17:00:46.0020 7856 OS Version: 6.0.6002 ServicePack: 2.0
17:00:46.0020 7856 Product type: Workstation
17:00:46.0020 7856 ComputerName: FILIP-PC
17:00:46.0020 7856 UserName: Filip
17:00:46.0021 7856 Windows directory: C:\Windows
17:00:46.0021 7856 System windows directory: C:\Windows
17:00:46.0021 7856 Processor architecture: Intel x86
17:00:46.0021 7856 Number of processors: 4
17:00:46.0021 7856 Page size: 0x1000
17:00:46.0021 7856 Boot type: Normal boot
17:00:46.0021 7856 ============================================================
17:00:46.0497 7856 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:00:46.0527 7856 ============================================================
17:00:46.0527 7856 \Device\Harddisk0\DR0:
17:00:46.0527 7856 MBR partitions:
17:00:46.0527 7856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B8418F
17:00:46.0543 7856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34
17:00:46.0543 7856 ============================================================
17:00:46.0576 7856 C: <-> \Device\Harddisk0\DR0\Partition1
17:00:46.0576 7856 D: <-> \Device\Harddisk0\DR0\Partition2
17:00:46.0576 7856 ============================================================
17:00:46.0576 7856 Initialize success
17:00:46.0576 7856 ============================================================
17:01:30.0938 7016 ============================================================
17:01:30.0938 7016 Scan started
17:01:30.0938 7016 Mode: Manual; SigCheck; TDLFS;
17:01:30.0938 7016 ============================================================
17:01:31.0094 7016 ================ Scan system memory ========================
17:01:31.0094 7016 System memory - ok
17:01:31.0094 7016 ================ Scan services =============================
17:01:31.0297 7016 [ 651C54AC4EC5C5397C5AFF5D575CA45B ] 3xHybrid C:\Windows\system32\DRIVERS\3xHybrid.sys
17:01:31.0437 7016 3xHybrid - ok
17:01:31.0499 7016 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:01:31.0515 7016 ACPI - ok
17:01:31.0655 7016 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:01:31.0671 7016 AdobeARMservice - ok
17:01:31.0765 7016 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:01:31.0780 7016 AdobeFlashPlayerUpdateSvc - ok
17:01:31.0843 7016 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:01:31.0874 7016 adp94xx - ok
17:01:31.0905 7016 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:01:31.0921 7016 adpahci - ok
17:01:31.0936 7016 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:01:31.0952 7016 adpu160m - ok
17:01:31.0983 7016 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:01:31.0999 7016 adpu320 - ok
17:01:32.0061 7016 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:01:32.0155 7016 AeLookupSvc - ok
17:01:32.0217 7016 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:01:32.0248 7016 AFD - ok
17:01:32.0264 7016 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:01:32.0279 7016 aic78xx - ok
17:01:32.0373 7016 [ CF86F64A1AEA27E5FA97E697BF70346D ] AlertService C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
17:01:32.0389 7016 AlertService - ok
17:01:32.0420 7016 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:01:32.0451 7016 ALG - ok
17:01:32.0482 7016 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
17:01:32.0498 7016 aliide - ok
17:01:32.0529 7016 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:01:32.0545 7016 amdagp - ok
17:01:32.0545 7016 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
17:01:32.0560 7016 amdide - ok
17:01:32.0591 7016 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:01:32.0779 7016 AmdK7 - ok
17:01:32.0810 7016 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:01:32.0888 7016 AmdK8 - ok
17:01:33.0013 7016 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:01:33.0028 7016 AntiVirSchedulerService - ok
17:01:33.0059 7016 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:01:33.0075 7016 AntiVirService - ok
17:01:33.0122 7016 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:01:33.0169 7016 Appinfo - ok
17:01:33.0262 7016 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:33.0278 7016 Apple Mobile Device - ok
17:01:33.0278 7016 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
17:01:33.0293 7016 arc - ok
17:01:33.0340 7016 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:01:33.0356 7016 arcsas - ok
17:01:33.0403 7016 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:01:33.0449 7016 AsyncMac - ok
17:01:33.0481 7016 [ 78620BDA3EC87816E5D1FA86F920BC3A ] atapi C:\Windows\system32\drivers\atapi.sys
17:01:33.0496 7016 atapi - ok
17:01:33.0574 7016 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:01:33.0605 7016 AudioEndpointBuilder - ok
17:01:33.0637 7016 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:01:33.0652 7016 Audiosrv - ok
17:01:33.0699 7016 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:01:33.0715 7016 avgntflt - ok
17:01:33.0746 7016 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:01:33.0761 7016 avipbb - ok
17:01:33.0793 7016 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:01:33.0808 7016 avkmgr - ok
17:01:33.0824 7016 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:01:33.0871 7016 Beep - ok
17:01:33.0933 7016 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:01:33.0980 7016 BFE - ok
17:01:34.0042 7016 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:01:34.0120 7016 BITS - ok
17:01:34.0120 7016 blbdrive - ok
17:01:34.0214 7016 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:01:34.0229 7016 Bonjour Service - ok
17:01:34.0276 7016 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:01:34.0323 7016 bowser - ok
17:01:34.0385 7016 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:01:34.0432 7016 BrFiltLo - ok
17:01:34.0448 7016 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:01:34.0479 7016 BrFiltUp - ok
17:01:34.0495 7016 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:01:34.0557 7016 Browser - ok
17:01:34.0588 7016 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:01:34.0651 7016 Brserid - ok
17:01:34.0666 7016 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:01:34.0729 7016 BrSerWdm - ok
17:01:34.0744 7016 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:01:34.0807 7016 BrUsbMdm - ok
17:01:34.0822 7016 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:01:34.0885 7016 BrUsbSer - ok
17:01:34.0916 7016 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:01:34.0963 7016 BTHMODEM - ok
17:01:35.0025 7016 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:01:35.0072 7016 cdfs - ok
17:01:35.0134 7016 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:01:35.0181 7016 cdrom - ok
17:01:35.0243 7016 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:01:35.0290 7016 CertPropSvc - ok
17:01:35.0306 7016 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
17:01:35.0353 7016 circlass - ok
17:01:35.0384 7016 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:01:35.0415 7016 CLFS - ok
17:01:35.0477 7016 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:35.0493 7016 clr_optimization_v2.0.50727_32 - ok
17:01:35.0587 7016 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:35.0649 7016 clr_optimization_v4.0.30319_32 - ok
17:01:35.0680 7016 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:01:35.0696 7016 cmdide - ok
17:01:35.0696 7016 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:01:35.0711 7016 Compbatt - ok
17:01:35.0727 7016 COMSysApp - ok
17:01:35.0743 7016 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:01:35.0743 7016 crcdisk - ok
17:01:35.0758 7016 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:01:35.0821 7016 Crusoe - ok
17:01:35.0852 7016 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:01:35.0914 7016 CryptSvc - ok
17:01:35.0945 7016 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:01:36.0055 7016 DcomLaunch - ok
17:01:36.0101 7016 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:01:36.0133 7016 DfsC - ok
