| |
| |||||||
Log-Analyse und Auswertung: Avira meldet Fund von EXP/2012-4681.ADWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
07.10.2012, 19:06
| #1 |
 |  Avira meldet Fund von EXP/2012-4681.AD Hallo liebe Forengemeinde, ich bin neu hier und absolut kein Experte im Trojaner Virenbereich. Der EXP/2012-4681.AD wurde von Avira in folgenden Links C:\Users\***\AppData\Local\Temp\jar_cache3561310075985321909.tmp C:\Users\***\AppData\Local\Temp\jar_cache7836314432314345488.tmp gefunden. Die Viren/trijaner wurde mit Avira in Quarantäne versetzt. Ich hoffe ich habe mich mit meinem Post an die Forennorm gehalten. Hier das vollständige Logfile vom Avira-Scan: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 6. Oktober 2012 12:00
Es wird nach 4314591 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : GUDRUN-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07.09.2012 22:14:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 01.08.2012 07:43:50
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 18:58:28
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 18:58:28
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 18:58:28
AVREG.DLL : 12.3.0.17 232200 Bytes 14.05.2012 17:24:14
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:00:31
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 21:36:11
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 22:31:30
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 00:30:36
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:51:40
VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 17:51:40
VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 17:51:41
VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 17:51:41
VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 17:51:41
VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 17:51:41
VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 17:51:41
VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 17:51:42
VBASE014.VDF : 7.11.42.65 203264 Bytes 09.09.2012 19:09:16
VBASE015.VDF : 7.11.42.125 156672 Bytes 11.09.2012 05:04:01
VBASE016.VDF : 7.11.42.171 187904 Bytes 12.09.2012 08:01:12
VBASE017.VDF : 7.11.42.235 141312 Bytes 13.09.2012 08:30:42
VBASE018.VDF : 7.11.43.35 133632 Bytes 15.09.2012 10:08:42
VBASE019.VDF : 7.11.43.89 129024 Bytes 18.09.2012 10:08:23
VBASE020.VDF : 7.11.43.141 130560 Bytes 19.09.2012 20:07:09
VBASE021.VDF : 7.11.43.187 121856 Bytes 21.09.2012 20:07:08
VBASE022.VDF : 7.11.43.251 147456 Bytes 24.09.2012 20:01:06
VBASE023.VDF : 7.11.44.43 152064 Bytes 25.09.2012 05:16:56
VBASE024.VDF : 7.11.44.103 165888 Bytes 27.09.2012 16:59:45
VBASE025.VDF : 7.11.44.167 160256 Bytes 30.09.2012 17:24:37
VBASE026.VDF : 7.11.44.223 199680 Bytes 02.10.2012 17:24:38
VBASE027.VDF : 7.11.45.29 196096 Bytes 04.10.2012 20:32:38
VBASE028.VDF : 7.11.45.30 2048 Bytes 04.10.2012 20:32:38
VBASE029.VDF : 7.11.45.31 2048 Bytes 04.10.2012 20:32:38
VBASE030.VDF : 7.11.45.32 2048 Bytes 04.10.2012 20:32:38
VBASE031.VDF : 7.11.45.66 71168 Bytes 05.10.2012 20:32:38
Engineversion : 8.2.10.182
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 22:40:42
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05.10.2012 20:32:49
AESCN.DLL : 8.1.9.2 131444 Bytes 27.09.2012 05:17:02
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 14:48:49
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.3.0.38 811382 Bytes 28.09.2012 16:59:59
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 24.09.2012 20:01:18
AEHEUR.DLL : 8.1.4.114 5353847 Bytes 05.10.2012 20:32:48
AEHELP.DLL : 8.1.25.0 258423 Bytes 05.10.2012 20:32:38
AEGEN.DLL : 8.1.5.38 434548 Bytes 27.09.2012 05:17:00
AEEXP.DLL : 8.2.0.4 115060 Bytes 05.10.2012 20:32:49
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 22:40:39
AECORE.DLL : 8.1.28.2 201079 Bytes 27.09.2012 05:16:59
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 18:58:28
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 18:58:28
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 18:58:28
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 18:58:28
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 18:58:28
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 18:58:28
AVSMTP.DLL : 12.3.0.32 63480 Bytes 01.08.2012 07:43:51
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 18:58:28
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 01.08.2012 07:43:40
RCTEXT.DLL : 12.3.0.31 100088 Bytes 01.08.2012 07:43:40
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir
Desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 6. Oktober 2012 12:00
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSPPSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'EXCEL.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WINWORD.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_265.exe' - '1' Modul(e) wurden
durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_4_402_265.exe' - '1' Modul(e) wurden
durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vprot.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToolbarUpdater.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('20' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\launcher.exe
[WARNUNG] Die Datei ist kennwortgeschützt
Die Registry wurde durchsucht ( '3100' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\assets_swtor_de_de.version
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\assets_swtor_en_us.version
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\assets_swtor_main.version
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\FixLauncher.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\launcher.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\movies_de_de.version
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\movies_en_us.version
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\patcher.version
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old
Republic\retailclient_swtor.version
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Users\Gudrun\AppData\Local\Temp\jar_cache3561310075985321909.tmp
[0] Archivtyp: ZIP
--> vBnajybNYN.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-4681.AD
C:\Users\Gudrun\AppData\Local\Temp\jar_cache7836314432314345488.tmp
[0] Archivtyp: ZIP
--> vBnajybNYN.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-4681.AD
C:\Users\Gudrun\Downloads\DAO_WitchHunt.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Windows\SoftwareDistribution\Download\27ff8849bc826ea933871bb17b6b37aa\BIT5
D33.tmp
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt
werden. Das Archiv wird geschlossen.
C:\Windows.old\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Windows.old\Windows\System32\Macromed\Flash\uninstall_plugin.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Beginne mit der Suche in 'D:\'
Beginne mit der Desinfektion:
C:\Users\Gudrun\AppData\Local\Temp\jar_cache7836314432314345488.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-4681.AD
[WARNUNG] Die Datei wurde ignoriert.
C:\Users\Gudrun\AppData\Local\Temp\jar_cache3561310075985321909.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-4681.AD
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Samstag, 6. Oktober 2012 14:27
Benötigte Zeit: 2:25:40 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
66036 Verzeichnisse wurden überprüft
865593 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
865591 Dateien ohne Befall
4983 Archive wurden durchsucht
17 Warnungen
0 Hinweise
19492 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.06.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ***:: ***-PC [Administrator] 06.10.2012 15:45:48 mbam-log-2012-10-06 (15-45-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 238595 Laufzeit: 3 Stunde(n), 28 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:38 on 07/10/2012 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 07.10.2012 09:33:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gudrun\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 69,53% Memory free 5,93 Gb Paging File | 4,89 Gb Available in Paging File | 82,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 380,76 Gb Total Space | 177,03 Gb Free Space | 46,49% Space Free | Partition Type: NTFS Drive D: | 72,00 Gb Total Space | 56,83 Gb Free Space | 78,93% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: Gudrun | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.06 18:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL.exe PRC - [2012.09.12 19:14:10 | 000,722,528 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012.09.12 19:14:07 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gudrun\AppData\Local\Akamai\netsession_win.exe PRC - [2012.08.01 09:43:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2012.07.25 10:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe PRC - [2012.05.08 20:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:58:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe ========== Modules (No Company Name) ========== MOD - [2012.09.12 19:14:19 | 000,564,832 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll MOD - [2012.09.12 19:14:15 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll MOD - [2012.09.12 19:14:07 | 000,947,808 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.09.20 22:54:45 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.12 19:14:10 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012.09.10 21:29:31 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai) SRV - [2012.09.07 21:21:14 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 20:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 20:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.12 04:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2012.09.12 19:14:15 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.05.08 20:58:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:58:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.03.26 19:52:55 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2012.03.26 19:52:55 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.12.19 23:34:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.12.19 23:34:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.20 13:28:24 | 000,295,432 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={4AE2B5FB-E346-4EE4-BDB5-09A917907C5F}&mid=4fac279c330747d0ba0dd16d12ecf9e9-8dc8cad4a6bede33ff2e8eddf041979e041bbedf&lang=de&ds=gm011&pr=sa&d=2012-09-12 19:14:20&v=12.2.5.34&sap=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={4AE2B5FB-E346-4EE4-BDB5-09A917907C5F}&mid=4fac279c330747d0ba0dd16d12ecf9e9-8dc8cad4a6bede33ff2e8eddf041979e041bbedf&lang=de&ds=gm011&pr=sa&d=2012-09-12 19:14:20&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012.09.12 19:14:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:21:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:21:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:21:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:21:11 | 000,000,000 | ---D | M] [2011.01.08 03:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Extensions [2012.09.28 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions [2011.03.04 22:14:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.19 16:24:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.28 19:01:12 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\firefox\profiles\2bkmojau.