| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.WinlockWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2012, 09:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan.Winlock Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.10.2012, 20:56
| #17 |
 | Trojan.Winlock Hi, hier das LOG. ..10 Funde :-(
__________________Code:
ATTFilter 21:45:54.0290 4440 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:45:54.0337 4440 ============================================================
21:45:54.0337 4440 Current date / time: 2012/10/19 21:45:54.0337
21:45:54.0337 4440 SystemInfo:
21:45:54.0352 4440
21:45:54.0352 4440 OS Version: 6.0.6002 ServicePack: 2.0
21:45:54.0352 4440 Product type: Workstation
21:45:54.0352 4440 ComputerName: GARTENPC
21:45:54.0352 4440 UserName: LeberechtHesse
21:45:54.0352 4440 Windows directory: C:\Windows
21:45:54.0352 4440 System windows directory: C:\Windows
21:45:54.0352 4440 Processor architecture: Intel x86
21:45:54.0352 4440 Number of processors: 2
21:45:54.0352 4440 Page size: 0x1000
21:45:54.0352 4440 Boot type: Normal boot
21:45:54.0352 4440 ============================================================
21:45:55.0756 4440 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:45:55.0772 4440 ============================================================
21:45:55.0772 4440 \Device\Harddisk0\DR0:
21:45:55.0772 4440 MBR partitions:
21:45:55.0772 4440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x370BE800
21:45:55.0772 4440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x370BF000, BlocksNum 0x32C6800
21:45:55.0772 4440 ============================================================
21:45:55.0819 4440 C: <-> \Device\Harddisk0\DR0\Partition1
21:45:55.0834 4440 D: <-> \Device\Harddisk0\DR0\Partition2
21:45:55.0834 4440 ============================================================
21:45:55.0834 4440 Initialize success
21:45:55.0834 4440 ============================================================
21:46:11.0840 1976 ============================================================
21:46:11.0840 1976 Scan started
21:46:11.0840 1976 Mode: Manual; SigCheck; TDLFS;
21:46:11.0840 1976 ============================================================
21:46:12.0121 1976 ================ Scan system memory ========================
21:46:12.0121 1976 System memory - ok
21:46:12.0121 1976 ================ Scan services =============================
21:46:12.0245 1976 ACDaemon - ok
21:46:12.0791 1976 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:46:12.0947 1976 ACPI - ok
21:46:13.0025 1976 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:46:13.0041 1976 AdobeFlashPlayerUpdateSvc - ok
21:46:13.0088 1976 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:46:13.0119 1976 adp94xx - ok
21:46:13.0119 1976 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:46:13.0150 1976 adpahci - ok
21:46:13.0150 1976 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:46:13.0166 1976 adpu160m - ok
21:46:13.0197 1976 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:46:13.0213 1976 adpu320 - ok
21:46:13.0275 1976 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:46:13.0337 1976 AeLookupSvc - ok
21:46:13.0384 1976 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
21:46:13.0415 1976 Afc ( UnsignedFile.Multi.Generic ) - warning
21:46:13.0415 1976 Afc - detected UnsignedFile.Multi.Generic (1)
21:46:13.0462 1976 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:46:13.0556 1976 AFD - ok
21:46:13.0603 1976 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:46:13.0618 1976 agp440 - ok
21:46:13.0634 1976 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:46:13.0649 1976 aic78xx - ok
21:46:13.0681 1976 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:46:13.0805 1976 ALG - ok
21:46:13.0852 1976 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:46:13.0868 1976 aliide - ok
21:46:13.0899 1976 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:46:13.0915 1976 amdagp - ok
21:46:13.0915 1976 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:46:13.0946 1976 amdide - ok
21:46:13.0961 1976 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:46:14.0024 1976 AmdK7 - ok
21:46:14.0024 1976 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:46:14.0071 1976 AmdK8 - ok
21:46:14.0133 1976 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:46:14.0149 1976 Appinfo - ok
21:46:14.0195 1976 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:46:14.0211 1976 arc - ok
21:46:14.0242 1976 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:46:14.0258 1976 arcsas - ok
21:46:14.0305 1976 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:14.0336 1976 AsyncMac - ok
21:46:14.0398 1976 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:46:14.0414 1976 atapi - ok
21:46:14.0461 1976 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:46:14.0523 1976 AudioEndpointBuilder - ok
21:46:14.0523 1976 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:46:14.0554 1976 Audiosrv - ok
21:46:14.0617 1976 [ 108E6C705A509B3747D02BEEB761AD73 ] AVerFx2hbtv C:\Windows\system32\drivers\AVerFx2hbtv.sys
21:46:14.0679 1976 AVerFx2hbtv - ok
21:46:14.0726 1976 [ 2D4320852A9D2B5C171BE13D62581278 ] AVerRemote C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
21:46:14.0757 1976 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
21:46:14.0757 1976 AVerRemote - detected UnsignedFile.Multi.Generic (1)
21:46:14.0788 1976 [ EC9CC8DDCE3D2D8FA13975600EECC5F3 ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
21:46:14.0788 1976 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
21:46:14.0788 1976 AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
21:46:14.0991 1976 [ 780AC17E6C1B5A35AB5A2BA58212EA55 ] AVKProxy C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
21:46:15.0038 1976 AVKProxy - ok
21:46:15.0100 1976 [ EB024C7DFCFBC24117BABD07B4020D81 ] AVKService C:\Program Files\G DATA\InternetSecurity\AVK\AVKService.exe
21:46:15.0116 1976 AVKService - ok
21:46:15.0241 1976 [ 360E4F34D4FD87A432639A48054954EA ] AVKWCtl C:\Program Files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
21:46:15.0287 1976 AVKWCtl - ok
21:46:15.0350 1976 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:46:15.0412 1976 Beep - ok
21:46:15.0459 1976 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:46:15.0521 1976 BFE - ok
21:46:15.0631 1976 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\System32\bgsvcgen.exe
21:46:15.0662 1976 bgsvcgen - ok
21:46:15.0740 1976 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:46:15.0833 1976 BITS - ok
21:46:15.0880 1976 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:46:15.0927 1976 blbdrive - ok
21:46:15.0974 1976 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:46:16.0036 1976 bowser - ok
21:46:16.0052 1976 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:46:16.0083 1976 BrFiltLo - ok
21:46:16.0083 1976 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:46:16.0130 1976 BrFiltUp - ok
21:46:16.0161 1976 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:46:16.0192 1976 Browser - ok
21:46:16.0223 1976 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:46:16.0379 1976 Brserid - ok
21:46:16.0426 1976 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:46:16.0489 1976 BrSerWdm - ok