17:01:36.0242 7016 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:01:36.0398 7016 DFSR - ok
17:01:36.0507 7016 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:01:36.0538 7016 Dhcp - ok
17:01:36.0616 7016 [ 2C56880D37785CF2C07B0309CEBB0A7D ] DHTRACE C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
17:01:36.0632 7016 DHTRACE - ok
17:01:36.0679 7016 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:01:36.0694 7016 disk - ok
17:01:36.0772 7016 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:01:36.0803 7016 Dnscache - ok
17:01:36.0866 7016 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:01:36.0897 7016 dot3svc - ok
17:01:36.0944 7016 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:01:36.0991 7016 Dot4 - ok
17:01:37.0022 7016 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:01:37.0069 7016 Dot4Print - ok
17:01:37.0100 7016 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:01:37.0147 7016 dot4usb - ok
17:01:37.0178 7016 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:01:37.0209 7016 DPS - ok
17:01:37.0240 7016 [ 28B42D80CE943A98C6BCEA67263CBDFF ] DQLWinService C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
17:01:37.0256 7016 DQLWinService ( UnsignedFile.Multi.Generic ) - warning
17:01:37.0256 7016 DQLWinService - detected UnsignedFile.Multi.Generic (1)
17:01:37.0287 7016 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:01:37.0318 7016 drmkaud - ok
17:01:37.0365 7016 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:01:37.0396 7016 DXGKrnl - ok
17:01:37.0459 7016 [ 476D9F2F0789CDE89ACEE2A2FB21EC5A ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
17:01:37.0474 7016 e1express - ok
17:01:37.0505 7016 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:01:37.0568 7016 E1G60 - ok
17:01:37.0583 7016 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:01:37.0599 7016 EapHost - ok
17:01:37.0661 7016 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:01:37.0677 7016 Ecache - ok
17:01:37.0708 7016 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:01:37.0739 7016 ehRecvr - ok
17:01:37.0755 7016 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:01:37.0786 7016 ehSched - ok
17:01:37.0786 7016 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:01:37.0817 7016 ehstart - ok
17:01:37.0864 7016 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:01:37.0880 7016 elxstor - ok
17:01:37.0942 7016 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:01:38.0020 7016 EMDMgmt - ok
17:01:38.0067 7016 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:01:38.0145 7016 EventSystem - ok
17:01:38.0192 7016 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:01:38.0223 7016 exfat - ok
17:01:38.0270 7016 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:01:38.0301 7016 fastfat - ok
17:01:38.0317 7016 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:01:38.0395 7016 fdc - ok
17:01:38.0395 7016 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:01:38.0426 7016 fdPHost - ok
17:01:38.0457 7016 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:01:38.0519 7016 FDResPub - ok
17:01:38.0535 7016 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
17:01:38.0597 7016 FETNDIS - ok
17:01:38.0644 7016 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:01:38.0644 7016 FileInfo - ok
17:01:38.0660 7016 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:01:38.0675 7016 Filetrace - ok
17:01:38.0800 7016 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
17:01:38.0925 7016 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:01:38.0925 7016 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
17:01:38.0956 7016 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:01:39.0034 7016 flpydisk - ok
17:01:39.0081 7016 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:01:39.0097 7016 FltMgr - ok
17:01:39.0190 7016 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:01:39.0299 7016 FontCache - ok
17:01:39.0409 7016 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:01:39.0424 7016 FontCache3.0.0.0 - ok
17:01:39.0487 7016 [ 790A4CA68F44BE35967B3DF61F3E4675 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
17:01:39.0502 7016 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
17:01:39.0502 7016 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
17:01:39.0549 7016 [ D3F9205CC4CB07553F2F9472C767EA87 ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
17:01:39.0565 7016 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
17:01:39.0565 7016 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
17:01:39.0596 7016 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:01:39.0643 7016 Fs_Rec - ok
17:01:39.0643 7016 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:01:39.0658 7016 gagp30kx - ok
17:01:39.0721 7016 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:01:39.0736 7016 GEARAspiWDM - ok
17:01:39.0783 7016 [ 51B2D8629E1A0F463682F365D56325CB ] GnabService c:\program files\common files\gnab\service\servicecontroller.exe
17:01:39.0799 7016 GnabService ( UnsignedFile.Multi.Generic ) - warning
17:01:39.0799 7016 GnabService - detected UnsignedFile.Multi.Generic (1)
17:01:39.0861 7016 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:01:39.0939 7016 gpsvc - ok
17:01:40.0033 7016 [ 9E19744D36262441FCA59509B78328CB ] GUCI_AVS C:\Windows\system32\DRIVERS\GUCI_AVS.sys
17:01:40.0142 7016 GUCI_AVS - ok
17:01:40.0267 7016 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca09f69037a8a0 C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:40.0282 7016 gupdate1ca09f69037a8a0 - ok
17:01:40.0329 7016 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:40.0345 7016 gupdatem - ok
17:01:40.0376 7016 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:01:40.0376 7016 gusvc - ok
17:01:40.0423 7016 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:01:40.0423 7016 hamachi - ok
17:01:40.0485 7016 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:01:40.0547 7016 HdAudAddService - ok
17:01:40.0594 7016 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:01:40.0672 7016 HDAudBus - ok
17:01:40.0719 7016 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:01:40.0797 7016 HidBth - ok
17:01:40.0813 7016 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:01:40.0859 7016 HidIr - ok
17:01:40.0906 7016 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
17:01:40.0953 7016 hidserv - ok
17:01:40.0984 7016 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:01:41.0015 7016 HidUsb - ok
17:01:41.0047 7016 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:01:41.0078 7016 hkmsvc - ok
17:01:41.0093 7016 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:01:41.0109 7016 HpCISSs - ok
17:01:41.0156 7016 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:01:41.0218 7016 HTTP - ok
17:01:41.0234 7016 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:01:41.0249 7016 i2omp - ok
17:01:41.0312 7016 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:01:41.0343 7016 i8042prt - ok
17:01:41.0437 7016 [ 9BCF5972C941B4B5CB60DED03CB9E300 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
17:01:41.0452 7016 IAANTMON - ok
17:01:41.0515 7016 [ 28AAE599496B4930B3F19026F2083BC4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:01:41.0530 7016 iaStor - ok
17:01:41.0530 7016 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:01:41.0561 7016 iaStorV - ok
17:01:41.0671 7016 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:01:41.0686 7016 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:01:41.0686 7016 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:01:41.0749 7016 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:01:41.0827 7016 idsvc - ok
17:01:41.0873 7016 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:01:41.0889 7016 iirsp - ok
17:01:41.0951 7016 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:01:42.0061 7016 IKEEXT - ok
17:01:42.0154 7016 [ 56661BEAE591E59067710B6CBCA78184 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:01:42.0217 7016 IntcAzAudAddService - ok