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2011.01.08 03:50:24 | 000,000,873 | ---- | M] () -- C:\Users\Gudrun\AppData\Roaming\mozilla\firefox\profiles\2bkmojau.default\searchplugins\conduit.xml [2012.09.07 21:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 21:21:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.07 21:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.07 21:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.07 21:21:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.12 19:14:05 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gudrun\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Gudrun\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gudrun\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D096CB6-6E80-4267-8CDB-31064E4F6412}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6126C79-D0CD-4382-80DC-95F092E57F9E}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.06 18:41:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL.exe [2012.10.06 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\AppData\Roaming\Malwarebytes [2012.10.06 13:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.06 13:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.06 13:59:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.06 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.12 19:15:05 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\AppData\Local\AVG Secure Search [2012.09.12 19:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.09.12 19:14:15 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.12 19:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.09.12 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012.09.12 19:12:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.09.08 11:04:23 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\AppData\Local\FreeOCR [2012.09.08 10:05:29 | 002,680,320 | ---- | C] (HiComponents) -- C:\Windows\System32\ImageEnXLibrary.ocx [2012.09.08 10:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeOCR [2012.09.08 10:05:26 | 000,000,000 | ---D | C] -- C:\FreeOCR [2012.09.08 10:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Temp [2012.09.07 21:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.07 08:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 08:38:58 | 000,000,000 | ---- | M] () -- C:\Users\Gudrun\defogger_reenable [2012.10.07 08:36:41 | 000,084,420 | ---- | M] () -- C:\Users\Gudrun\Desktop\Artikel10.pdf [2012.10.07 08:36:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 08:31:17 | 000,050,477 | ---- | M] () -- C:\Users\Gudrun\Desktop\Defogger.exe [2012.10.07 08:18:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.06 18:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL.exe [2012.10.06 15:43:10 | 000,016,323 | ---- | M] () -- C:\Users\Gudrun\Desktop\Avira_Report_6_10_2012.pdf [2012.10.06 13:59:42 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.06 13:36:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.06 07:57:47 | 000,010,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.06 07:57:47 | 000,010,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.06 07:50:02 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012.10.01 21:45:23 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\DanBasic V.lnk [2012.09.29 23:21:19 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.29 23:21:19 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.29 23:21:19 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.29 23:21:19 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.12 19:14:15 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.07 08:38:58 | 000,000,000 | ---- | C] () -- C:\Users\Gudrun\defogger_reenable [2012.10.07 08:36:41 | 000,084,420 | ---- | C] () -- C:\Users\Gudrun\Desktop\Artikel10.pdf [2012.10.07 08:31:17 | 000,050,477 | ---- | C] () -- C:\Users\Gudrun\Desktop\Defogger.exe [2012.10.06 15:43:08 | 000,016,323 | ---- | C] () -- C:\Users\Gudrun\Desktop\Avira_Report_6_10_2012.pdf [2012.10.06 13:59:42 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.01 21:39:05 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\DanBasic V.lnk [2012.07.15 22:04:02 | 000,004,593 | ---- | C] () -- C:\Users\Gudrun\.recently-used.xbel [2012.03.26 19:52:55 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2012.03.26 19:52:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.03.13 01:17:03 | 000,000,045 | ---- | C] () -- C:\Users\Gudrun\.gtk-bookmarks [2011.01.28 13:32:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.10.14 09:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.03.14 21:54:41 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.06.19 16:26:16 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\DVDVideoSoft [2012.06.19 16:24:45 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.15 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\gtk-2.0 [2011.03.10 00:33:34 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\MyHeritage [2012.06.10 23:10:40 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\OpenCandy [2011.05.28 02:48:57 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\ProtectDISC [2010.12.15 17:58:39 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\TeamViewer [2012.06.22 04:00:00 | 000,000,000 | ---D | M] -- C:\Users\Gudrun\AppData\Roaming\Workrave ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.10.2012 09:33:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gudrun\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 69,53% Memory free
5,93 Gb Paging File | 4,89 Gb Available in Paging File | 82,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 380,76 Gb Total Space | 177,03 Gb Free Space | 46,49% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 56,83 Gb Free Space | 78,93% Space Free | Partition Type: NTFS
Computer Name: GUDRUN-PC | User Name: Gudrun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C064B0D-9D1F-4B85-A094-9323E04D95EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C9DBD19-8946-46F3-9C8C-B0EA3FE8CEB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{263B87A1-A627-4525-A4E8-5C5602845184}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DED2B15-0481-4A88-ABD9-97889DBFE5BF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B82D07A-FCC1-4489-B165-A2CC586EAC9F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4580847C-6638-40B3-99E8-7C7FD7C01D0E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{496F2B59-B2FF-46A7-8456-FA38D6E031DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{557A62A3-989D-4E9D-9FA4-0D966482BCFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56CB739A-7E7A-4805-8898-BD72C11D47F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{57017312-5674-4505-AC73-2A5949E2DCE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5912CDC7-095A-4196-BB45-F0856AD1A3A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{607B0DC7-6423-4BEF-A8CC-68849F47A1A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{68B3969D-9229-4F98-A678-86B9049CADC6}" = lport=138 | protocol=17 | dir=in | app=system |
"{8660DB8F-B8C3-4282-A3AA-49797CD14578}" = lport=139 | protocol=6 | dir=in | app=system |
"{8F1A0FF1-AE70-4158-95B2-A3758C9F353D}" = rport=138 | protocol=17 | dir=out | app=system |
"{98CA0AD6-18D1-4716-90BE-21360EEDA616}" = rport=139 | protocol=6 | dir=out | app=system |
"{9A24E270-91BB-433D-B45E-41DE60FC1AED}" = lport=137 | protocol=17 | dir=in | app=system |
"{CAF2BB4D-E8E5-47FF-A2B0-2134D60C7059}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D28E7239-7023-4E3D-B5C4-C8F6A9CEB5D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE5D9009-8B61-41D1-B99F-54353EA79A4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E110AC28-538A-4E20-9929-242C220B7FDC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBC49B9B-8B0B-491A-AF00-1C3C02AA5ACC}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062D7574-8413-4C40-8803-424EEF5A0B7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BE4555D-F432-417F-B0A7-AB6D0EDBA3AC}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe |
"{213E6FE1-4F3A-4586-9FB0-1F8DA0A7A72E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{227210BE-5D8E-4B9D-AFF6-058D57C5B68C}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{24207019-2E39-4F25-93B0-5DCB6DDB23B0}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe |
"{2A844571-AC5A-48D4-9282-175058A34EEC}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{33F4CA3E-0AE8-4EB7-AFD6-CBDC93F3EDE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35B4114C-F4D3-4E18-8EB1-46259B94D0DE}" = protocol=6 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe |
"{3757DEEF-5B35-425B-BFAE-BC08F590FE26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CB17FCE-1D2C-4F98-856E-3202ED1FBD81}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{479B9B14-9D45-4470-9C94-AE2DC7CAC907}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{4C79328E-AE86-403A-B715-392EAE773A1F}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{4E0FB7DA-2838-4359-820A-49A4377ED47C}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{500B896F-AE1E-4DD6-B723-812C3EA01019}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{517F2F53-B9CF-4E76-92A0-E482BC332AF7}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5538596A-9730-49F4-BBC2-7FF6C38B8337}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{61C704CB-C484-4E99-98FE-C94D9209C554}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{679BA5B2-6E17-4438-967B-2C81517A2F65}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{6904D9DC-7615-4E49-9FC1-8FF23C57C447}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{69D8E22C-698B-4CA3-B820-B77BE546BF52}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{7201C70E-F1FC-44D3-B612-CFAF143D1920}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{757EC3D5-18FC-4D36-A31B-23C84E0AA215}" = protocol=6 | dir=out | app=system |
"{794E0848-0E01-4D81-8C6D-CD84082269C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D7647EC-9778-4EA3-92F4-DD433DF02D1A}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{804C61D2-D79F-443E-9C2A-0F37659B5D76}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{875EA354-2B6E-4612-9D12-216CF7204B07}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{909DCDF2-7AC2-490E-8400-A2FCC0FCD94E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{96E912C4-0830-46BF-A792-46B9A5B3374C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9CF5A0E5-85D7-4237-8AB8-9C3CCF17C392}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{9D544A07-C55A-46A7-9886-C0D76A050B9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A11ED015-B9A2-46C1-A9E0-862DCA011353}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{AFA1D72B-35CA-46D6-85E7-265110A8B362}" = protocol=17 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe |
"{B0D52236-2B8D-493F-A526-F979776BE298}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1478444-5D61-4CEB-BF9E-39FFE565AB2C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B630271E-C2D3-49AD-BA35-2B8CC1984C4C}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{B6B98B8A-D794-4D1F-AA88-7E161542A6B8}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{BB1E7611-8CE0-4D84-8DAF-C4CA0B88BE0F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{C2719DA6-76F2-4216-B154-81D4E76EDCAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C63BF64E-D81B-4C8D-96D8-3E88F333EBF9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{C8C228A9-B6E2-4389-A2FD-27A0FE519EB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB3EBDF7-D36D-46FB-A0BA-5CF547B6F369}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CB46DDDB-8BE8-469C-B084-540765DC2B95}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CCF81B87-1DC1-42BF-B60B-75966AE7680B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D0ED510F-51AE-4D0F-A7B1-1B09358ED12A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA2F0E2B-25BC-429F-89FE-6BAC6218E5B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF07A6D7-B2F6-40BE-AE50-1EB744EFC974}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{E871081A-F5ED-4587-8A0A-8AF5D14DF472}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{EE03C361-F75B-4762-8877-AE0F2F684BE7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{FE447DD4-1816-4A65-8415-AACDCE415F93}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"TCP Query User{2D5DBC0C-7A06-4C2D-83FE-A45E20242E5B}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"TCP Query User{306DEF67-80D6-44AD-B11A-59E02BB952C1}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{44559E22-FB79-45F8-A693-4C408F269208}C:\users\gudrun\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8D8E4D20-9786-4E27-8C81-26DE69FF6223}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{95E44999-CCF7-4A38-B1AD-FC5DA00EE568}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{A770FC8C-29E7-491C-8DBB-851B51CC0E21}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{B2BF5BC9-5917-46D4-8243-B524CCB404D3}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{B91126D9-1CF6-4DB5-A1EA-7B92C6ED15EB}C:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{FBC70CA4-B879-46C4-9140-F97CB7F711E6}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{361B7F9F-7975-4878-BF0B-72AB7DBD9481}C:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\gudrun\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{393A4FF2-482F-4C1D-BC5D-2AEE31668DDB}C:\users\gudrun\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gudrun\appdata\local\akamai\netsession_win.exe |