21:46:16.0489 1976 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:46:16.0535 1976 BrUsbMdm - ok
21:46:16.0535 1976 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:46:16.0613 1976 BrUsbSer - ok
21:46:16.0645 1976 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:46:16.0707 1976 BTHMODEM - ok
21:46:16.0754 1976 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
21:46:16.0785 1976 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
21:46:16.0785 1976 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
21:46:16.0816 1976 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:46:16.0847 1976 cdfs - ok
21:46:16.0910 1976 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
21:46:16.0941 1976 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
21:46:16.0941 1976 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
21:46:17.0003 1976 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:46:17.0035 1976 cdrom - ok
21:46:17.0066 1976 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:46:17.0113 1976 CertPropSvc - ok
21:46:17.0144 1976 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:46:17.0191 1976 circlass - ok
21:46:17.0222 1976 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:46:17.0237 1976 CLFS - ok
21:46:17.0300 1976 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:17.0315 1976 clr_optimization_v2.0.50727_32 - ok
21:46:17.0440 1976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:46:17.0456 1976 clr_optimization_v4.0.30319_32 - ok
21:46:17.0503 1976 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:46:17.0534 1976 CmBatt - ok
21:46:17.0581 1976 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:46:17.0596 1976 cmdide - ok
21:46:17.0612 1976 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:46:17.0627 1976 Compbatt - ok
21:46:17.0627 1976 COMSysApp - ok
21:46:17.0659 1976 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:46:17.0674 1976 crcdisk - ok
21:46:17.0690 1976 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:46:17.0737 1976 Crusoe - ok
21:46:17.0783 1976 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:46:17.0846 1976 CryptSvc - ok
21:46:17.0924 1976 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:46:17.0971 1976 DcomLaunch - ok
21:46:18.0002 1976 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:46:18.0064 1976 DfsC - ok
21:46:18.0189 1976 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:46:18.0392 1976 DFSR - ok
21:46:18.0470 1976 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:46:18.0532 1976 Dhcp - ok
21:46:18.0595 1976 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:46:18.0610 1976 disk - ok
21:46:18.0673 1976 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:46:18.0719 1976 Dnscache - ok
21:46:18.0766 1976 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:46:18.0813 1976 dot3svc - ok
21:46:18.0844 1976 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:46:18.0875 1976 DPS - ok
21:46:18.0938 1976 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:46:18.0985 1976 drmkaud - ok
21:46:19.0063 1976 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:46:19.0094 1976 DXGKrnl - ok
21:46:19.0141 1976 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:46:19.0203 1976 E1G60 - ok
21:46:19.0234 1976 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:46:19.0281 1976 EapHost - ok
21:46:19.0406 1976 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:46:19.0421 1976 Ecache - ok
21:46:19.0499 1976 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:46:19.0531 1976 ehRecvr - ok
21:46:19.0562 1976 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:46:19.0640 1976 ehSched - ok
21:46:19.0640 1976 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:46:19.0655 1976 ehstart - ok
21:46:19.0702 1976 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:46:19.0765 1976 elxstor - ok
21:46:19.0874 1976 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:46:19.0999 1976 EMDMgmt - ok
21:46:20.0061 1976 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:46:20.0123 1976 ErrDev - ok
21:46:20.0170 1976 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:46:20.0295 1976 EventSystem - ok
21:46:20.0482 1976 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:46:20.0529 1976 exfat - ok
21:46:20.0560 1976 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:46:20.0607 1976 fastfat - ok
21:46:20.0654 1976 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:46:20.0685 1976 fdc - ok
21:46:20.0732 1976 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:46:20.0763 1976 fdPHost - ok
21:46:20.0794 1976 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:46:20.0841 1976 FDResPub - ok
21:46:20.0872 1976 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:46:20.0888 1976 FileInfo - ok
21:46:20.0903 1976 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:46:20.0935 1976 Filetrace - ok
21:46:20.0997 1976 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:46:21.0091 1976 flpydisk - ok
21:46:21.0262 1976 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:46:21.0293 1976 FltMgr - ok
21:46:21.0403 1976 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:46:21.0590 1976 FontCache - ok
21:46:21.0917 1976 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:46:21.0964 1976 FontCache3.0.0.0 - ok
21:46:22.0011 1976 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:46:22.0073 1976 Fs_Rec - ok
21:46:22.0167 1976 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:46:22.0183 1976 gagp30kx - ok
21:46:22.0370 1976 [ D54A94BB49EC52A930EB39A3EB4F43C6 ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
21:46:22.0385 1976 GDBehave - ok
21:46:22.0635 1976 [ 476B1500901D17A357E3EA691087D26E ] GDFwSvc C:\Program Files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
21:46:22.0931 1976 GDFwSvc - ok
21:46:22.0978 1976 [ 76E409E9264E6732359F89FBCAC098A7 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
21:46:22.0994 1976 GDMnIcpt - ok
21:46:23.0025 1976 [ 9C6E7F164CB5A8B968258EEF110DBB1E ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
21:46:23.0041 1976 GDPkIcpt - ok
21:46:23.0134 1976 [ D31F31342349964E245EAAC1BDC5F6A6 ] GDScan C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
21:46:23.0150 1976 GDScan - ok
21:46:23.0181 1976 [ DF12E76844F20E6537991E127F1202F4 ] gdwfpcd C:\Windows\system32\DRIVERS\gdwfpcd32.sys
21:46:23.0197 1976 gdwfpcd - ok
21:46:23.0243 1976 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
21:46:23.0275 1976 GEARAspiWDM - ok
21:46:23.0446 1976 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:46:23.0540 1976 gpsvc - ok
21:46:23.0618 1976 [ 0AC851CDCBA2D19AC13C3975EDFCA777 ] GRD C:\Windows\system32\drivers\GRD.sys
21:46:23.0633 1976 GRD - ok
21:46:23.0758 1976 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9fd782a786bb0 C:\Program Files\Google\Update\GoogleUpdate.exe
21:46:23.0774 1976 gupdate1c9fd782a786bb0 - ok
21:46:23.0789 1976 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:46:23.0805 1976 gupdatem - ok
21:46:23.0836 1976 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:46:23.0899 1976 HdAudAddService - ok
21:46:23.0961 1976 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:46:23.0992 1976 HDAudBus - ok