17:01:42.0248 7016 [ 7F440F8CED849FCDFA85BB3521B4F048 ] IntelDH C:\Windows\system32\Drivers\IntelDH.sys
17:01:42.0295 7016 IntelDH - ok
17:01:42.0357 7016 [ E5EA1C17DA5065032E346591FF64F3AF ] intelide C:\Windows\system32\drivers\intelide.sys
17:01:42.0357 7016 intelide - ok
17:01:42.0404 7016 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:01:42.0435 7016 intelppm - ok
17:01:42.0482 7016 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:01:42.0529 7016 IPBusEnum - ok
17:01:42.0560 7016 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:01:42.0607 7016 IpFilterDriver - ok
17:01:42.0653 7016 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:01:42.0685 7016 iphlpsvc - ok
17:01:42.0685 7016 IpInIp - ok
17:01:42.0700 7016 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:01:42.0778 7016 IPMIDRV - ok
17:01:42.0794 7016 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:01:42.0841 7016 IPNAT - ok
17:01:42.0887 7016 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:01:42.0950 7016 iPod Service - ok
17:01:42.0950 7016 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:01:43.0028 7016 IRENUM - ok
17:01:43.0043 7016 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:01:43.0059 7016 isapnp - ok
17:01:43.0106 7016 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:01:43.0121 7016 iScsiPrt - ok
17:01:43.0199 7016 [ 50ADB2883F8874AA6632A67CD410F27F ] ISSM C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
17:01:43.0199 7016 ISSM - ok
17:01:43.0215 7016 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:01:43.0231 7016 iteatapi - ok
17:01:43.0246 7016 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:01:43.0262 7016 iteraid - ok
17:01:43.0277 7016 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:01:43.0293 7016 kbdclass - ok
17:01:43.0340 7016 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:01:43.0387 7016 kbdhid - ok
17:01:43.0418 7016 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:01:43.0465 7016 KeyIso - ok
17:01:43.0527 7016 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:01:43.0558 7016 KSecDD - ok
17:01:43.0605 7016 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:01:43.0667 7016 KtmRm - ok
17:01:43.0730 7016 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
17:01:43.0792 7016 LanmanServer - ok
17:01:43.0839 7016 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:01:43.0886 7016 LanmanWorkstation - ok
17:01:43.0901 7016 Lavasoft Kernexplorer - ok
17:01:43.0948 7016 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
17:01:43.0964 7016 LGBusEnum - ok
17:01:43.0995 7016 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
17:01:44.0011 7016 LGVirHid - ok
17:01:44.0026 7016 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:01:44.0057 7016 lltdio - ok
17:01:44.0089 7016 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:01:44.0135 7016 lltdsvc - ok
17:01:44.0151 7016 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:01:44.0213 7016 lmhosts - ok
17:01:44.0245 7016 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:01:44.0260 7016 LSI_FC - ok
17:01:44.0276 7016 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:01:44.0291 7016 LSI_SAS - ok
17:01:44.0323 7016 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:01:44.0338 7016 LSI_SCSI - ok
17:01:44.0354 7016 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:01:44.0385 7016 luafv - ok
17:01:44.0416 7016 [ 9A3741D5412AB81B86992915E3ECD3E9 ] M1 Server C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
17:01:44.0432 7016 M1 Server - ok
17:01:44.0447 7016 [ 6AD27B01272F966C9611A398961FCF15 ] MCLServiceATL C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
17:01:44.0463 7016 MCLServiceATL - ok
17:01:44.0510 7016 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:01:44.0541 7016 Mcx2Svc - ok
17:01:44.0557 7016 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
17:01:44.0572 7016 megasas - ok
17:01:44.0588 7016 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:01:44.0635 7016 MMCSS - ok
17:01:44.0650 7016 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:01:44.0681 7016 Modem - ok
17:01:44.0713 7016 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:01:44.0744 7016 monitor - ok
17:01:44.0775 7016 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:01:44.0775 7016 mouclass - ok
17:01:44.0791 7016 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:01:44.0822 7016 mouhid - ok
17:01:44.0822 7016 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:01:44.0837 7016 MountMgr - ok
17:01:44.0900 7016 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:01:44.0915 7016 MozillaMaintenance - ok
17:01:44.0947 7016 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
17:01:44.0962 7016 mpio - ok
17:01:44.0978 7016 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:01:45.0009 7016 mpsdrv - ok
17:01:45.0040 7016 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
17:01:45.0071 7016 MpsSvc - ok
17:01:45.0118 7016 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:01:45.0118 7016 Mraid35x - ok
17:01:45.0165 7016 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:01:45.0196 7016 MRxDAV - ok
17:01:45.0227 7016 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:01:45.0259 7016 mrxsmb - ok
17:01:45.0290 7016 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:01:45.0321 7016 mrxsmb10 - ok
17:01:45.0337 7016 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:01:45.0368 7016 mrxsmb20 - ok
17:01:45.0415 7016 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
17:01:45.0430 7016 msahci - ok
17:01:45.0446 7016 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:01:45.0461 7016 msdsm - ok
17:01:45.0508 7016 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:01:45.0555 7016 MSDTC - ok
17:01:45.0586 7016 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:01:45.0633 7016 Msfs - ok
17:01:45.0664 7016 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:01:45.0680 7016 msisadrv - ok
17:01:45.0695 7016 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:01:45.0742 7016 MSiSCSI - ok
17:01:45.0742 7016 msiserver - ok
17:01:45.0789 7016 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:01:45.0836 7016 MSKSSRV - ok
17:01:45.0867 7016 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:01:45.0914 7016 MSPCLOCK - ok
17:01:45.0945 7016 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:01:45.0992 7016 MSPQM - ok
17:01:46.0023 7016 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:01:46.0039 7016 MsRPC - ok
17:01:46.0070 7016 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:01:46.0085 7016 mssmbios - ok
17:01:46.0101 7016 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:01:46.0132 7016 MSTEE - ok
17:01:46.0163 7016 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:01:46.0179 7016 Mup - ok
17:01:46.0226 7016 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:01:46.0273 7016 napagent - ok
17:01:46.0319 7016 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:01:46.0351 7016 NativeWifiP - ok
17:01:46.0444 7016 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:01:46.0491 7016 NDIS - ok
17:01:46.0522 7016 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:01:46.0553 7016 NdisTapi - ok
17:01:46.0585 7016 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:01:46.0631 7016 Ndisuio - ok
17:01:46.0663 7016 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:01:46.0694 7016 NdisWan - ok
17:01:46.0694 7016 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:01:46.0725 7016 NDProxy - ok
17:01:46.0787 7016 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:01:46.0803 7016 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:01:46.0803 7016 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:01:46.0803 7016 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:01:46.0850 7016 NetBIOS - ok
17:01:46.0881 7016 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:01:46.0928 7016 netbt - ok