"UDP Query User{40019207-BCD4-4771-B17B-C22D3A2DD849}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{52A13E4F-C322-4DC7-9EE5-3C13AA5058C1}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{6CC2498C-3E85-4916-91EA-B5502D792F5A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{920446AF-C447-4060-838A-57DAB4BBDFD1}C:\program files\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\the witcher 2\bin\witcher2.exe |
"UDP Query User{A3FE4096-8156-45D5-90D9-8F2EB3E64B17}C:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{AC031832-24D9-41D7-A409-8BFCB36C2FAF}C:\program files\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{DF00FE72-0E46-4C51-AD59-E4C56682BE20}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{33C730FE-A1EC-46EA-82ED-C79C639D4F92}_is1" = SolarDemo V0.93
"{3B10321A-80CC-4B55-B9A1-A1D69F74A052}" = DruckStudio Karten
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56F53F3E-E2D5-4AB7-A2C5-2A51EE3FB2E8}" = Danfoss20120515
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{765AB753-AFC9-4352-A56F-363EB06B2601}" = Danfoss20120515
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{ED2FC50F-C1A5-40DA-B6A7-A787F7323E86}" = DanBasic V
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Drakensang_is1" = Drakensang
"easy-AZA Version 12.03_is1" = easy-AZA Version 12.03 (06.07.2012)
"easy-AZK Version 12.02_is1" = easy-AZK Version 12.02 (11.05.2012)
"Free Studio_is1" = Free Studio version 5.6.1.608
"freeocr_is1" = FreeOCR v4.2
"GIMP-2_is1" = GIMP 2.8.0
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"KaloMa_is1" = KaloMa 4.77
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"StarCraft II" = StarCraft II
"Two Worlds II" = Two Worlds II
"Update Engine" = Sony Ericsson Update Engine
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR
"Workrave_is1" = Workrave 1.9.4
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.03.2012 21:24:32 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:32 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:32 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:32 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:33 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:33 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:38 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:41 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:24:46 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 10.03.2012 21:25:10 | Computer Name = GUDRUN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
[ System Events ]
Error - 04.10.2012 16:04:39 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 04.10.2012 16:04:39 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 05.10.2012 01:17:58 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 05.10.2012 01:17:58 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 05.10.2012 14:39:40 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 05.10.2012 14:39:40 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 05.10.2012 15:34:53 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 06.10.2012 01:50:12 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 06.10.2012 01:50:12 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.10.2012 02:18:32 | Computer Name = GUDRUN-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Zuguerletzt der nicht vollständige Logfile von GMER (der vollständige Scan wird über Nacht nachgeholt und dann nachgereicht) Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-07 18:34:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1
Running: hwkj8rvb.exe; Driver: C:\Users\Gudrun\AppData\Local\Temp\pxdiapob.sys
---- System - GMER 1.0.15 ----
SSDT 943E512E ZwCreateSection
SSDT 943E5138 ZwRequestWaitReplyPort
SSDT 943E5133 ZwSetContextThread
SSDT 943E513D ZwSetSecurityObject
SSDT 943E5142 ZwSystemDebugControl
SSDT 943E50CF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C6E989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C8E4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C9587C 4 Bytes [2E, 51, 3E, 94]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C95BD8 4 Bytes [38, 51, 3E, 94] {CMP [ECX+0x3e], DL; XCHG ESP, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C95C1C 4 Bytes [33, 51, 3E, 94] {XOR EDX, [ECX+0x3e]; XCHG ESP, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C95C98 4 Bytes [3D, 51, 3E, 94]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C95CEC 4 Bytes [42, 51, 3E, 94]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93812000, 0x2D5378, 0xE8000020]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0x9D197580, 0x29E04, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9D1C2300, 0x3B638, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9D205300, 0x1BEE, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\C701lib.log 599 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\solaera208.csv 2683 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\solaera208.dck 76704 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\solaera208.log 13736 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\solaera208.lst 1453740 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\solaera208.PTI 272 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\SUMMARY.BAL 24829 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\T56_std-Output.sum 18294 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\T56_std-q.prn 96170 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\MyProjects\Consolar Solaera\Simulationsuntersuchung_Parametereinfluss_regeltechnisch\Gebäudegekopplet_gebäudeAndreaswalz\neues_Referenzmodell1750\Zweifeldregelung\T56_std-temp.prn 107200 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Ductwork\Exhaust; Circular - flexible;\Screws or rivets - tape; tape; 1 yr;\In non-residential building\Sheet metal\AIVC-721.tmf 4275 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Ductwork\Exhaust; Circular - flexible;\Screws or rivets - tape; tape; 1 yr;\In non-residential building\Sheet metal\AIVC-722.tmf 4275 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Ductwork\Exhaust; Circular; Screws or\rivets, tape - mastic; tape; New system;\In multi-family dwelling\Sheet metal\AIVC-708.tmf 4274 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Ductwork\Supply demand controlled,\Rectangular; Flange - gasket; 2 years;\In non-residential building\Sheet metal\AIVC-682.tmf 4271 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Ext. Walls\Timber framed\Vinyl siding\Non-strapped expanded polystyrene; insulated\Lab. test; dry wall not included\AIVC-425.tmf 4295 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Ext. Walls\Timber framed\Vinyl siding\Non-strapped waferboard sheathing; insulated\Lab. test; dry wall not included\AIVC-418.tmf 4296 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Windows\Hung\Not weatherstripped\Discharge coefficient=0.6; Air density=1.21Kg-m^3\Flow exp. assumed; Summary data\AIVC-340.tmf 4281 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Windows\Casement\Weatherstripped\Discharge coefficient=0.6; Air density=1.21Kg-m^3\Flow exp. assumed; Summary data\AIVC-336.tmf 4281 bytes
File C:\Sicherungen_Doktorarbeit_tfa\aktuelle_Arbeiten\Sicherung_Unter_MPC\Untersuchung_MPC\Trnsys16_1\Studio\Lib\comis-demo\Proformas\Aivc\Typical\Windows\Sliding\Weatherstripped\Discharge coefficient=0.6; Air density=1.21Kg-m^3\Flow exp. assumed; Summary data\AIVC-337.tmf 4279 bytes
Ich hoffe ein Experte hier kann uns helfen, dieses Problem zu lösen. Mfg |
|
08.10.2012, 18:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira meldet Fund von EXP/2012-4681.AD Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
08.10.2012, 19:33
| #3 |
| | Avira meldet Fund von EXP/2012-4681.AD Vielen Dank Cosinus, dass Du Dir uns angenommen hast.
__________________Nun die Logfiles von malwarebytes. Als der Virus noch nicht in Quarantäne war, hat Malwarebytes trotzdem nichts gefunden. Aber, da hatte ich noch vergessen die aktuellste Datenbank Version zu implementieren. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.06.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gudrun :: GUDRUN-PC [Administrator] 07.10.2012 08:26:23 mbam-log-2012-10-07 (08-26-23).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 188685 Laufzeit: 3 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.06.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gudrun :: GUDRUN-PC [Administrator] 07.10.2012 08:23:58 mbam-log-2012-10-07 (08-23-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 38290 Laufzeit: 2 Minute(n), 2 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.06.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gudrun :: GUDRUN-PC [Administrator] 06.10.2012 18:46:38 mbam-log-2012-10-06 (18-46-38).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 471249 Laufzeit: 3 Stunde(n), 7 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Mfg und nochmals vielen Dank! |
|
08.10.2012, 19:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von EXP/2012-4681.ADESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.10.2012, 05:46
| #5 |
| | Avira meldet Fund von EXP/2012-4681.AD Hallo Cosinus, wie gewünscht der ESET-Scan: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a42a54237294dc49bff10b718e409b25
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-08 09:58:23
# local_time=2012-10-08 11:58:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 30719281 30719281 0 0
# compatibility_mode=5893 16776574 100 94 34390193 101356035 0 0
# compatibility_mode=8192 67108863 100 0 1221 1221 0 0
# scanned=318503
# found=0
# cleaned=0
# scan_time=8659
|
|
09.10.2012, 14:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von EXP/2012-4681.AD adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Avira meldet Fund von EXP/2012-4681.AD |
|
09.10.2012, 20:09
| #7 |
| | Avira meldet Fund von EXP/2012-4681.AD Hallo Cosinus, wie gewünscht der ADWcleaner Scan: Code:
ATTFilter # AdwCleaner v2.004 - Datei am 09/10/2012 um 21:08:00 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Gudrun - GUDRUN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gudrun\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Users\Gudrun\AppData\Roaming\Mozilla\Firefox\Profiles\2bkmojau.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\Users\Gudrun\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Gudrun\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Gudrun\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\Gudrun\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Gudrun\AppData\Roaming\Mozilla\Firefox\Profiles\2bkmojau.default\Conduit
Ordner Gefunden : C:\Users\Gudrun\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4AE2B5FB-E346-4EE4-BDB5-09A917907C5F}&mid=4fac279c330747d0ba0dd16d12ecf9e9-8dc8cad4a6bede33ff2e8eddf041979e041bbedf&lang=de&ds=gm011&pr=sa&d=2012-09-12 19:14:20&v=12.2.5.34&sap=hp
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Gudrun\AppData\Roaming\Mozilla\Firefox\Profiles\2bkmojau.default\prefs.js
Gefunden : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2269050.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.CurrentServerDate", "8-1-2011");
Gefunden : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2269050.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gefunden : user_pref("CT2269050.FirstServerDate", "8-1-2011");
Gefunden : user_pref("CT2269050.FirstTime", true);
Gefunden : user_pref("CT2269050.FirstTimeFF3", true);
Gefunden : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gefunden : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2269050.Initialize", true);