21:46:24.0023 1976 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:46:24.0070 1976 HidBth - ok
21:46:24.0101 1976 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:46:24.0133 1976 HidIr - ok
21:46:24.0164 1976 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:46:24.0226 1976 hidserv - ok
21:46:24.0273 1976 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:46:24.0304 1976 HidUsb - ok
21:46:24.0351 1976 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:46:24.0382 1976 hkmsvc - ok
21:46:24.0429 1976 [ 17BF8A644D80DAF08E28556DCB80BEA2 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
21:46:24.0445 1976 HookCentre - ok
21:46:24.0476 1976 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:46:24.0491 1976 HpCISSs - ok
21:46:24.0632 1976 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:46:24.0647 1976 hpqcxs08 - ok
21:46:24.0663 1976 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:46:24.0679 1976 hpqddsvc - ok
21:46:24.0710 1976 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:46:24.0772 1976 HPSLPSVC - ok
21:46:24.0850 1976 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:46:24.0897 1976 HTTP - ok
21:46:24.0928 1976 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:46:24.0944 1976 i2omp - ok
21:46:24.0991 1976 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:46:25.0037 1976 i8042prt - ok
21:46:25.0069 1976 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:46:25.0084 1976 iaStorV - ok
21:46:25.0162 1976 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:46:25.0271 1976 idsvc - ok
21:46:25.0318 1976 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:46:25.0334 1976 iirsp - ok
21:46:25.0396 1976 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:46:25.0443 1976 IKEEXT - ok
21:46:25.0537 1976 [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:46:25.0661 1976 IntcAzAudAddService - ok
21:46:25.0724 1976 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:46:25.0739 1976 intelide - ok
21:46:25.0771 1976 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:46:25.0817 1976 intelppm - ok
21:46:25.0849 1976 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:46:25.0895 1976 IPBusEnum - ok
21:46:25.0895 1976 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:25.0958 1976 IpFilterDriver - ok
21:46:26.0036 1976 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:46:26.0083 1976 iphlpsvc - ok
21:46:26.0098 1976 IpInIp - ok
21:46:26.0129 1976 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:46:26.0176 1976 IPMIDRV - ok
21:46:26.0192 1976 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:46:26.0239 1976 IPNAT - ok
21:46:26.0254 1976 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:46:26.0270 1976 IRENUM - ok
21:46:26.0301 1976 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:46:26.0317 1976 isapnp - ok
21:46:26.0363 1976 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:46:26.0395 1976 iScsiPrt - ok
21:46:26.0395 1976 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:46:26.0410 1976 iteatapi - ok
21:46:26.0426 1976 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:46:26.0441 1976 iteraid - ok
21:46:26.0473 1976 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:46:26.0488 1976 kbdclass - ok
21:46:26.0535 1976 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:46:26.0551 1976 kbdhid - ok
21:46:26.0629 1976 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:46:26.0738 1976 KeyIso - ok
21:46:26.0831 1976 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:46:26.0878 1976 KSecDD - ok
21:46:26.0909 1976 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:46:26.0972 1976 KtmRm - ok
21:46:27.0019 1976 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:46:27.0112 1976 LanmanServer - ok
21:46:27.0143 1976 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:46:27.0190 1976 LanmanWorkstation - ok
21:46:27.0253 1976 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:46:27.0315 1976 lltdio - ok
21:46:27.0393 1976 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:46:27.0455 1976 lltdsvc - ok
21:46:27.0471 1976 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:46:27.0533 1976 lmhosts - ok
21:46:27.0565 1976 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:46:27.0580 1976 LSI_FC - ok
21:46:27.0689 1976 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:46:27.0705 1976 LSI_SAS - ok
21:46:27.0721 1976 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:46:27.0736 1976 LSI_SCSI - ok
21:46:27.0767 1976 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:46:27.0814 1976 luafv - ok
21:46:27.0861 1976 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:46:27.0877 1976 MBAMProtector - ok
21:46:27.0939 1976 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:46:27.0986 1976 MBAMScheduler - ok
21:46:28.0142 1976 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:46:28.0204 1976 MBAMService - ok
21:46:28.0282 1976 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:46:28.0345 1976 Mcx2Svc - ok
21:46:28.0423 1976 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:46:28.0438 1976 megasas - ok
21:46:28.0501 1976 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:46:28.0532 1976 MegaSR - ok
21:46:28.0579 1976 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:46:28.0657 1976 MMCSS - ok
21:46:28.0657 1976 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:46:28.0719 1976 Modem - ok
21:46:28.0766 1976 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:46:28.0828 1976 monitor - ok
21:46:28.0844 1976 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:46:28.0859 1976 mouclass - ok
21:46:28.0875 1976 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:46:28.0906 1976 mouhid - ok
21:46:28.0922 1976 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:46:28.0937 1976 MountMgr - ok
21:46:29.0047 1976 [ 6380FF81DD4D78B23398752D2F46EA43 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:46:29.0062 1976 MozillaMaintenance - ok
21:46:29.0140 1976 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:46:29.0156 1976 mpio - ok
21:46:29.0171 1976 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:46:29.0234 1976 mpsdrv - ok
21:46:29.0296 1976 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:46:29.0359 1976 MpsSvc - ok
21:46:29.0390 1976 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:46:29.0405 1976 Mraid35x - ok
21:46:29.0452 1976 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:46:29.0499 1976 MRxDAV - ok
21:46:29.0546 1976 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:29.0593 1976 mrxsmb - ok
21:46:29.0671 1976 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:29.0717 1976 mrxsmb10 - ok
21:46:29.0733 1976 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:29.0764 1976 mrxsmb20 - ok
21:46:29.0811 1976 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
21:46:29.0827 1976 msahci - ok
21:46:29.0873 1976 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:46:29.0889 1976 msdsm - ok
21:46:29.0920 1976 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:46:29.0951 1976 MSDTC - ok
21:46:29.0967 1976 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:46:30.0014 1976 Msfs - ok
21:46:30.0061 1976 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:46:30.0076 1976 msisadrv - ok