17:01:46.0943 7016 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:01:46.0959 7016 Netlogon - ok
17:01:46.0975 7016 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:01:47.0021 7016 Netman - ok
17:01:47.0037 7016 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:01:47.0099 7016 netprofm - ok
17:01:47.0162 7016 [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
17:01:47.0224 7016 netr28u - ok
17:01:47.0287 7016 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:01:47.0302 7016 NetTcpPortSharing - ok
17:01:47.0318 7016 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:01:47.0333 7016 nfrd960 - ok
17:01:47.0349 7016 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:01:47.0380 7016 NlaSvc - ok
17:01:47.0427 7016 [ 5384D7A64E7B6011E98D68F69DCFC980 ] NMSCore C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
17:01:47.0458 7016 NMSCore - ok
17:01:47.0474 7016 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] nmsunidr C:\Windows\system32\DRIVERS\nmsunidr.sys
17:01:47.0521 7016 nmsunidr - ok
17:01:47.0567 7016 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:01:47.0599 7016 Npfs - ok
17:01:47.0614 7016 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:01:47.0645 7016 nsi - ok
17:01:47.0661 7016 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:01:47.0708 7016 nsiproxy - ok
17:01:47.0770 7016 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:01:47.0817 7016 Ntfs - ok
17:01:47.0848 7016 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:01:47.0911 7016 ntrigdigi - ok
17:01:47.0926 7016 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:01:47.0957 7016 Null - ok
17:01:48.0238 7016 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:01:48.0566 7016 nvlddmkm - ok
17:01:48.0581 7016 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:01:48.0597 7016 nvraid - ok
17:01:48.0613 7016 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:01:48.0613 7016 nvstor - ok
17:01:48.0675 7016 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:01:48.0691 7016 nvsvc - ok
17:01:48.0800 7016 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:01:48.0847 7016 nvUpdatusService - ok
17:01:48.0878 7016 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:01:48.0893 7016 nv_agp - ok
17:01:48.0893 7016 NwlnkFlt - ok
17:01:48.0893 7016 NwlnkFwd - ok
17:01:48.0956 7016 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:01:48.0987 7016 odserv - ok
17:01:49.0018 7016 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:01:49.0049 7016 ohci1394 - ok
17:01:49.0096 7016 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:01:49.0112 7016 ose - ok
17:01:49.0159 7016 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:01:49.0252 7016 p2pimsvc - ok
17:01:49.0268 7016 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:01:49.0299 7016 p2psvc - ok
17:01:49.0330 7016 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:01:49.0393 7016 Parport - ok
17:01:49.0424 7016 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:01:49.0439 7016 partmgr - ok
17:01:49.0455 7016 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:01:49.0533 7016 Parvdm - ok
17:01:49.0564 7016 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:01:49.0611 7016 PcaSvc - ok
17:01:49.0658 7016 [ 175CC28DCF819F78CAA3FBD44AD9E52A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:01:49.0705 7016 pccsmcfd - ok
17:01:49.0720 7016 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:01:49.0736 7016 pci - ok
17:01:49.0767 7016 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
17:01:49.0783 7016 pciide - ok
17:01:49.0798 7016 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:01:49.0814 7016 pcmcia - ok
17:01:49.0876 7016 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:01:50.0017 7016 PEAUTH - ok
17:01:50.0079 7016 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:01:50.0266 7016 pla - ok
17:01:50.0329 7016 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:01:50.0375 7016 PlugPlay - ok
17:01:50.0391 7016 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:01:50.0422 7016 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:01:50.0422 7016 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:01:50.0453 7016 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:01:50.0485 7016 PNRPAutoReg - ok
17:01:50.0563 7016 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:01:50.0625 7016 PNRPsvc - ok
17:01:50.0672 7016 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:01:50.0719 7016 PolicyAgent - ok
17:01:50.0765 7016 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:01:50.0797 7016 PptpMiniport - ok
17:01:50.0797 7016 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
17:01:50.0859 7016 Processor - ok
17:01:50.0890 7016 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:01:50.0937 7016 ProfSvc - ok
17:01:50.0953 7016 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:01:50.0968 7016 ProtectedStorage - ok
17:01:51.0015 7016 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:01:51.0031 7016 PSched - ok
17:01:51.0093 7016 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:01:51.0140 7016 ql2300 - ok
17:01:51.0171 7016 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:01:51.0187 7016 ql40xx - ok
17:01:51.0218 7016 [ 938A882B718866E24CA5F71DFC925866 ] QualityManager C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
17:01:51.0233 7016 QualityManager - ok
17:01:51.0249 7016 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:01:51.0265 7016 QWAVE - ok
17:01:51.0296 7016 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:01:51.0327 7016 QWAVEdrv - ok
17:01:51.0389 7016 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
17:01:51.0514 7016 R300 - ok
17:01:51.0530 7016 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:01:51.0561 7016 RasAcd - ok
17:01:51.0561 7016 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:01:51.0623 7016 RasAuto - ok
17:01:51.0639 7016 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:01:51.0686 7016 Rasl2tp - ok
17:01:51.0733 7016 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:01:51.0748 7016 RasMan - ok
17:01:51.0795 7016 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:01:51.0842 7016 RasPppoe - ok
17:01:51.0857 7016 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:01:51.0904 7016 RasSstp - ok
17:01:51.0935 7016 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:01:51.0982 7016 rdbss - ok
17:01:51.0998 7016 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:01:52.0029 7016 RDPCDD - ok
17:01:52.0060 7016 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:01:52.0123 7016 rdpdr - ok
17:01:52.0123 7016 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:01:52.0169 7016 RDPENCDD - ok
17:01:52.0201 7016 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:01:52.0247 7016 RDPWD - ok
17:01:52.0279 7016 [ A8430231E1A06828210248C79755BF9C ] Remote UI Service C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
17:01:52.0294 7016 Remote UI Service - ok
17:01:52.0341 7016 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:01:52.0372 7016 RemoteAccess - ok
17:01:52.0419 7016 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:01:52.0450 7016 RemoteRegistry - ok
17:01:52.0497 7016 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:01:52.0513 7016 RichVideo - ok
17:01:52.0528 7016 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:01:52.0591 7016 RpcLocator - ok
17:01:52.0637 7016 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:01:52.0669 7016 RpcSs - ok
17:01:52.0700 7016 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:01:52.0731 7016 rspndr - ok
17:01:52.0747 7016 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:01:52.0762 7016 SamSs - ok
17:01:52.0778 7016 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:01:52.0793 7016 sbp2port - ok
17:01:52.0840 7016 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:01:52.0871 7016 SCardSvr - ok
17:01:52.0934 7016 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:01:53.0027 7016 Schedule - ok