Gefunden : user_pref("CT2269050.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2269050.InstalledDate", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gefunden : user_pref("CT2269050.InvalidateCache", false);
Gefunden : user_pref("CT2269050.IsGrouping", false);
Gefunden : user_pref("CT2269050.IsMulticommunity", false);
Gefunden : user_pref("CT2269050.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2269050.IsOpenUninstallPage", false);
Gefunden : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Jan 08 2011 02:50:26 GMT+0100");
Gefunden : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2269050.LastLogin_2.7.2.0", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gefunden : user_pref("CT2269050.LatestVersion", "3.2.5.2");
Gefunden : user_pref("CT2269050.Locale", "en");
Gefunden : user_pref("CT2269050.LoginCache", 4);
Gefunden : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2269050.RadioIsPodcast", false);
Gefunden : user_pref("CT2269050.RadioLastCheckTime", "Sat Jan 08 2011 02:50:25 GMT+0100");
Gefunden : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gefunden : user_pref("CT2269050.RadioMediaID", "12473383");
Gefunden : user_pref("CT2269050.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gefunden : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gefunden : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gefunden : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Gefunden : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Jan 08 2011 02:50:25 GMT+0100");
Gefunden : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jan 08 2011 02:50:23 GMT+0100");
Gefunden : user_pref("CT2269050.SettingsLastUpdate", "1294298742");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 02:50:23 GMT+0100");
Gefunden : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gefunden : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2269050.UserID", "UN99637534794830859");
Gefunden : user_pref("CT2269050.WeatherNetwork", "");
Gefunden : user_pref("CT2269050.WeatherPollDate", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gefunden : user_pref("CT2269050.WeatherUnit", "C");
Gefunden : user_pref("CT2269050.alertChannelId", "666138");
Gefunden : user_pref("CT2269050.clientLogIsEnabled", false);
Gefunden : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2269050.myStuffEnabled", true);
Gefunden : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gefunden : user_pref("browser.search.selectedEngine", "AVG Secure Search");
*************************
AdwCleaner[R1].txt - [12846 octets] - [09/10/2012 21:08:00]
########## EOF - C:\AdwCleaner[R1].txt - [12907 octets] ##########
|
|
09.10.2012, 20:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von EXP/2012-4681.AD adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 20:58
| #9 |
| | Avira meldet Fund von EXP/2012-4681.AD Hallo Cosinus, wie gewünscht der logfile nach löschen: Code:
ATTFilter # AdwCleaner v2.004 - Datei am 09/10/2012 um 21:51:30 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Gudrun - GUDRUN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gudrun\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Gudrun\AppData\Roaming\Mozilla\Firefox\Profiles\2bkmojau.default\searchplugins\Conduit.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Users\Gudrun\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Gudrun\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Gudrun\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Gudrun\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gudrun\AppData\Roaming\Mozilla\Firefox\Profiles\2bkmojau.default\Conduit
Ordner Gelöscht : C:\Users\Gudrun\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={4AE2B5FB-E346-4EE4-BDB5-09A917907C5F}&mid=4fac279c330747d0ba0dd16d12ecf9e9-8dc8cad4a6bede33ff2e8eddf041979e041bbedf&lang=de&ds=gm011&pr=sa&d=2012-09-12 19:14:20&v=12.2.5.34&sap=hp --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Gudrun\AppData\Roaming\Mozilla\Firefox\Profiles\2bkmojau.default\prefs.js
C:\Users\Gudrun\AppData\Roaming\Mozilla\Firefox\Profiles\2bkmojau.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "8-1-2011");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gelöscht : user_pref("CT2269050.FirstServerDate", "8-1-2011");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Jan 08 2011 02:50:26 GMT+0100");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.2.5.2");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sat Jan 08 2011 02:50:25 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Jan 08 2011 02:50:25 GMT+0100");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jan 08 2011 02:50:23 GMT+0100");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1294298742");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Jan 08 2011 02:50:23 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN99637534794830859");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sat Jan 08 2011 02:50:24 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "AVG Secure Search");
*************************
AdwCleaner[R1].txt - [12977 octets] - [09/10/2012 21:08:00]
AdwCleaner[S1].txt - [12565 octets] - [09/10/2012 21:51:30]
########## EOF - C:\AdwCleaner[S1].txt - [12626 octets] ##########
|
|
10.10.2012, 10:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von EXP/2012-4681.AD Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.10.2012, 19:42
| #11 |
| | Avira meldet Fund von EXP/2012-4681.AD Hallo Cosinus, 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? Was meinst Du mit uneingeschränkt? Ging immer uneingeschränkt denke ich. 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? Nutze das Startmenu fast nie. Leere Ordner sind keine, wüsste nicht, dass was fehlt. Das einzige was mir unbekannt ist im Startmenu das Adobe Help und im Adobe Ordner der Adobe Media Reader. Mfg |
|
19.10.2012, 20:36
| #12 |
| | Avira meldet Fund von EXP/2012-4681.AD Hallo Cosinus, hier wie gewünscht der Log (1 Fund): Code:
ATTFilter 21:27:31.0901 3584 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:27:32.0167 3584 ============================================================
21:27:32.0167 3584 Current date / time: 2012/10/19 21:27:32.0167
21:27:32.0167 3584 SystemInfo:
21:27:32.0167 3584
21:27:32.0167 3584 OS Version: 6.1.7601 ServicePack: 1.0
21:27:32.0167 3584 Product type: Workstation
21:27:32.0168 3584 ComputerName: GUDRUN-PC
21:27:32.0168 3584 UserName: Gudrun
21:27:32.0168 3584 Windows directory: C:\Windows
21:27:32.0168 3584 System windows directory: C:\Windows
21:27:32.0168 3584 Processor architecture: Intel x86
21:27:32.0168 3584 Number of processors: 2
21:27:32.0168 3584 Page size: 0x1000
21:27:32.0168 3584 Boot type: Normal boot
21:27:32.0168 3584 ============================================================
21:27:33.0532 3584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:27:33.0534 3584 ============================================================
21:27:33.0534 3584 \Device\Harddisk0\DR0:
21:27:33.0535 3584 MBR partitions:
21:27:33.0535 3584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x2F984000
21:27:33.0535 3584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x31384800, BlocksNum 0x9001000
21:27:33.0535 3584 ============================================================
21:27:33.0557 3584 C: <-> \Device\Harddisk0\DR0\Partition1
21:27:33.0604 3584 D: <-> \Device\Harddisk0\DR0\Partition2
21:27:33.0604 3584 ============================================================
21:27:33.0604 3584 Initialize success
21:27:33.0604 3584 ============================================================
21:28:19.0013 2864 ============================================================
21:28:19.0013 2864 Scan started
21:28:19.0013 2864 Mode: Manual; SigCheck; TDLFS;
21:28:19.0013 2864 ============================================================
21:28:19.0754 2864 ================ Scan system memory ========================
21:28:19.0754 2864 System memory - ok
21:28:19.0754 2864 ================ Scan services =============================
21:28:19.0944 2864 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:28:20.0054 2864 1394ohci - ok
21:28:20.0144 2864 [ DA115C33158E4ED1CCE74221F320B6B3 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
21:28:20.0164 2864 acedrv11 - ok
21:28:20.0214 2864 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:28:20.0264 2864 ACPI - ok
21:28:20.0334 2864 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:28:20.0414 2864 AcpiPmi - ok
21:28:20.0594 2864 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:20.0614 2864 AdobeARMservice - ok
21:28:20.0734 2864 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:20.0754 2864 AdobeFlashPlayerUpdateSvc - ok
21:28:20.0824 2864 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:28:20.0854 2864 adp94xx - ok
21:28:20.0904 2864 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:28:20.0934 2864 adpahci - ok
21:28:20.0964 2864 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:28:20.0984 2864 adpu320 - ok
21:28:21.0034 2864 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:28:21.0074 2864 AeLookupSvc - ok
21:28:21.0146 2864 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:28:21.0224 2864 AFD - ok
21:28:21.0255 2864 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:28:21.0271 2864 agp440 - ok
21:28:21.0318 2864 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:28:21.0333 2864 aic78xx - ok
21:28:21.0552 2864 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
21:28:21.0552 2864 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
21:28:21.0567 2864 Akamai ( HiddenFile.Multi.Generic ) - warning
21:28:21.0567 2864 Akamai - detected HiddenFile.Multi.Generic (1)
21:28:21.0627 2864 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:28:21.0707 2864 ALG - ok
21:28:21.0757 2864 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:28:21.0777 2864 aliide - ok
21:28:21.0837 2864 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:28:21.0907 2864 AMD External Events Utility - ok
21:28:21.0927 2864 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:28:21.0947 2864 amdagp - ok
21:28:21.0977 2864 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:28:21.0997 2864 amdide - ok
21:28:22.0087 2864 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:28:22.0157 2864 AmdK8 - ok
21:28:22.0267 2864 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:28:22.0337 2864 AmdPPM - ok
21:28:22.0397 2864 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:28:22.0417 2864 amdsata - ok
21:28:22.0477 2864 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:28:22.0497 2864 amdsbs - ok
21:28:22.0547 2864 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:28:22.0567 2864 amdxata - ok
21:28:22.0667 2864 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:28:22.0697 2864 AntiVirSchedulerService - ok
21:28:22.0757 2864 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:28:22.0777 2864 AntiVirService - ok
21:28:22.0837 2864 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:28:22.0967 2864 AppID - ok
21:28:23.0017 2864 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:28:23.0077 2864 AppIDSvc - ok
21:28:23.0147 2864 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:28:23.0207 2864 Appinfo - ok
21:28:23.0267 2864 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:28:23.0277 2864 arc - ok
21:28:23.0287 2864 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:28:23.0307 2864 arcsas - ok
21:28:23.0327 2864 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:28:23.0437 2864 AsyncMac - ok
21:28:23.0457 2864 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:28:23.0467 2864 atapi - ok
21:28:23.0527 2864 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
21:28:23.0637 2864 athr - ok
21:28:23.0797 2864 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:28:23.0957 2864 atikmdag - ok
21:28:24.0037 2864 [ 70F72C50D39F5AFA76C17F86223A7C4F ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
21:28:24.0057 2864 atksgt - ok
21:28:24.0127 2864 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:28:24.0197 2864 AudioEndpointBuilder - ok
21:28:24.0207 2864 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:28:24.0237 2864 Audiosrv - ok
21:28:24.0287 2864 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:28:24.0297 2864 avgntflt - ok