21:46:30.0123 1976 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:46:30.0154 1976 MSiSCSI - ok
21:46:30.0170 1976 msiserver - ok
21:46:30.0217 1976 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:46:30.0232 1976 MSKSSRV - ok
21:46:30.0263 1976 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:30.0310 1976 MSPCLOCK - ok
21:46:30.0326 1976 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:46:30.0357 1976 MSPQM - ok
21:46:30.0388 1976 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:46:30.0419 1976 MsRPC - ok
21:46:30.0451 1976 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:46:30.0466 1976 mssmbios - ok
21:46:30.0513 1976 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:46:30.0544 1976 MSTEE - ok
21:46:30.0575 1976 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:46:30.0591 1976 Mup - ok
21:46:30.0685 1976 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:46:30.0747 1976 napagent - ok
21:46:30.0794 1976 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:46:30.0841 1976 NativeWifiP - ok
21:46:30.0887 1976 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:46:30.0919 1976 NDIS - ok
21:46:30.0950 1976 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:30.0997 1976 NdisTapi - ok
21:46:31.0028 1976 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:31.0059 1976 Ndisuio - ok
21:46:31.0106 1976 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:31.0153 1976 NdisWan - ok
21:46:31.0168 1976 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:46:31.0199 1976 NDProxy - ok
21:46:31.0449 1976 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:46:31.0511 1976 Nero BackItUp Scheduler 3 - ok
21:46:31.0589 1976 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:46:31.0605 1976 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:46:31.0605 1976 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:46:31.0636 1976 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:46:31.0667 1976 NetBIOS - ok
21:46:31.0714 1976 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:46:31.0745 1976 netbt - ok
21:46:31.0777 1976 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:46:31.0792 1976 Netlogon - ok
21:46:31.0901 1976 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:46:31.0979 1976 Netman - ok
21:46:32.0011 1976 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:46:32.0073 1976 netprofm - ok
21:46:32.0135 1976 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:46:32.0167 1976 NetTcpPortSharing - ok
21:46:32.0479 1976 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
21:46:32.0713 1976 NETw5v32 - ok
21:46:32.0728 1976 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:46:32.0744 1976 nfrd960 - ok
21:46:32.0806 1976 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:46:32.0837 1976 NlaSvc - ok
21:46:32.0915 1976 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:46:32.0962 1976 NMIndexingService - ok
21:46:33.0040 1976 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:46:33.0087 1976 Npfs - ok
21:46:33.0118 1976 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:46:33.0149 1976 nsi - ok
21:46:33.0181 1976 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:46:33.0243 1976 nsiproxy - ok
21:46:33.0383 1976 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:46:33.0430 1976 Ntfs - ok
21:46:33.0461 1976 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:46:33.0539 1976 ntrigdigi - ok
21:46:33.0586 1976 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:46:33.0649 1976 Null - ok
21:46:33.0820 1976 [ 590CAA306F9E7C303905B738EBDFE2E2 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:46:33.0836 1976 NVHDA - ok
21:46:34.0475 1976 [ 6838F505C0CC881F0C78D333DFDE181B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:46:34.0787 1976 nvlddmkm - ok
21:46:34.0819 1976 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:46:34.0834 1976 nvraid - ok
21:46:34.0850 1976 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:46:34.0865 1976 nvstor - ok
21:46:34.0943 1976 [ 0E2619B8E1BD3C432BCCBB2504087598 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:46:34.0975 1976 nvsvc - ok
21:46:34.0975 1976 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:46:34.0990 1976 nv_agp - ok
21:46:35.0006 1976 NwlnkFlt - ok
21:46:35.0006 1976 NwlnkFwd - ok
21:46:35.0037 1976 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:46:35.0084 1976 ohci1394 - ok
21:46:35.0162 1976 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:46:35.0177 1976 ose - ok
21:46:35.0427 1976 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:46:36.0035 1976 osppsvc - ok
21:46:36.0082 1976 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:46:36.0160 1976 p2pimsvc - ok
21:46:36.0176 1976 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:46:36.0269 1976 p2psvc - ok
21:46:36.0301 1976 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:46:36.0347 1976 Parport - ok
21:46:36.0441 1976 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:46:36.0457 1976 partmgr - ok
21:46:36.0472 1976 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:46:36.0519 1976 Parvdm - ok
21:46:36.0550 1976 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:46:36.0613 1976 PcaSvc - ok
21:46:36.0659 1976 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:46:36.0675 1976 pci - ok
21:46:36.0706 1976 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:46:36.0722 1976 pciide - ok
21:46:36.0800 1976 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:46:36.0815 1976 pcmcia - ok
21:46:36.0862 1976 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:46:36.0956 1976 PEAUTH - ok
21:46:37.0096 1976 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:46:37.0268 1976 pla - ok
21:46:37.0330 1976 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:46:37.0361 1976 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
21:46:37.0361 1976 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
21:46:37.0408 1976 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:46:37.0455 1976 PlugPlay - ok
21:46:37.0502 1976 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:46:37.0517 1976 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:46:37.0517 1976 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:46:37.0580 1976 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:46:37.0658 1976 PNRPAutoReg - ok
21:46:37.0673 1976 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:46:37.0736 1976 PNRPsvc - ok
21:46:37.0814 1976 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:46:37.0845 1976 PolicyAgent - ok
21:46:37.0892 1976 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:46:37.0907 1976 PptpMiniport - ok
21:46:37.0939 1976 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:46:37.0985 1976 Processor - ok
21:46:38.0017 1976 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:46:38.0063 1976 ProfSvc - ok
21:46:38.0063 1976 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:46:38.0095 1976 ProtectedStorage - ok
21:46:38.0126 1976 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
21:46:38.0141 1976 ProtexisLicensing - ok
21:46:38.0173 1976 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:46:38.0219 1976 PSched - ok
21:46:38.0266 1976 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:46:38.0282 1976 PxHelp20 - ok