17:01:53.0074 7016 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:01:53.0090 7016 SCPolicySvc - ok
17:01:53.0121 7016 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:01:53.0168 7016 SDRSVC - ok
17:01:53.0183 7016 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:01:53.0246 7016 secdrv - ok
17:01:53.0277 7016 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:01:53.0308 7016 seclogon - ok
17:01:53.0308 7016 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
17:01:53.0355 7016 SENS - ok
17:01:53.0386 7016 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:01:53.0417 7016 Serenum - ok
17:01:53.0433 7016 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:01:53.0464 7016 Serial - ok
17:01:53.0480 7016 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:01:53.0511 7016 sermouse - ok
17:01:53.0589 7016 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:01:53.0620 7016 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:01:53.0620 7016 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:01:53.0636 7016 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:01:53.0698 7016 SessionEnv - ok
17:01:53.0714 7016 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:01:53.0792 7016 sffdisk - ok
17:01:53.0807 7016 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:01:53.0885 7016 sffp_mmc - ok
17:01:53.0901 7016 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:01:53.0963 7016 sffp_sd - ok
17:01:53.0995 7016 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:01:54.0041 7016 sfloppy - ok
17:01:54.0057 7016 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:01:54.0104 7016 SharedAccess - ok
17:01:54.0135 7016 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:01:54.0166 7016 ShellHWDetection - ok
17:01:54.0182 7016 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:01:54.0197 7016 SiSRaid2 - ok
17:01:54.0197 7016 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:01:54.0213 7016 SiSRaid4 - ok
17:01:54.0275 7016 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:01:54.0291 7016 SkypeUpdate - ok
17:01:54.0400 7016 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:01:54.0556 7016 slsvc - ok
17:01:54.0603 7016 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:01:54.0650 7016 SLUINotify - ok
17:01:54.0681 7016 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:01:54.0712 7016 Smb - ok
17:01:54.0743 7016 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:01:54.0775 7016 SNMPTRAP - ok
17:01:54.0806 7016 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:01:54.0821 7016 spldr - ok
17:01:54.0868 7016 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:01:54.0915 7016 Spooler - ok
17:01:54.0962 7016 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:01:55.0024 7016 srv - ok
17:01:55.0071 7016 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:01:55.0102 7016 srv2 - ok
17:01:55.0196 7016 [ BF94A7553EF257D70CB2287BF7A3BCE1 ] srvcPVR C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
17:01:55.0243 7016 srvcPVR ( UnsignedFile.Multi.Generic ) - warning
17:01:55.0243 7016 srvcPVR - detected UnsignedFile.Multi.Generic (1)
17:01:55.0305 7016 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:01:55.0336 7016 srvnet - ok
17:01:55.0383 7016 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
17:01:55.0414 7016 sscdbus - ok
17:01:55.0445 7016 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
17:01:55.0477 7016 sscdmdfl - ok
17:01:55.0492 7016 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
17:01:55.0539 7016 sscdmdm - ok
17:01:55.0539 7016 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:01:55.0570 7016 SSDPSRV - ok
17:01:55.0601 7016 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:01:55.0617 7016 ssmdrv - ok
17:01:55.0664 7016 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:01:55.0679 7016 SstpSvc - ok
17:01:55.0711 7016 Steam Client Service - ok
17:01:55.0757 7016 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:01:55.0773 7016 Stereo Service - ok
17:01:55.0835 7016 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:01:55.0867 7016 stisvc - ok
17:01:55.0882 7016 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:01:55.0882 7016 swenum - ok
17:01:55.0929 7016 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:01:55.0960 7016 swprv - ok
17:01:55.0976 7016 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:01:55.0991 7016 Symc8xx - ok
17:01:55.0991 7016 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:01:56.0007 7016 Sym_hi - ok
17:01:56.0023 7016 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:01:56.0038 7016 Sym_u3 - ok
17:01:56.0085 7016 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:01:56.0147 7016 SysMain - ok
17:01:56.0194 7016 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:01:56.0210 7016 TabletInputService - ok
17:01:56.0241 7016 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:01:56.0288 7016 TapiSrv - ok
17:01:56.0288 7016 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:01:56.0319 7016 TBS - ok
17:01:56.0366 7016 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:01:56.0428 7016 Tcpip - ok
17:01:56.0444 7016 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:01:56.0475 7016 Tcpip6 - ok
17:01:56.0522 7016 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:01:56.0584 7016 tcpipreg - ok
17:01:56.0615 7016 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:01:56.0647 7016 TDPIPE - ok
17:01:56.0678 7016 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:01:56.0725 7016 TDTCP - ok
17:01:56.0771 7016 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:01:56.0803 7016 tdx - ok
17:01:56.0818 7016 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:01:56.0834 7016 TermDD - ok
17:01:56.0865 7016 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:01:56.0927 7016 TermService - ok
17:01:56.0943 7016 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:01:56.0959 7016 Themes - ok
17:01:56.0990 7016 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:01:57.0021 7016 THREADORDER - ok
17:01:57.0037 7016 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:01:57.0083 7016 TrkWks - ok
17:01:57.0161 7016 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:01:57.0193 7016 TrustedInstaller - ok
17:01:57.0208 7016 [ B56368B25A51CEBDA77E6B20764F07F2 ] TSHWMDTCP C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
17:01:57.0224 7016 TSHWMDTCP - ok
17:01:57.0239 7016 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:01:57.0286 7016 tssecsrv - ok
17:01:57.0333 7016 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:01:57.0364 7016 tunmp - ok
17:01:57.0395 7016 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:01:57.0427 7016 tunnel - ok
17:01:57.0458 7016 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:01:57.0473 7016 uagp35 - ok
17:01:57.0505 7016 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:01:57.0536 7016 udfs - ok
17:01:57.0567 7016 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:01:57.0598 7016 UI0Detect - ok
17:01:57.0614 7016 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:01:57.0629 7016 uliagpkx - ok
17:01:57.0676 7016 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:01:57.0692 7016 uliahci - ok
17:01:57.0692 7016 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:01:57.0707 7016 UlSata - ok
17:01:57.0739 7016 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:01:57.0754 7016 ulsata2 - ok
17:01:57.0770 7016 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:01:57.0801 7016 umbus - ok
17:01:57.0817 7016 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:01:57.0863 7016 upnphost - ok
17:01:57.0910 7016 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:01:57.0957 7016 USBAAPL - ok
17:01:58.0004 7016 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:01:58.0019 7016 usbaudio - ok
17:01:58.0051 7016 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:01:58.0097 7016 usbccgp - ok