21:28:24.0367 2864 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
21:28:24.0387 2864 avgtp - ok
21:28:24.0447 2864 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:28:24.0467 2864 avipbb - ok
21:28:24.0497 2864 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:28:24.0507 2864 avkmgr - ok
21:28:24.0547 2864 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:28:24.0627 2864 AxInstSV - ok
21:28:24.0687 2864 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:28:24.0767 2864 b06bdrv - ok
21:28:24.0827 2864 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:28:24.0847 2864 b57nd60x - ok
21:28:24.0907 2864 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:28:24.0977 2864 BDESVC - ok
21:28:24.0987 2864 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:28:25.0057 2864 Beep - ok
21:28:25.0097 2864 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:28:25.0157 2864 BFE - ok
21:28:25.0207 2864 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:28:25.0287 2864 BITS - ok
21:28:25.0327 2864 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:28:25.0337 2864 blbdrive - ok
21:28:25.0387 2864 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:28:25.0447 2864 bowser - ok
21:28:25.0467 2864 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:28:25.0497 2864 BrFiltLo - ok
21:28:25.0517 2864 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:28:25.0557 2864 BrFiltUp - ok
21:28:25.0597 2864 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:28:25.0667 2864 Browser - ok
21:28:25.0717 2864 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:28:25.0757 2864 Brserid - ok
21:28:25.0777 2864 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:28:25.0827 2864 BrSerWdm - ok
21:28:25.0847 2864 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:28:25.0897 2864 BrUsbMdm - ok
21:28:25.0927 2864 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:28:25.0987 2864 BrUsbSer - ok
21:28:26.0017 2864 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:28:26.0067 2864 BTHMODEM - ok
21:28:26.0127 2864 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:28:26.0187 2864 bthserv - ok
21:28:26.0247 2864 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:28:26.0327 2864 cdfs - ok
21:28:26.0397 2864 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:28:26.0447 2864 cdrom - ok
21:28:26.0507 2864 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:28:26.0577 2864 CertPropSvc - ok
21:28:26.0637 2864 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:28:26.0687 2864 circlass - ok
21:28:26.0727 2864 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:28:26.0757 2864 CLFS - ok
21:28:26.0877 2864 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:26.0897 2864 clr_optimization_v2.0.50727_32 - ok
21:28:26.0997 2864 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:27.0017 2864 clr_optimization_v4.0.30319_32 - ok
21:28:27.0067 2864 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:28:27.0107 2864 CmBatt - ok
21:28:27.0137 2864 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:28:27.0167 2864 cmdide - ok
21:28:27.0217 2864 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:28:27.0257 2864 CNG - ok
21:28:27.0347 2864 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:28:27.0367 2864 Compbatt - ok
21:28:27.0397 2864 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:28:27.0437 2864 CompositeBus - ok
21:28:27.0457 2864 COMSysApp - ok
21:28:27.0477 2864 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:28:27.0487 2864 crcdisk - ok
21:28:27.0537 2864 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:28:27.0617 2864 CryptSvc - ok
21:28:27.0717 2864 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
21:28:27.0737 2864 DAUpdaterSvc - ok
21:28:27.0777 2864 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:28:27.0827 2864 DcomLaunch - ok
21:28:27.0857 2864 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:28:27.0927 2864 defragsvc - ok
21:28:27.0987 2864 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:28:28.0057 2864 DfsC - ok
21:28:28.0117 2864 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:28:28.0177 2864 Dhcp - ok
21:28:28.0237 2864 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:28:28.0297 2864 discache - ok
21:28:28.0337 2864 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:28:28.0347 2864 Disk - ok
21:28:28.0407 2864 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:28:28.0427 2864 Dnscache - ok
21:28:28.0467 2864 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:28:28.0537 2864 dot3svc - ok
21:28:28.0577 2864 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:28:28.0647 2864 DPS - ok
21:28:28.0707 2864 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:28:28.0757 2864 drmkaud - ok
21:28:28.0807 2864 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:28:28.0847 2864 DXGKrnl - ok
21:28:28.0917 2864 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:28:28.0987 2864 EapHost - ok
21:28:29.0117 2864 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:28:29.0227 2864 ebdrv - ok
21:28:29.0277 2864 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:28:29.0307 2864 EFS - ok
21:28:29.0387 2864 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:28:29.0437 2864 ehRecvr - ok
21:28:29.0477 2864 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:28:29.0517 2864 ehSched - ok
21:28:29.0587 2864 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:28:29.0617 2864 elxstor - ok
21:28:29.0637 2864 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:28:29.0667 2864 ErrDev - ok
21:28:29.0747 2864 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:28:29.0807 2864 EventSystem - ok
21:28:29.0847 2864 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:28:29.0907 2864 exfat - ok
21:28:29.0947 2864 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:28:30.0007 2864 fastfat - ok
21:28:30.0077 2864 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:28:30.0137 2864 Fax - ok
21:28:30.0177 2864 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:28:30.0217 2864 fdc - ok
21:28:30.0267 2864 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:28:30.0327 2864 fdPHost - ok
21:28:30.0347 2864 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:28:30.0397 2864 FDResPub - ok
21:28:30.0427 2864 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:28:30.0437 2864 FileInfo - ok
21:28:30.0447 2864 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:28:30.0517 2864 Filetrace - ok
21:28:30.0567 2864 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:28:30.0587 2864 flpydisk - ok
21:28:30.0627 2864 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:28:30.0647 2864 FltMgr - ok
21:28:30.0697 2864 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:28:30.0777 2864 FontCache - ok
21:28:30.0857 2864 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:28:30.0867 2864 FontCache3.0.0.0 - ok
21:28:30.0917 2864 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:28:30.0937 2864 FsDepends - ok
21:28:30.0977 2864 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:28:30.0987 2864 Fs_Rec - ok
21:28:31.0037 2864 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:28:31.0057 2864 fvevol - ok
21:28:31.0077 2864 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:28:31.0097 2864 gagp30kx - ok
21:28:31.0157 2864 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
21:28:31.0167 2864 ggflt - ok
21:28:31.0217 2864 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
21:28:31.0237 2864 ggsemc - ok
21:28:31.0287 2864 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:28:31.0363 2864 gpsvc - ok
21:28:31.0457 2864 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:31.0472 2864 gupdate - ok
21:28:31.0504 2864 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:28:31.0535 2864 gupdatem - ok
21:28:31.0566 2864 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:28:31.0597 2864 hcw85cir - ok
21:28:31.0660 2864 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:28:31.0691 2864 HdAudAddService - ok
21:28:31.0753 2864 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:28:31.0800 2864 HDAudBus - ok
21:28:31.0831 2864 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:28:31.0878 2864 HidBatt - ok
21:28:31.0909 2864 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:28:31.0956 2864 HidBth - ok
21:28:31.0987 2864 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:28:32.0018 2864 HidIr - ok
21:28:32.0065 2864 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:28:32.0128 2864 hidserv - ok
21:28:32.0190 2864 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:28:32.0237 2864 HidUsb - ok
21:28:32.0284 2864 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:28:32.0315 2864 hkmsvc - ok
21:28:32.0330 2864 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:28:32.0377 2864 HomeGroupListener - ok
21:28:32.0424 2864 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:28:32.0471 2864 HomeGroupProvider - ok
21:28:32.0533 2864 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:28:32.0549 2864 HpSAMD - ok
21:28:32.0596 2864 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:28:32.0642 2864 HTTP - ok
21:28:32.0689 2864 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:28:32.0705 2864 hwpolicy - ok
21:28:32.0752 2864 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:28:32.0783 2864 i8042prt - ok
21:28:32.0814 2864 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:28:32.0845 2864 iaStorV - ok
21:28:32.0908 2864 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:28:32.0970 2864 idsvc - ok
21:28:33.0017 2864 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:28:33.0048 2864 iirsp - ok
21:28:33.0095 2864 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:28:33.0173 2864 IKEEXT - ok
21:28:33.0220 2864 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:28:33.0235 2864 intelide - ok
21:28:33.0282 2864 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:28:33.0313 2864 intelppm - ok
21:28:33.0391 2864 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:28:33.0454 2864 IPBusEnum - ok
21:28:33.0485 2864 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:28:33.0532 2864 IpFilterDriver - ok
21:28:33.0610 2864 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:28:33.0656 2864 iphlpsvc - ok
21:28:33.0688 2864 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:28:33.0703 2864 IPMIDRV - ok
21:28:33.0750 2864 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:28:33.0797 2864 IPNAT - ok
21:28:33.0844 2864 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:28:33.0890 2864 IRENUM - ok
21:28:33.0906 2864 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:28:33.0922 2864 isapnp - ok
21:28:33.0937 2864 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:28:33.0953 2864 iScsiPrt - ok
21:28:33.0984 2864 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:28:34.0000 2864 kbdclass - ok
21:28:34.0031 2864 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:28:34.0046 2864 kbdhid - ok
21:28:34.0109 2864 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:28:34.0140 2864 KeyIso - ok
21:28:34.0187 2864 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:28:34.0202 2864 KSecDD - ok
21:28:34.0218 2864 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:28:34.0234 2864 KSecPkg - ok
21:28:34.0284 2864 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:28:34.0364 2864 KtmRm - ok
21:28:34.0424 2864 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:28:34.0474 2864 LanmanServer - ok
21:28:34.0514 2864 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:28:34.0554 2864 LanmanWorkstation - ok
21:28:34.0634 2864 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
21:28:34.0654 2864 lirsgt - ok
21:28:34.0724 2864 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:28:34.0784 2864 lltdio - ok
21:28:34.0834 2864 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:28:34.0894 2864 lltdsvc - ok
21:28:34.0914 2864 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:28:34.0984 2864 lmhosts - ok
21:28:35.0024 2864 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:28:35.0034 2864 LSI_FC - ok