21:46:38.0344 1976 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:46:38.0391 1976 ql2300 - ok
21:46:38.0391 1976 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:46:38.0407 1976 ql40xx - ok
21:46:38.0453 1976 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:46:38.0485 1976 QWAVE - ok
21:46:38.0500 1976 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:46:38.0531 1976 QWAVEdrv - ok
21:46:38.0563 1976 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:46:38.0609 1976 RasAcd - ok
21:46:38.0656 1976 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:46:38.0703 1976 RasAuto - ok
21:46:38.0719 1976 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:38.0765 1976 Rasl2tp - ok
21:46:38.0812 1976 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:46:38.0843 1976 RasMan - ok
21:46:38.0890 1976 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:38.0921 1976 RasPppoe - ok
21:46:38.0937 1976 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:46:38.0953 1976 RasSstp - ok
21:46:38.0984 1976 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:46:39.0015 1976 rdbss - ok
21:46:39.0046 1976 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:39.0171 1976 RDPCDD - ok
21:46:39.0233 1976 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:46:39.0265 1976 rdpdr - ok
21:46:39.0296 1976 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:46:39.0327 1976 RDPENCDD - ok
21:46:39.0421 1976 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:46:39.0483 1976 RDPWD - ok
21:46:39.0561 1976 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:46:39.0608 1976 RemoteAccess - ok
21:46:39.0639 1976 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:46:39.0701 1976 RemoteRegistry - ok
21:46:39.0795 1976 [ 0797F6AE018D3F992A1B8DF37BBF1786 ] resetWinService C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
21:46:39.0826 1976 resetWinService ( UnsignedFile.Multi.Generic ) - warning
21:46:39.0826 1976 resetWinService - detected UnsignedFile.Multi.Generic (1)
21:46:39.0889 1976 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
21:46:39.0904 1976 RichVideo - ok
21:46:39.0935 1976 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:46:39.0967 1976 RpcLocator - ok
21:46:39.0998 1976 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:46:40.0045 1976 RpcSs - ok
21:46:40.0076 1976 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:46:40.0107 1976 rspndr - ok
21:46:40.0138 1976 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
21:46:40.0169 1976 RTL8169 - ok
21:46:40.0185 1976 [ 4501C8FE11DF3192FB68D0D595EA94CC ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
21:46:40.0247 1976 RTSTOR - ok
21:46:40.0263 1976 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:46:40.0294 1976 SamSs - ok
21:46:40.0325 1976 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:46:40.0341 1976 sbp2port - ok
21:46:40.0388 1976 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:46:40.0435 1976 SCardSvr - ok
21:46:40.0559 1976 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:46:40.0637 1976 Schedule - ok
21:46:40.0684 1976 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:46:40.0715 1976 SCPolicySvc - ok
21:46:40.0747 1976 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:46:40.0825 1976 SDRSVC - ok
21:46:40.0840 1976 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:46:40.0903 1976 secdrv - ok
21:46:40.0934 1976 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:46:40.0996 1976 seclogon - ok
21:46:41.0027 1976 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:46:41.0074 1976 SENS - ok
21:46:41.0105 1976 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:46:41.0183 1976 Serenum - ok
21:46:41.0246 1976 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:46:41.0324 1976 Serial - ok
21:46:41.0339 1976 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:46:41.0371 1976 sermouse - ok
21:46:41.0464 1976 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:46:41.0495 1976 SessionEnv - ok
21:46:41.0527 1976 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:46:41.0542 1976 sffdisk - ok
21:46:41.0589 1976 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:46:41.0636 1976 sffp_mmc - ok
21:46:41.0651 1976 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:46:41.0714 1976 sffp_sd - ok
21:46:41.0714 1976 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:46:41.0792 1976 sfloppy - ok
21:46:41.0839 1976 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:46:41.0870 1976 SharedAccess - ok
21:46:41.0917 1976 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:46:41.0995 1976 ShellHWDetection - ok
21:46:42.0041 1976 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:46:42.0057 1976 sisagp - ok
21:46:42.0088 1976 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:46:42.0104 1976 SiSRaid2 - ok
21:46:42.0182 1976 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:46:42.0197 1976 SiSRaid4 - ok
21:46:42.0291 1976 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:46:42.0307 1976 SkypeUpdate - ok
21:46:42.0447 1976 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:46:42.0603 1976 slsvc - ok
21:46:42.0650 1976 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:46:42.0665 1976 SLUINotify - ok
21:46:42.0712 1976 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:46:42.0728 1976 Smb - ok
21:46:42.0759 1976 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:46:42.0775 1976 SNMPTRAP - ok
21:46:42.0837 1976 [ 82E3315B1B3E76B9A9643F987ED3AE5C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
21:46:43.0133 1976 SNP2UVC - ok
21:46:43.0165 1976 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:46:43.0180 1976 spldr - ok
21:46:43.0227 1976 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:46:43.0305 1976 Spooler - ok
21:46:43.0352 1976 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:46:43.0383 1976 srv - ok
21:46:43.0430 1976 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:46:43.0477 1976 srv2 - ok
21:46:43.0508 1976 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:46:43.0539 1976 srvnet - ok
21:46:43.0586 1976 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:46:43.0633 1976 SSDPSRV - ok
21:46:43.0679 1976 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:46:43.0711 1976 SstpSvc - ok
21:46:43.0773 1976 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:46:43.0851 1976 stisvc - ok
21:46:43.0898 1976 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:46:43.0913 1976 swenum - ok
21:46:43.0991 1976 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:46:44.0023 1976 swprv - ok
21:46:44.0054 1976 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:46:44.0069 1976 Symc8xx - ok
21:46:44.0069 1976 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:46:44.0085 1976 Sym_hi - ok
21:46:44.0116 1976 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:46:44.0132 1976 Sym_u3 - ok
21:46:44.0179 1976 [ A7CEC70DD3D85AC711897E02358E9793 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:46:44.0194 1976 SynTP - ok
21:46:44.0241 1976 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:46:44.0319 1976 SysMain - ok
21:46:44.0350 1976 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:46:44.0381 1976 TabletInputService - ok