17:01:58.0097 7016 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:01:58.0160 7016 usbcir - ok
17:01:58.0191 7016 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:01:58.0238 7016 usbehci - ok
17:01:58.0269 7016 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:01:58.0300 7016 usbhub - ok
17:01:58.0331 7016 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:01:58.0378 7016 usbohci - ok
17:01:58.0409 7016 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:01:58.0441 7016 usbprint - ok
17:01:58.0487 7016 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:01:58.0503 7016 usbscan - ok
17:01:58.0550 7016 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:01:58.0565 7016 USBSTOR - ok
17:01:58.0597 7016 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:01:58.0612 7016 usbuhci - ok
17:01:58.0659 7016 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:01:58.0706 7016 UxSms - ok
17:01:58.0737 7016 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:01:58.0815 7016 vds - ok
17:01:58.0831 7016 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:01:58.0893 7016 vga - ok
17:01:58.0909 7016 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:01:58.0955 7016 VgaSave - ok
17:01:58.0971 7016 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:01:58.0987 7016 viaagp - ok
17:01:59.0002 7016 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:01:59.0049 7016 ViaC7 - ok
17:01:59.0080 7016 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys
17:01:59.0096 7016 viaide - ok
17:01:59.0096 7016 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:01:59.0111 7016 volmgr - ok
17:01:59.0158 7016 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:01:59.0174 7016 volmgrx - ok
17:01:59.0205 7016 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:01:59.0221 7016 volsnap - ok
17:01:59.0236 7016 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:01:59.0252 7016 vsmraid - ok
17:01:59.0314 7016 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:01:59.0377 7016 VSS - ok
17:01:59.0423 7016 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:01:59.0470 7016 W32Time - ok
17:01:59.0501 7016 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:01:59.0564 7016 WacomPen - ok
17:01:59.0595 7016 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:01:59.0626 7016 Wanarp - ok
17:01:59.0626 7016 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:01:59.0642 7016 Wanarpv6 - ok
17:01:59.0704 7016 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:01:59.0735 7016 wcncsvc - ok
17:01:59.0767 7016 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:01:59.0798 7016 WcsPlugInService - ok
17:01:59.0829 7016 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
17:01:59.0829 7016 Wd - ok
17:01:59.0876 7016 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:01:59.0907 7016 Wdf01000 - ok
17:01:59.0907 7016 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:01:59.0938 7016 WdiServiceHost - ok
17:01:59.0938 7016 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:01:59.0969 7016 WdiSystemHost - ok
17:02:00.0016 7016 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:02:00.0047 7016 WebClient - ok
17:02:00.0079 7016 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:02:00.0125 7016 Wecsvc - ok
17:02:00.0141 7016 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:02:00.0172 7016 wercplsupport - ok
17:02:00.0203 7016 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:02:00.0219 7016 WerSvc - ok
17:02:00.0266 7016 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:02:00.0281 7016 WinDefend - ok
17:02:00.0281 7016 WinHttpAutoProxySvc - ok
17:02:00.0328 7016 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:02:00.0344 7016 Winmgmt - ok
17:02:00.0406 7016 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:02:00.0453 7016 WinRM - ok
17:02:00.0515 7016 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:02:00.0593 7016 Wlansvc - ok
17:02:00.0718 7016 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:02:00.0874 7016 wlidsvc - ok
17:02:00.0937 7016 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:02:00.0999 7016 WmiAcpi - ok
17:02:01.0015 7016 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:02:01.0046 7016 wmiApSrv - ok
17:02:01.0093 7016 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:02:01.0186 7016 WMPNetworkSvc - ok
17:02:01.0202 7016 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:02:01.0233 7016 WPCSvc - ok
17:02:01.0264 7016 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:02:01.0295 7016 WPDBusEnum - ok
17:02:01.0327 7016 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:02:01.0358 7016 WpdUsb - ok
17:02:01.0483 7016 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:02:01.0561 7016 WPFFontCache_v0400 - ok
17:02:01.0592 7016 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:02:01.0623 7016 ws2ifsl - ok
17:02:01.0654 7016 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
17:02:01.0701 7016 wscsvc - ok
17:02:01.0701 7016 WSearch - ok
17:02:01.0763 7016 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:02:01.0951 7016 wuauserv - ok
17:02:02.0029 7016 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:02:02.0075 7016 WUDFRd - ok
17:02:02.0107 7016 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:02:02.0153 7016 wudfsvc - ok
17:02:02.0185 7016 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
17:02:02.0200 7016 X10Hid - ok
17:02:02.0263 7016 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
17:02:02.0294 7016 x10nets ( UnsignedFile.Multi.Generic ) - warning
17:02:02.0294 7016 x10nets - detected UnsignedFile.Multi.Generic (1)
17:02:02.0325 7016 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
17:02:02.0341 7016 XUIF - ok
17:02:02.0341 7016 ================ Scan global ===============================
17:02:02.0372 7016 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:02:02.0419 7016 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:02:02.0434 7016 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:02:02.0481 7016 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:02:02.0481 7016 [Global] - ok
17:02:02.0481 7016 ================ Scan MBR ==================================
17:02:02.0497 7016 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
17:02:02.0933 7016 \Device\Harddisk0\DR0 - ok
17:02:02.0933 7016 ================ Scan VBR ==================================
17:02:02.0933 7016 [ F8DE6B423739BF5AA48F276007F8A363 ] \Device\Harddisk0\DR0\Partition1
17:02:02.0933 7016 \Device\Harddisk0\DR0\Partition1 - ok
17:02:02.0949 7016 [ AEABBBD0ADD33E46EFD541ECF270685C ] \Device\Harddisk0\DR0\Partition2
17:02:02.0949 7016 \Device\Harddisk0\DR0\Partition2 - ok
17:02:02.0949 7016 ============================================================
17:02:02.0949 7016 Scan finished
17:02:02.0949 7016 ============================================================
17:02:02.0965 7048 Detected object count: 11
17:02:02.0965 7048 Actual detected object count: 11
17:08:28.0276 7048 DQLWinService ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0276 7048 DQLWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:08:28.0291 7048 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
17:08:28.0291 7048 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.10.2012, 18:50
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel: PUP.VShareRedir Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.10.2012, 20:53
| #25 |
| | Infizierte Registrierungsschlüssel: PUP.VShareRedir [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-13.01 - Filip 13.10.2012 21:22:24.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.2208 [GMT 2:00]
ausgeführt von:: c:\users\Filip\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Live\Messenger\msacm32.dll
c:\windows\system32\SET50E7.tmp
c:\windows\system32\SET6957.tmp
c:\windows\system32\SET7B3E.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-13 bis 2012-10-13 ))))))))))))))))))))))))))))))
.