21:28:35.0084 2864 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:28:35.0094 2864 LSI_SAS - ok
21:28:35.0114 2864 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:28:35.0134 2864 LSI_SAS2 - ok
21:28:35.0154 2864 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:28:35.0164 2864 LSI_SCSI - ok
21:28:35.0184 2864 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:28:35.0234 2864 luafv - ok
21:28:35.0284 2864 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:28:35.0294 2864 Mcx2Svc - ok
21:28:35.0304 2864 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:28:35.0324 2864 megasas - ok
21:28:35.0344 2864 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:28:35.0364 2864 MegaSR - ok
21:28:35.0404 2864 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:28:35.0434 2864 MMCSS - ok
21:28:35.0454 2864 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:28:35.0504 2864 Modem - ok
21:28:35.0534 2864 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:28:35.0574 2864 monitor - ok
21:28:35.0624 2864 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:28:35.0634 2864 mouclass - ok
21:28:35.0654 2864 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:28:35.0684 2864 mouhid - ok
21:28:35.0724 2864 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:28:35.0744 2864 mountmgr - ok
21:28:35.0824 2864 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:28:35.0844 2864 MozillaMaintenance - ok
21:28:35.0864 2864 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:28:35.0874 2864 mpio - ok
21:28:35.0914 2864 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:28:35.0984 2864 mpsdrv - ok
21:28:36.0104 2864 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:28:36.0204 2864 MpsSvc - ok
21:28:36.0224 2864 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:28:36.0264 2864 MRxDAV - ok
21:28:36.0334 2864 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:28:36.0394 2864 mrxsmb - ok
21:28:36.0454 2864 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:28:36.0474 2864 mrxsmb10 - ok
21:28:36.0514 2864 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:28:36.0544 2864 mrxsmb20 - ok
21:28:36.0594 2864 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:28:36.0614 2864 msahci - ok
21:28:36.0664 2864 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:28:36.0684 2864 msdsm - ok
21:28:36.0714 2864 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:28:36.0754 2864 MSDTC - ok
21:28:36.0794 2864 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:28:36.0864 2864 Msfs - ok
21:28:36.0884 2864 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:28:36.0964 2864 mshidkmdf - ok
21:28:37.0024 2864 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:28:37.0044 2864 msisadrv - ok
21:28:37.0144 2864 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:28:37.0194 2864 MSiSCSI - ok
21:28:37.0194 2864 msiserver - ok
21:28:37.0334 2864 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:28:37.0394 2864 MSKSSRV - ok
21:28:37.0434 2864 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:28:37.0494 2864 MSPCLOCK - ok
21:28:37.0514 2864 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:28:37.0544 2864 MSPQM - ok
21:28:37.0564 2864 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:28:37.0584 2864 MsRPC - ok
21:28:37.0624 2864 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:28:37.0634 2864 mssmbios - ok
21:28:37.0644 2864 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:28:37.0674 2864 MSTEE - ok
21:28:37.0694 2864 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:28:37.0734 2864 MTConfig - ok
21:28:37.0764 2864 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:28:37.0774 2864 Mup - ok
21:28:37.0824 2864 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:28:37.0864 2864 napagent - ok
21:28:37.0934 2864 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:28:37.0964 2864 NativeWifiP - ok
21:28:38.0024 2864 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:28:38.0074 2864 NDIS - ok
21:28:38.0084 2864 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:28:38.0124 2864 NdisCap - ok
21:28:38.0154 2864 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:28:38.0214 2864 NdisTapi - ok
21:28:38.0254 2864 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:28:38.0314 2864 Ndisuio - ok
21:28:38.0344 2864 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:28:38.0404 2864 NdisWan - ok
21:28:38.0424 2864 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:28:38.0494 2864 NDProxy - ok
21:28:38.0564 2864 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:28:38.0604 2864 NetBIOS - ok
21:28:38.0644 2864 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:28:38.0704 2864 NetBT - ok
21:28:38.0724 2864 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:28:38.0744 2864 Netlogon - ok
21:28:38.0814 2864 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:28:38.0874 2864 Netman - ok
21:28:38.0914 2864 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:28:38.0974 2864 netprofm - ok
21:28:39.0024 2864 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:28:39.0044 2864 NetTcpPortSharing - ok
21:28:39.0094 2864 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:28:39.0114 2864 nfrd960 - ok
21:28:39.0164 2864 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:28:39.0234 2864 NlaSvc - ok
21:28:39.0264 2864 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:28:39.0304 2864 Npfs - ok
21:28:39.0344 2864 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:28:39.0374 2864 nsi - ok
21:28:39.0414 2864 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:28:39.0484 2864 nsiproxy - ok
21:28:39.0554 2864 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:28:39.0634 2864 Ntfs - ok
21:28:39.0644 2864 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:28:39.0694 2864 Null - ok
21:28:39.0734 2864 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:28:39.0754 2864 nvraid - ok
21:28:39.0814 2864 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:28:39.0834 2864 nvstor - ok
21:28:39.0844 2864 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:28:39.0854 2864 nv_agp - ok
21:28:39.0894 2864 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:28:39.0934 2864 ohci1394 - ok
21:28:40.0014 2864 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:40.0044 2864 ose - ok
21:28:40.0204 2864 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:40.0354 2864 osppsvc - ok
21:28:40.0394 2864 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:28:40.0464 2864 p2pimsvc - ok
21:28:40.0494 2864 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:28:40.0524 2864 p2psvc - ok
21:28:40.0564 2864 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:28:40.0574 2864 Parport - ok
21:28:40.0624 2864 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:28:40.0634 2864 partmgr - ok
21:28:40.0654 2864 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:28:40.0684 2864 Parvdm - ok
21:28:40.0724 2864 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:28:40.0744 2864 PcaSvc - ok
21:28:40.0794 2864 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:28:40.0824 2864 pci - ok
21:28:40.0834 2864 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:28:40.0844 2864 pciide - ok
21:28:40.0884 2864 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:28:40.0904 2864 pcmcia - ok
21:28:40.0944 2864 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:28:40.0954 2864 pcw - ok
21:28:40.0984 2864 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:28:41.0044 2864 PEAUTH - ok
21:28:41.0114 2864 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:28:41.0224 2864 pla - ok
21:28:41.0274 2864 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:28:41.0304 2864 PlugPlay - ok
21:28:41.0334 2864 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:28:41.0374 2864 PNRPAutoReg - ok
21:28:41.0404 2864 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:28:41.0424 2864 PNRPsvc - ok
21:28:41.0474 2864 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:28:41.0504 2864 PolicyAgent - ok
21:28:41.0544 2864 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:28:41.0614 2864 Power - ok
21:28:41.0674 2864 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:28:41.0744 2864 PptpMiniport - ok
21:28:41.0754 2864 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:28:41.0794 2864 Processor - ok
21:28:41.0864 2864 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:28:41.0914 2864 ProfSvc - ok
21:28:41.0944 2864 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:28:41.0954 2864 ProtectedStorage - ok
21:28:41.0984 2864 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:28:42.0054 2864 Psched - ok
21:28:42.0134 2864 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
21:28:42.0154 2864 PSI - ok
21:28:42.0234 2864 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:28:42.0304 2864 ql2300 - ok
21:28:42.0314 2864 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:28:42.0334 2864 ql40xx - ok
21:28:42.0374 2864 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:28:42.0424 2864 QWAVE - ok
21:28:42.0444 2864 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:28:42.0464 2864 QWAVEdrv - ok
21:28:42.0474 2864 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:28:42.0524 2864 RasAcd - ok
21:28:42.0554 2864 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:28:42.0624 2864 RasAgileVpn - ok
21:28:42.0654 2864 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:28:42.0694 2864 RasAuto - ok
21:28:42.0714 2864 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:28:42.0744 2864 Rasl2tp - ok
21:28:42.0794 2864 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:28:42.0874 2864 RasMan - ok
21:28:42.0894 2864 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:28:42.0954 2864 RasPppoe - ok
21:28:43.0024 2864 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:28:43.0084 2864 RasSstp - ok
21:28:43.0134 2864 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:28:43.0184 2864 rdbss - ok
21:28:43.0204 2864 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:28:43.0224 2864 rdpbus - ok
21:28:43.0264 2864 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:28:43.0314 2864 RDPCDD - ok
21:28:43.0354 2864 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:28:43.0384 2864 RDPENCDD - ok
21:28:43.0394 2864 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:28:43.0424 2864 RDPREFMP - ok
21:28:43.0464 2864 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:28:43.0494 2864 RDPWD - ok
21:28:43.0554 2864 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:28:43.0584 2864 rdyboost - ok
21:28:43.0624 2864 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:28:43.0684 2864 RemoteAccess - ok
21:28:43.0734 2864 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:28:43.0794 2864 RemoteRegistry - ok
21:28:43.0834 2864 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:28:43.0864 2864 RpcEptMapper - ok
21:28:43.0904 2864 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:28:43.0924 2864 RpcLocator - ok
21:28:43.0944 2864 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:28:43.0984 2864 RpcSs - ok
21:28:44.0034 2864 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:28:44.0094 2864 rspndr - ok
21:28:44.0124 2864 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:28:44.0134 2864 SamSs - ok
21:28:44.0154 2864 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:28:44.0164 2864 sbp2port - ok
21:28:44.0204 2864 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:28:44.0254 2864 SCardSvr - ok
21:28:44.0284 2864 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:28:44.0344 2864 scfilter - ok
21:28:44.0384 2864 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:28:44.0454 2864 Schedule - ok
21:28:44.0484 2864 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:28:44.0514 2864 SCPolicySvc - ok
21:28:44.0554 2864 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:28:44.0584 2864 SDRSVC - ok
21:28:44.0644 2864 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:28:44.0694 2864 secdrv - ok
21:28:44.0734 2864 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:28:44.0794 2864 seclogon - ok