21:46:44.0444 1976 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:46:44.0475 1976 TapiSrv - ok
21:46:44.0491 1976 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:46:44.0522 1976 TBS - ok
21:46:44.0678 1976 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:46:44.0709 1976 Tcpip - ok
21:46:44.0725 1976 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:46:44.0756 1976 Tcpip6 - ok
21:46:44.0818 1976 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:46:44.0849 1976 tcpipreg - ok
21:46:44.0881 1976 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:46:44.0912 1976 TDPIPE - ok
21:46:44.0912 1976 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:46:44.0959 1976 TDTCP - ok
21:46:45.0005 1976 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:46:45.0037 1976 tdx - ok
21:46:45.0068 1976 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:46:45.0099 1976 TermDD - ok
21:46:45.0146 1976 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:46:45.0208 1976 TermService - ok
21:46:45.0239 1976 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:46:45.0271 1976 Themes - ok
21:46:45.0286 1976 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:46:45.0317 1976 THREADORDER - ok
21:46:45.0411 1976 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:46:45.0442 1976 TrkWks - ok
21:46:45.0614 1976 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:46:45.0661 1976 TrustedInstaller - ok
21:46:45.0692 1976 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:45.0723 1976 tssecsrv - ok
21:46:45.0739 1976 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:46:45.0785 1976 tunmp - ok
21:46:45.0817 1976 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:46:45.0832 1976 tunnel - ok
21:46:45.0832 1976 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:46:45.0848 1976 uagp35 - ok
21:46:45.0973 1976 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:46:45.0988 1976 udfs - ok
21:46:46.0019 1976 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:46:46.0082 1976 UI0Detect - ok
21:46:46.0113 1976 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:46:46.0129 1976 uliagpkx - ok
21:46:46.0144 1976 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:46:46.0175 1976 uliahci - ok
21:46:46.0175 1976 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:46:46.0191 1976 UlSata - ok
21:46:46.0207 1976 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:46:46.0222 1976 ulsata2 - ok
21:46:46.0238 1976 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:46:46.0300 1976 umbus - ok
21:46:46.0331 1976 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:46:46.0394 1976 upnphost - ok
21:46:46.0425 1976 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:46.0441 1976 usbccgp - ok
21:46:46.0487 1976 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:46:46.0550 1976 usbcir - ok
21:46:46.0581 1976 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:46:46.0612 1976 usbehci - ok
21:46:46.0659 1976 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:46:46.0675 1976 usbhub - ok
21:46:46.0706 1976 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:46:46.0737 1976 usbohci - ok
21:46:46.0815 1976 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:46:46.0877 1976 usbprint - ok
21:46:46.0940 1976 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:46:46.0955 1976 usbscan - ok
21:46:47.0002 1976 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:47.0080 1976 USBSTOR - ok
21:46:47.0111 1976 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:46:47.0143 1976 usbuhci - ok
21:46:47.0189 1976 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:46:47.0221 1976 usbvideo - ok
21:46:47.0252 1976 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:46:47.0267 1976 UxSms - ok
21:46:47.0361 1976 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:46:47.0423 1976 vds - ok
21:46:47.0470 1976 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:47.0501 1976 vga - ok
21:46:47.0517 1976 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:46:47.0564 1976 VgaSave - ok
21:46:47.0579 1976 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:46:47.0595 1976 viaagp - ok
21:46:47.0611 1976 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:46:47.0642 1976 ViaC7 - ok
21:46:47.0673 1976 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:46:47.0689 1976 viaide - ok
21:46:47.0704 1976 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:46:47.0720 1976 volmgr - ok
21:46:47.0813 1976 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:46:47.0845 1976 volmgrx - ok
21:46:47.0876 1976 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:46:47.0891 1976 volsnap - ok
21:46:47.0954 1976 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:46:47.0969 1976 vsmraid - ok
21:46:48.0110 1976 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:46:48.0172 1976 VSS - ok
21:46:48.0250 1976 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:46:48.0281 1976 W32Time - ok
21:46:48.0313 1976 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:46:48.0359 1976 WacomPen - ok
21:46:48.0375 1976 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:46:48.0406 1976 Wanarp - ok
21:46:48.0406 1976 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:46:48.0422 1976 Wanarpv6 - ok
21:46:48.0453 1976 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:46:48.0484 1976 wcncsvc - ok
21:46:48.0515 1976 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:46:48.0547 1976 WcsPlugInService - ok
21:46:48.0578 1976 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:46:48.0593 1976 Wd - ok
21:46:48.0625 1976 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:46:48.0640 1976 Wdf01000 - ok
21:46:48.0687 1976 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:46:48.0703 1976 WdiServiceHost - ok
21:46:48.0718 1976 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:46:48.0749 1976 WdiSystemHost - ok
21:46:48.0796 1976 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:46:48.0827 1976 WebClient - ok
21:46:48.0874 1976 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:46:48.0937 1976 Wecsvc - ok
21:46:48.0968 1976 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:46:49.0015 1976 wercplsupport - ok
21:46:49.0046 1976 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:46:49.0077 1976 WerSvc - ok
21:46:49.0124 1976 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:46:49.0139 1976 WinDefend - ok
21:46:49.0139 1976 WinHttpAutoProxySvc - ok
21:46:49.0186 1976 [ 2C30BD5CB2F9213863970C823BF97381 ] WINIO C:\Windows\system32\WinIo.sys
21:46:49.0186 1976 Suspicious file (Forged): C:\Windows\system32\WinIo.sys. Real md5: 2C30BD5CB2F9213863970C823BF97381, Fake md5: C5E3A2EE25A3D86761AF7971EAEAC40C
21:46:49.0186 1976 WINIO ( ForgedFile.Multi.Generic ) - warning
21:46:49.0186 1976 WINIO - detected ForgedFile.Multi.Generic (1)
21:46:49.0249 1976 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:46:49.0280 1976 Winmgmt - ok
21:46:49.0327 1976 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:46:49.0436 1976 WinRM - ok
21:46:49.0623 1976 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:46:49.0763 1976 Wlansvc - ok
21:46:50.0138 1976 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:46:50.0200 1976 wlidsvc - ok
21:46:50.0278 1976 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:46:50.0294 1976 WmiAcpi - ok