.
2012-10-13 19:32 . 2012-10-13 19:33 -------- d-----w- c:\users\Filip\AppData\Local\temp
2012-10-13 19:32 . 2012-10-13 19:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-13 19:32 . 2012-10-13 19:32 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-10-13 19:32 . 2012-10-13 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 19:06 . 2012-10-13 19:10 -------- d-----w- c:\windows\LastGood
2012-10-13 19:05 . 2012-10-02 22:20 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-13 19:05 . 2012-10-02 22:20 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-13 19:05 . 2012-10-02 22:20 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-13 19:05 . 2012-10-02 22:20 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-13 19:05 . 2012-10-02 22:20 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-13 19:05 . 2012-10-02 22:20 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-13 19:05 . 2012-10-02 22:20 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-13 19:05 . 2012-10-02 22:20 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-13 19:05 . 2012-10-02 22:20 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-12 20:15 . 2012-10-12 20:15 -------- d-----w- C:\_OTL
2012-10-10 17:57 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 17:57 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 17:57 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 17:57 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 17:57 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 17:57 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 17:57 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 22:48 . 2012-10-09 22:48 -------- d-----w- c:\program files\ESET
2012-10-06 20:45 . 2012-10-06 20:45 -------- d-----w- c:\program files\7-Zip
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-25 23:12 . 2012-09-25 23:12 1207568 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-24 23:54 . 2012-09-30 11:05 -------- d-----w- c:\users\Filip\.gimp-2.8
2012-09-24 23:51 . 2012-09-24 23:51 -------- d-----w- c:\users\Filip\.thumbnails
2012-09-24 23:46 . 2012-09-24 23:46 -------- d-----w- c:\users\Filip\AppData\Local\fontconfig
2012-09-24 23:46 . 2012-09-24 23:46 -------- d-----w- c:\users\Filip\AppData\Local\gegl-0.2
2012-09-24 23:42 . 2012-09-24 23:43 -------- d-----w- c:\program files\GIMP 2
2012-09-14 19:41 . 2012-09-14 19:41 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 17:27 . 2012-08-18 17:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 17:27 . 2011-11-08 19:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 22:20 . 2012-08-24 18:11 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-02 22:20 . 2008-02-04 14:13 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-02 22:20 . 2008-02-04 14:13 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29 . 2012-08-24 18:12 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2012-08-24 18:12 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2012-08-24 18:12 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2008-02-04 14:13 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2008-02-04 14:13 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2008-02-04 14:13 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-07 15:04 . 2012-09-08 23:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 11:01 . 2012-09-13 10:47 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2010-07-14 08:24 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-18 16:04 . 2012-08-14 09:53 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-18 16:04 . 2012-08-14 09:53 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-18 16:04 . 2012-08-14 09:53 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-06 01:26 . 2012-09-14 19:41 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-02-12 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2008-04-25 327328]
"PAP7501_Monitor"="c:\windows\Pixart\PAP7501\GUCI_AVS.exe" [2008-04-25 327328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2011-08-11 86016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-06-21 296056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
w98Eject.lnk - c:\windows\System\w98eject.exe [2009-4-3 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 95493537
*Deregistered* - 95493537
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 17:27]
.
2012-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 19:42]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 11:29]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 11:29]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135599266-4225035208-4072581666-1004Core.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 10:53]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135599266-4225035208-4072581666-1004UA.job
- c:\users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 10:53]
.
2012-10-13 c:\windows\Tasks\User_Feed_Synchronization-{FA0E4B79-AB00-4E89-9CFE-BD42FB45F81E}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\jo8527dt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\imbooster.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
MSConfigStartUp-TVEService - c:\program files\HomeCinema\TV Enhance\TVEService.exe
AddRemove-vShare.tv plugin - c:\program files\vShare.tv plugin\uninst.exe
AddRemove-{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1 - c:\program files\VshareComplete\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-13 21:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-13 21:41:01
ComboFix-quarantined-files.txt 2012-10-13 19:40
.
Vor Suchlauf: 10 Verzeichnis(se), 359.443.533.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 356.249.681.920 Bytes frei
.