21:28:44.0892 2864 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:28:44.0938 2864 Secunia PSI Agent - ok
21:28:44.0970 2864 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:28:44.0985 2864 Secunia Update Agent - ok
21:28:45.0048 2864 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:28:45.0110 2864 SENS - ok
21:28:45.0157 2864 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:28:45.0219 2864 SensrSvc - ok
21:28:45.0235 2864 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:28:45.0266 2864 Serenum - ok
21:28:45.0313 2864 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:28:45.0360 2864 Serial - ok
21:28:45.0375 2864 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:28:45.0422 2864 sermouse - ok
21:28:45.0469 2864 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:28:45.0516 2864 SessionEnv - ok
21:28:45.0562 2864 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:28:45.0578 2864 sffdisk - ok
21:28:45.0609 2864 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:28:45.0625 2864 sffp_mmc - ok
21:28:45.0640 2864 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:28:45.0672 2864 sffp_sd - ok
21:28:45.0703 2864 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:28:45.0734 2864 sfloppy - ok
21:28:45.0796 2864 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:28:45.0874 2864 SharedAccess - ok
21:28:45.0890 2864 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:28:45.0921 2864 ShellHWDetection - ok
21:28:45.0937 2864 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:28:45.0952 2864 sisagp - ok
21:28:45.0999 2864 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:28:46.0015 2864 SiSRaid2 - ok
21:28:46.0030 2864 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:28:46.0046 2864 SiSRaid4 - ok
21:28:46.0140 2864 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:28:46.0155 2864 SkypeUpdate - ok
21:28:46.0171 2864 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:28:46.0233 2864 Smb - ok
21:28:46.0296 2864 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:28:46.0327 2864 SNMPTRAP - ok
21:28:46.0452 2864 [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
21:28:46.0467 2864 Sony Ericsson PCCompanion - ok
21:28:46.0514 2864 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:28:46.0514 2864 spldr - ok
21:28:46.0576 2864 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:28:46.0639 2864 Spooler - ok
21:28:46.0717 2864 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:28:46.0842 2864 sppsvc - ok
21:28:46.0873 2864 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:28:46.0935 2864 sppuinotify - ok
21:28:46.0982 2864 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:28:47.0060 2864 srv - ok
21:28:47.0091 2864 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:28:47.0138 2864 srv2 - ok
21:28:47.0185 2864 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:28:47.0232 2864 srvnet - ok
21:28:47.0263 2864 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:28:47.0325 2864 SSDPSRV - ok
21:28:47.0388 2864 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:28:47.0403 2864 ssmdrv - ok
21:28:47.0403 2864 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:28:47.0450 2864 SstpSvc - ok
21:28:47.0497 2864 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:28:47.0497 2864 stexstor - ok
21:28:47.0544 2864 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:28:47.0606 2864 StiSvc - ok
21:28:47.0637 2864 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:28:47.0653 2864 swenum - ok
21:28:47.0700 2864 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:28:47.0746 2864 swprv - ok
21:28:47.0809 2864 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:28:47.0902 2864 SysMain - ok
21:28:47.0948 2864 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:28:47.0998 2864 TabletInputService - ok
21:28:48.0038 2864 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:28:48.0118 2864 TapiSrv - ok
21:28:48.0158 2864 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:28:48.0218 2864 TBS - ok
21:28:48.0318 2864 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:28:48.0388 2864 Tcpip - ok
21:28:48.0438 2864 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:28:48.0468 2864 TCPIP6 - ok
21:28:48.0528 2864 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:28:48.0588 2864 tcpipreg - ok
21:28:48.0648 2864 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:28:48.0678 2864 TDPIPE - ok
21:28:48.0718 2864 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:28:48.0728 2864 TDTCP - ok
21:28:48.0768 2864 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:28:48.0808 2864 tdx - ok
21:28:48.0818 2864 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:28:48.0838 2864 TermDD - ok
21:28:48.0888 2864 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:28:48.0948 2864 TermService - ok
21:28:49.0008 2864 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:28:49.0058 2864 Themes - ok
21:28:49.0078 2864 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:28:49.0108 2864 THREADORDER - ok
21:28:49.0138 2864 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:28:49.0198 2864 TrkWks - ok
21:28:49.0268 2864 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:28:49.0318 2864 TrustedInstaller - ok
21:28:49.0338 2864 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:28:49.0358 2864 tssecsrv - ok
21:28:49.0428 2864 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:28:49.0488 2864 TsUsbFlt - ok
21:28:49.0548 2864 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:28:49.0588 2864 tunnel - ok
21:28:49.0628 2864 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:28:49.0638 2864 uagp35 - ok
21:28:49.0658 2864 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:28:49.0708 2864 udfs - ok
21:28:49.0758 2864 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:28:49.0788 2864 UI0Detect - ok
21:28:49.0838 2864 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:28:49.0858 2864 uliagpkx - ok
21:28:49.0888 2864 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:28:49.0918 2864 umbus - ok
21:28:49.0978 2864 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:28:49.0998 2864 UmPass - ok
21:28:50.0048 2864 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:28:50.0128 2864 upnphost - ok
21:28:50.0168 2864 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:28:50.0198 2864 usbccgp - ok
21:28:50.0238 2864 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:28:50.0288 2864 usbcir - ok
21:28:50.0318 2864 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:28:50.0328 2864 usbehci - ok
21:28:50.0358 2864 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:28:50.0378 2864 usbhub - ok
21:28:50.0388 2864 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:28:50.0438 2864 usbohci - ok
21:28:50.0468 2864 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:28:50.0518 2864 usbprint - ok
21:28:50.0538 2864 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:28:50.0608 2864 USBSTOR - ok
21:28:50.0658 2864 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:28:50.0708 2864 usbuhci - ok
21:28:50.0778 2864 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:28:50.0828 2864 usbvideo - ok
21:28:50.0868 2864 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:28:50.0918 2864 UxSms - ok
21:28:50.0948 2864 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:28:50.0958 2864 VaultSvc - ok
21:28:50.0978 2864 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:28:50.0998 2864 vdrvroot - ok
21:28:51.0048 2864 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:28:51.0088 2864 vds - ok
21:28:51.0128 2864 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:28:51.0148 2864 vga - ok
21:28:51.0158 2864 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:28:51.0188 2864 VgaSave - ok
21:28:51.0218 2864 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:28:51.0238 2864 vhdmp - ok
21:28:51.0268 2864 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:28:51.0278 2864 viaagp - ok
21:28:51.0308 2864 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:28:51.0338 2864 ViaC7 - ok
21:28:51.0368 2864 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:28:51.0378 2864 viaide - ok
21:28:51.0398 2864 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:28:51.0408 2864 volmgr - ok
21:28:51.0458 2864 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:28:51.0478 2864 volmgrx - ok
21:28:51.0498 2864 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:28:51.0508 2864 volsnap - ok
21:28:51.0548 2864 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:28:51.0568 2864 vsmraid - ok
21:28:51.0618 2864 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:28:51.0718 2864 VSS - ok
21:28:51.0858 2864 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
21:28:51.0888 2864 vToolbarUpdater12.2.6 - ok
21:28:51.0908 2864 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:28:51.0938 2864 vwifibus - ok
21:28:51.0978 2864 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:28:51.0998 2864 vwififlt - ok
21:28:52.0048 2864 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:28:52.0088 2864 W32Time - ok
21:28:52.0098 2864 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:28:52.0138 2864 WacomPen - ok
21:28:52.0168 2864 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:28:52.0198 2864 WANARP - ok
21:28:52.0208 2864 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:28:52.0228 2864 Wanarpv6 - ok
21:28:52.0348 2864 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:28:52.0418 2864 WatAdminSvc - ok
21:28:52.0448 2864 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:28:52.0508 2864 wbengine - ok
21:28:52.0548 2864 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:28:52.0568 2864 WbioSrvc - ok
21:28:52.0608 2864 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:28:52.0668 2864 wcncsvc - ok
21:28:52.0698 2864 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:28:52.0758 2864 WcsPlugInService - ok
21:28:52.0798 2864 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:28:52.0818 2864 Wd - ok
21:28:52.0848 2864 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:28:52.0868 2864 Wdf01000 - ok
21:28:52.0878 2864 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:28:52.0898 2864 WdiServiceHost - ok
21:28:52.0908 2864 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:28:52.0928 2864 WdiSystemHost - ok
21:28:52.0968 2864 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:28:52.0998 2864 WebClient - ok
21:28:53.0038 2864 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:28:53.0068 2864 Wecsvc - ok
21:28:53.0088 2864 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:28:53.0118 2864 wercplsupport - ok
21:28:53.0138 2864 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:28:53.0188 2864 WerSvc - ok
21:28:53.0248 2864 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:28:53.0288 2864 WfpLwf - ok
21:28:53.0308 2864 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:28:53.0318 2864 WIMMount - ok
21:28:53.0395 2864 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:28:53.0473 2864 WinDefend - ok
21:28:53.0488 2864 WinHttpAutoProxySvc - ok
21:28:53.0566 2864 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:28:53.0629 2864 Winmgmt - ok
21:28:53.0691 2864 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:28:53.0769 2864 WinRM - ok
21:28:53.0863 2864 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:28:53.0925 2864 Wlansvc - ok
21:28:53.0972 2864 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:28:54.0019 2864 WmiAcpi - ok
21:28:54.0054 2864 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:28:54.0104 2864 wmiApSrv - ok
21:28:54.0224 2864 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:28:54.0284 2864 WMPNetworkSvc - ok
21:28:54.0324 2864 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:28:54.0384 2864 WPCSvc - ok
21:28:54.0424 2864 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:28:54.0474 2864 WPDBusEnum - ok
21:28:54.0504 2864 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:28:54.0544 2864 ws2ifsl - ok
21:28:54.0584 2864 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:28:54.0624 2864 wscsvc - ok
21:28:54.0624 2864 WSearch - ok