21:46:50.0356 1976 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:46:50.0403 1976 wmiApSrv - ok
21:46:50.0512 1976 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:46:50.0637 1976 WMPNetworkSvc - ok
21:46:50.0668 1976 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:46:50.0699 1976 WPCSvc - ok
21:46:50.0731 1976 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:46:50.0777 1976 WPDBusEnum - ok
21:46:51.0027 1976 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:46:51.0199 1976 WPFFontCache_v0400 - ok
21:46:51.0245 1976 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:46:51.0277 1976 ws2ifsl - ok
21:46:51.0308 1976 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:46:51.0323 1976 wscsvc - ok
21:46:51.0339 1976 WSearch - ok
21:46:51.0448 1976 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:46:51.0635 1976 wuauserv - ok
21:46:51.0713 1976 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:51.0745 1976 WUDFRd - ok
21:46:51.0760 1976 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:46:51.0823 1976 wudfsvc - ok
21:46:51.0823 1976 ================ Scan global ===============================
21:46:51.0854 1976 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:46:51.0947 1976 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:46:51.0979 1976 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:46:52.0010 1976 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:46:52.0010 1976 [Global] - ok
21:46:52.0010 1976 ================ Scan MBR ==================================
21:46:52.0041 1976 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:46:52.0821 1976 \Device\Harddisk0\DR0 - ok
21:46:52.0821 1976 ================ Scan VBR ==================================
21:46:52.0852 1976 [ 6DAE38B0BE079742DE1AF7BE01F48697 ] \Device\Harddisk0\DR0\Partition1
21:46:52.0868 1976 \Device\Harddisk0\DR0\Partition1 - ok
21:46:52.0899 1976 [ F254A2BF1A9C0B31DDECC4FDBE937009 ] \Device\Harddisk0\DR0\Partition2
21:46:52.0930 1976 \Device\Harddisk0\DR0\Partition2 - ok
21:46:52.0930 1976 ============================================================
21:46:52.0930 1976 Scan finished
21:46:52.0930 1976 ============================================================
21:46:52.0946 4348 Detected object count: 10
21:46:52.0946 4348 Actual detected object count: 10
21:47:34.0192 4348 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0192 4348 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0192 4348 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0192 4348 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0192 4348 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0192 4348 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0192 4348 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0192 4348 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0208 4348 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0208 4348 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0208 4348 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0208 4348 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0208 4348 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0208 4348 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0208 4348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0208 4348 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0208 4348 resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:34.0208 4348 resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:47:34.0208 4348 WINIO ( ForgedFile.Multi.Generic ) - skipped by user
21:47:34.0208 4348 WINIO ( ForgedFile.Multi.Generic ) - User select action: Skip
21:48:46.0074 3168 Deinitialize success
|
|
21.10.2012, 11:44
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Winlock Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
22.10.2012, 20:20
| #19 |
| | Trojan.Winlock Hallo Cosinus, hier das Log von Combofix. Leider habe ich es aus dem Downloadordner gestartet.Ich hoffe es hat trotzdem seinen Dienst gemacht und du kannst etwas erkennen. Es gab keine Problem beim durchlauf. Ich habe dann das Progr. noch einmal vom Desktop gestartet. Hier also aus dem Downloadordner: Code:
ATTFilter ComboFix 12-10-22.01 - LeberechtHesse 22.10.2012 19:00:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1849 [GMT 2:00]
ausgeführt von:: c:\users\LeberechtHesse\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2010 *Enabled/Outdated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: G Data Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\LeberechtHesse\4.0
c:\windows\system32\WinIo.sys
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
-------\Service_WINIO
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-22 bis 2012-10-22 ))))))))))))))))))))))))))))))
.
.
2012-10-22 17:08 . 2012-10-22 17:13 -------- d-----w- c:\users\LeberechtHesse\AppData\Local\temp
2012-10-22 17:08 . 2012-10-22 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 20:08 . 2012-10-18 20:08 -------- d-----w- C:\_OTL
2012-10-18 18:25 . 2012-10-18 20:14 -------- d-----w- c:\users\LeberechtHesse\AppData\Roaming\HPAppData
2012-10-17 21:00 . 2012-10-17 21:00 -------- d-----w- c:\users\LeberechtHesse\AppData\Local\Secunia PSI
2012-10-17 20:59 . 2012-10-17 20:59 -------- d-----w- c:\program files\Secunia
2012-10-16 19:02 . 2012-10-16 19:02 -------- d-----w- c:\program files\ESET
2012-10-15 14:44 . 2012-10-17 18:01 -------- d-----w- c:\windows\system32\catroot2
2012-10-15 14:38 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-10-15 14:37 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-10-14 22:27 . 2012-10-15 14:42 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-14 22:21 . 2012-10-14 22:21 -------- d-----w- c:\program files\Tweaking.com
2012-10-14 21:26 . 2012-10-15 14:38 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-14 18:59 . 2012-10-14 18:59 -------- d-----w- c:\users\LeberechtHesse\AppData\Roaming\Malwarebytes
2012-10-14 18:59 . 2012-10-17 19:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-14 18:59 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-05 16:29 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1888A3A7-5A17-4BAD-B0C2-C33ED5850F18}\mpengine.dll ERROR(0x00000005)
2012-10-04 16:40 . 2012-10-04 16:43 -------- d-----w- c:\program files\WEB.DE MailCheck
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 15:18 . 2012-09-07 14:53 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 15:18 . 2011-07-19 11:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2009-02-19 05:31 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-06-01 15:38 . 2012-06-24 17:30 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38 154216 ----a-w- c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-09-24 1124424]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2009-09-18 924232]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-10-04 1459848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-8-2 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-8-2 663552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2011-9-27 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 21:39 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-06 06:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 15:35]
.