- - End Of File - - DF91E601172D9BA4880FEAAE834DDF47
|
|
14.10.2012, 15:50
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel: PUP.VShareRedir Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.10.2012, 21:42
| #27 |
| | Infizierte Registrierungsschlüssel: PUP.VShareRedir [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-18 22:37:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: je1r7v37.exe; Driver: C:\Users\Filip\AppData\Local\Temp\pwloypod.sys
---- System - GMER 1.0.15 ----
SSDT 8BA7570E ZwCreateSection
SSDT 8BA75718 ZwRequestWaitReplyPort
SSDT 8BA75713 ZwSetContextThread
SSDT 8BA7571D ZwSetSecurityObject
SSDT 8BA75722 ZwSystemDebugControl
SSDT 8BA756AF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828E28D8 4 Bytes [0E, 57, A7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 828E2BFC 2 Bytes [18, 57]
.text ntkrnlpa.exe!KeSetEvent + 53C 828E2BFF 1 Byte [8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 828E2C30 4 Bytes [13, 57, A7, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 828E2C94 4 Bytes [1D, 57, A7, 8B]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4648] kernel32.dll!SetUnhandledExceptionFilter 775AA8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74647817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7468B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7464BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7463F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7463E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746773F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7464DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7463FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7463FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7466C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7463D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74636853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7463687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3532] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74642AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@d!s!s!j!j!`!`!r!t!t!t!d!i!`!s!\24! 19583823
---- Files - GMER 1.0.15 ----
File C:\Users\Filip\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F644RCNB\www.youjizz.com.\xmoov_flv 0 bytes
File C:\Users\Filip\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F644RCNB\www.youjizz.com.\xmoov_flv\player 0 bytes
File C:\Users\Filip\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F644RCNB\www.youjizz.com.\xmoov_flv\player\xmoov.sol 36 bytes
File C:\Users\Filip\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F644RCNB\www.youjizz.com.\xmoov_flv\player\xmoov_younoob.sol 69 bytes
File C:\Users\Filip\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youjizz.com.\settings.sol 86 bytes
---- EOF - GMER 1.0.15 ----
haha auf solchen seiten sollte man besonders aufpassen  younoob datei kling äußert interesant -.- ^^OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 22:50:18 on 18.10.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Google Inc. Google Chrome 22.0.1229.94 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3135599266-4225035208-4072581666-1004Core.job" - "Google Inc." - C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3135599266-4225035208-4072581666-1004UA.job" - "Google Inc." - C:\Users\Filip\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "lgLcdCpl" - "Logitech Inc." - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdCpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Filip\AppData\Local\Temp\catchme.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MSOHEVI.DLL {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - ? - (File not found | COM-object registry key not found) {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - ? - (File not found | COM-object registry key not found) {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll {555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? - (File not found | COM-object registry key not found) -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} "ClsidExtension" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "w98Eject.lnk" - "Sigmatel" - C:\Windows\System\w98eject.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenuEx" - "CANON INC." - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon "CCUTRAYICON" - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Launch LCDMon" - "Logitech Inc." - "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" "Launch LGDCore" - "Logitech Inc." - "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE "Launch LgDeviceAgent" - "Logitech Inc." - "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" "NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup "QuickTime Plugin Install" - ? - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe (File found, but it contains no detailed information) "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "c:\program files\real\realplayer\Update\realsched.exe" -osboot "TVBroadcast" - "ODSoft multimedia" - C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL "hpf3l70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70v.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "UDC" - "fCoder Group, Inc." - C:\Windows\system32\udcpm.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1ca09f69037a8a0)" (gupdate1ca09f69037a8a0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe "Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe "Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe "Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe "Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe "Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe "Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-18 22:57:36
-----------------------------
22:57:36.464 OS Version: Windows 6.0.6002 Service Pack 2
22:57:36.464 Number of processors: 4 586 0xF0B
22:57:36.464 ComputerName: FILIP-PC UserName: Filip
22:58:13.344 Initialize success
23:00:18.289 AVAST engine defs: 12101801
23:08:58.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:08:58.693 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:08:58.724 Disk 0 MBR read successfully
23:08:58.724 Disk 0 MBR scan
23:08:58.739 Disk 0 unknown MBR code
23:08:58.739 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 456456 MB offset 63
23:08:58.755 Disk 0 Partition - 00 0F Extended LBA 20481 MB offset 934822350
23:08:58.771 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 20481 MB offset 934822413
23:08:58.786 Disk 0 scanning sectors +976768065
23:08:58.833 Disk 0 scanning C:\Windows\system32\drivers
23:09:08.193 Service scanning
23:09:29.378 Modules scanning
23:09:33.964 Disk 0 trace - called modules:
23:09:33.995 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:09:34.011 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8693f4a0]
23:09:34.011 3 CLASSPNP.SYS[8afb18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85dc7030]
23:09:35.696 AVAST engine scan C:\Windows
23:09:39.315 AVAST engine scan C:\Windows\system32
23:12:34.955 AVAST engine scan C:\Windows\system32\drivers
23:12:46.780 AVAST engine scan C:\Users\Filip
23:25:35.441 AVAST engine scan C:\ProgramData
23:30:13.493 Scan finished successfully
02:02:00.908 Disk 0 MBR has been saved successfully to "C:\Users\Filip\Desktop\Neuer Ordner\MBR.dat"
02:02:00.908 The log file has been saved successfully to "C:\Users\Filip\Desktop\Neuer Ordner\aswMBR.txt"
Geändert von fifafo (18.10.2012 um 21:56 Uhr) |
|
19.10.2012, 09:37
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel: PUP.VShareRedir Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.10.2012, 19:55
| #29 |
| | Infizierte Registrierungsschlüssel: PUP.VShareRedirCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-19 20:17:54
-----------------------------
20:17:54.973 OS Version: Windows 6.0.6002 Service Pack 2
20:17:54.973 Number of processors: 4 586 0xF0B
20:17:54.973 ComputerName: FILIP-PC UserName: Filip
20:17:56.299 Initialize success
20:18:09.465 AVAST engine defs: 12101801
20:23:21.326 Verifying
20:23:31.341 Disk 0 Windows 600 MBR fixed successfully
20:50:07.690 Disk 0 MBR has been saved successfully to "C:\Users\Filip\Desktop\Neuer Ordner\MBR.dat"
20:50:07.690 The log file has been saved successfully to "C:\Users\Filip\Desktop\Neuer Ordner\aswMBR2.txt"
Als ich gerade vor dem PC saß, ist er plötzlich abgestürtzt. Danach erschien ein Blue Screen mit einer Information die ich allerdings nicht zu ende lesen konnte, da es wieder verschwunden ist. So sah es aus. Ob da jetzt die selbe fehlerhafte Datein angebeben wurde kann ich nicht sagen.  Aber Blue Screen of Death  klingt ja schon mal furchteinflößend |
|
21.10.2012, 11:23
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Registrierungsschlüssel: PUP.VShareRedir Kannst du kein neues Log machen? Nur das Fixlog verrät mir nicht wie es jetzt um den MBR bestellt ist
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Infizierte Registrierungsschlüssel: PUP.VShareRedir |
| ad-aware, adblock, adobe, antivir, application/pdf:, bho, bonjour, canon, defender, desktop, downloader, error, firefox, flash player, google analytics, home, iminent, internet, logfile, monitor, mp3, nvidia update, plug-in, realtek, registry, scan, schädling, senden, server, software, super, viren, vista, yontoo |
Linear-Darstellung