21:28:54.0704 2864 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:28:54.0794 2864 wuauserv - ok
21:28:54.0804 2864 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:28:54.0864 2864 WudfPf - ok
21:28:54.0904 2864 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:28:54.0934 2864 WUDFRd - ok
21:28:54.0994 2864 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:28:55.0054 2864 wudfsvc - ok
21:28:55.0094 2864 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:28:55.0134 2864 WwanSvc - ok
21:28:55.0204 2864 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
21:28:55.0224 2864 yukonw7 - ok
21:28:55.0234 2864 ================ Scan global ===============================
21:28:55.0284 2864 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:28:55.0334 2864 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:28:55.0354 2864 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:28:55.0404 2864 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:28:55.0434 2864 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:28:55.0434 2864 [Global] - ok
21:28:55.0434 2864 ================ Scan MBR ==================================
21:28:55.0454 2864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:28:55.0854 2864 \Device\Harddisk0\DR0 - ok
21:28:55.0854 2864 ================ Scan VBR ==================================
21:28:55.0854 2864 [ 9E16E781107B13B581AD18D339F0CD57 ] \Device\Harddisk0\DR0\Partition1
21:28:55.0854 2864 \Device\Harddisk0\DR0\Partition1 - ok
21:28:55.0884 2864 [ F563F5D5679439447FAFCCDC6CA9AAA6 ] \Device\Harddisk0\DR0\Partition2
21:28:55.0884 2864 \Device\Harddisk0\DR0\Partition2 - ok
21:28:55.0884 2864 ============================================================
21:28:55.0884 2864 Scan finished
21:28:55.0884 2864 ============================================================
21:28:55.0944 3128 Detected object count: 1
21:28:55.0944 3128 Actual detected object count: 1
21:29:15.0725 3128 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:29:15.0725 3128 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
|
|
11.10.2012, 12:46
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von EXP/2012-4681.AD Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.10.2012, 21:24
| #14 |
| | Avira meldet Fund von EXP/2012-4681.AD Hallo Cosinus, wie gewünscht der OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 22:05:55 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gudrun\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 76,10% Memory free
5,93 Gb Paging File | 5,03 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 380,76 Gb Total Space | 178,89 Gb Free Space | 46,98% Space Free | Partition Type: NTFS
Drive D: | 72,00 Gb Total Space | 56,83 Gb Free Space | 78,93% Space Free | Partition Type: NTFS
Computer Name: GUDRUN-PC | User Name: Gudrun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.11 21:58:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL(1).exe
PRC - [2012.09.12 19:14:10 | 000,722,528 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012.08.20 19:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gudrun\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.08.01 09:43:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.07.25 10:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2012.05.08 20:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:58:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
========== Modules (No Company Name) ==========
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2012.10.08 21:52:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.12 19:14:10 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012.09.10 21:29:31 | 004,537,664 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012.09.07 21:21:14 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 20:58:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:58:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.12 04:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2012.09.12 19:14:15 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.05.08 20:58:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:58:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.26 19:52:55 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.03.26 19:52:55 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.12.19 23:34:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.12.19 23:34:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.20 13:28:24 | 000,295,432 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:21:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:21:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:21:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:21:11 | 000,000,000 | ---D | M]
[2011.01.08 03:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Extensions
[2012.09.28 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions
[2011.03.04 22:14:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.19 16:24:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Gudrun\AppData\Roaming\mozilla\Firefox\Profiles\2bkmojau.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.28 19:01:12 | 000,395,927 | ---- | M] () (No name found) -- C:\Users\Gudrun\AppData\Roaming\mozilla\firefox\profiles\2bkmojau.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2012.09.07 21:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 21:21:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 21:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 21:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.07 21:21:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000..\Run: [Akamai NetSession Interface] C:\Users\Gudrun\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2694796141-4042297030-3838815509-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gudrun\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gudrun\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D096CB6-6E80-4267-8CDB-31064E4F6412}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6126C79-D0CD-4382-80DC-95F092E57F9E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.11 21:58:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL(1).exe
[2012.10.10 08:08:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 08:07:46 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.10.10 08:07:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.10.10 08:07:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 08:07:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 08:07:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 08:07:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 08:07:29 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 08:07:29 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.07 23:12:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.10.06 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\Gudrun\AppData\Roaming\Malwarebytes
[2012.10.06 13:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 13:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 13:59:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 13:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.26 16:45:01 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012.09.21 23:14:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.21 23:13:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.21 23:13:58 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.21 23:13:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.21 23:13:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.21 23:13:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.21 23:13:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.21 23:13:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.09.12 19:16:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012.09.12 19:16:46 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.09.12 19:16:46 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012.09.12 19:16:45 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.09.12 19:14:15 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.09.12 19:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.09.12 19:12:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.11 21:59:44 | 001,085,040 | ---- | M] () -- C:\Users\Gudrun\Desktop\Hochzeit.rar
[2012.10.11 21:58:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gudrun\Desktop\OTL(1).exe
[2012.10.11 21:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.11 21:36:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.11 21:30:06 | 000,010,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 21:30:06 | 000,010,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 21:25:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.11 21:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 21:22:25 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.09 20:54:22 | 000,512,373 | R--- | M] () -- C:\Users\Gudrun\Desktop\bestuhlungsplan1.jpg
[2012.10.08 21:52:07 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.08 21:52:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 23:12:24 | 583,044,766 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.07 21:37:37 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.07 21:37:37 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.07 21:37:37 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 21:37:37 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.07 09:42:16 | 000,302,592 | ---- | M] () -- C:\Users\Gudrun\Desktop\hwkj8rvb.exe
[2012.10.07 08:38:58 | 000,000,000 | ---- | M] () -- C:\Users\Gudrun\defogger_reenable
[2012.10.07 08:36:41 | 000,084,420 | ---- | M] () -- C:\Users\Gudrun\Desktop\Artikel10.pdf
[2012.10.07 08:31:17 | 000,050,477 | ---- | M] () -- C:\Users\Gudrun\Desktop\Defogger.exe
[2012.10.06 15:43:10 | 000,016,323 | ---- | M] () -- C:\Users\Gudrun\Desktop\Avira_Report_6_10_2012.pdf
[2012.10.06 13:59:42 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.01 21:45:23 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\DanBasic V.lnk
[2012.09.14 20:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.09.12 19:14:15 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.11 21:59:43 | 001,085,040 | ---- | C] () -- C:\Users\Gudrun\Desktop\Hochzeit.rar
[2012.10.09 20:54:21 | 000,512,373 | R--- | C] () -- C:\Users\Gudrun\Desktop\bestuhlungsplan1.jpg
[2012.10.07 23:12:24 | 583,044,766 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.10.07 09:42:16 | 000,302,592 | ---- | C] () -- C:\Users\Gudrun\Desktop\hwkj8rvb.exe
[2012.10.07 08:38:58 | 000,000,000 | ---- | C] () -- C:\Users\Gudrun\defogger_reenable
[2012.10.07 08:36:41 | 000,084,420 | ---- | C] () -- C:\Users\Gudrun\Desktop\Artikel10.pdf
[2012.10.07 08:31:17 | 000,050,477 | ---- | C] () -- C:\Users\Gudrun\Desktop\Defogger.exe
[2012.10.06 15:43:08 | 000,016,323 | ---- | C] () -- C:\Users\Gudrun\Desktop\Avira_Report_6_10_2012.pdf
[2012.10.06 13:59:42 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.01 21:39:05 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\DanBasic V.lnk
[2012.07.15 22:04:02 | 000,004,593 | ---- | C] () -- C:\Users\Gudrun\.recently-used.xbel
[2012.03.26 19:52:55 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.03.26 19:52:55 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.03.13 01:17:03 | 000,000,045 | ---- | C] () -- C:\Users\Gudrun\.gtk-bookmarks
[2011.01.28 13:32:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.10.14 09:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Mfg |
|
12.10.2012, 11:52
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet Fund von EXP/2012-4681.AD Anleitung falsch umgesetzt bzw, nicht richtig gelesen, denn du hast keinen CustomScan gemacht
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Avira meldet Fund von EXP/2012-4681.AD |
| akamai, avg secure search, avg security toolbar, avira, bho, cid, converter, document, error, exp/2012-4681.ad, fehler, festplatte, flash player, helper, home, iexplore.exe, install.exe, karte, logfile, mozilla, mp3, ntdll.dll, plug-in, problem, programm, registry, secunia psi, secure search, security, senden, svchost.exe, taskhost.exe, trojaner, vtoolbarupdater, windows, windows.old, wuauclt.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