2012-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 15:34]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 13:54]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 13:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.10.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\LeberechtHesse\AppData\Roaming\Mozilla\Firefox\Profiles\06m07osk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - ExtSQL: !HIDDEN! 2009-09-05 19:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-07 10:22; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe
c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe
c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe
c:\program files\G DATA\InternetSecurity\AVK\AVKService.exe
c:\program files\G DATA\InternetSecurity\AVK\AVKWCtl.exe
c:\windows\System32\bgsvcgen.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\G DATA\GDScan\GDScan.exe
c:\program files\G DATA\InternetSecurity\Firewall\GDFwSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-22 19:18:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-22 17:17
.
Vor Suchlauf: 9 Verzeichnis(se), 316.383.313.920 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 315.991.732.224 Bytes frei
.
- - End Of File - - E86D1003F2714295F56E611ACD7B91DA
Code:
ATTFilter ComboFix 12-10-22.01 - LeberechtHesse 22.10.2012 19:34:07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1887 [GMT 2:00]
ausgeführt von:: c:\users\LeberechtHesse\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2010 *Enabled/Outdated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
FW: G Data Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-22 bis 2012-10-22 ))))))))))))))))))))))))))))))
.
.
2012-10-22 17:41 . 2012-10-22 17:41 -------- d-----w- c:\users\LeberechtHesse\AppData\Local\temp
2012-10-22 17:41 . 2012-10-22 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-18 20:08 . 2012-10-18 20:08 -------- d-----w- C:\_OTL
2012-10-18 18:25 . 2012-10-22 17:20 -------- d-----w- c:\users\LeberechtHesse\AppData\Roaming\HPAppData
2012-10-17 21:00 . 2012-10-17 21:00 -------- d-----w- c:\users\LeberechtHesse\AppData\Local\Secunia PSI
2012-10-17 20:59 . 2012-10-17 20:59 -------- d-----w- c:\program files\Secunia
2012-10-16 19:02 . 2012-10-16 19:02 -------- d-----w- c:\program files\ESET
2012-10-15 14:44 . 2012-10-17 18:01 -------- d-----w- c:\windows\system32\catroot2
2012-10-15 14:38 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-10-15 14:37 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-10-14 22:27 . 2012-10-15 14:42 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-14 22:21 . 2012-10-14 22:21 -------- d-----w- c:\program files\Tweaking.com
2012-10-14 21:26 . 2012-10-15 14:38 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-14 18:59 . 2012-10-14 18:59 -------- d-----w- c:\users\LeberechtHesse\AppData\Roaming\Malwarebytes
2012-10-14 18:59 . 2012-10-17 19:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-14 18:59 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-05 16:29 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1888A3A7-5A17-4BAD-B0C2-C33ED5850F18}\mpengine.dll ERROR(0x00000005)
2012-10-04 16:40 . 2012-10-04 16:43 -------- d-----w- c:\program files\WEB.DE MailCheck
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 15:18 . 2012-09-07 14:53 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 15:18 . 2011-07-19 11:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 08:17 . 2009-02-19 05:31 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-06-01 15:38 . 2012-06-24 17:30 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38 154216 ----a-w- c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"GDFirewallTray"="c:\program files\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe" [2009-09-24 1124424]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\InternetSecurity\AVKTray\AVKTray.exe" [2009-09-18 924232]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-10-04 1459848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2009-8-2 159744]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2009-8-2 663552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2011-9-27 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 21:39 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-06 06:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 15:35]
.
2012-06-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 15:34]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 13:54]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-05 13:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.10.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
FF - ProfilePath - c:\users\LeberechtHesse\AppData\Roaming\Mozilla\Firefox\Profiles\06m07osk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - ExtSQL: !HIDDEN! 2009-09-05 19:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-09-07 10:22; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-22 19:41
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-22 19:43:57
ComboFix-quarantined-files.txt 2012-10-22 17:43
.
Vor Suchlauf: 13 Verzeichnis(se), 315.913.551.872 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 315.884.613.632 Bytes frei
.
- - End Of File - - 31797F99AB89E7C998540DF8C4E2036A
außer das Internet. Das geht nur im abgesicherten Modus. |
|
23.10.2012, 16:05
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.WinlockZitat:
Wenn ja, geht das mit keinem Browser?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2012, 16:44
| #21 |
| | Trojan.Winlock Hi, ja das ist korrekt.Der Browser öffnet sich, es kann aber keine Internetseite geöffent werden.Egal ob IE oder Firefox. Eine direkte Fehlermeldung gibt es nicht. |
|
23.10.2012, 20:37
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Winlock Mach bitte einen (neuen) CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\Installer\*. /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Installer\*. /s
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2012, 21:50
| #23 |
| | Trojan.Winlock Anbei das neue OTL. Mir ist auch aufgefallen das es keine sichtbaren Updates für Windows gibt..ebenfalls gehen die Virenupdates nicht. Code:
ATTFilter OTL logfile created on: 23.10.2012 22:05:27 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LeberechtHesse\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,58% Memory free 6,19 Gb Paging File | 5,23 Gb Available in Paging File | 84,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 298,35 Gb Free Space | 67,75% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,55 Gb Free Space | 49,46% Space Free | Partition Type: FAT32 Computer Name: GARTENPC | User Name: LeberechtHesse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.23 21:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LeberechtHesse\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe PRC - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G DATA\GDScan\GDScan.exe PRC - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe PRC - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2009.09.24 10:50:56 | 001,124,424 | ---- | M] (G DATA Software AG) -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2009.09.18 15:49:08 | 000,924,232 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe PRC - [2009.08.20 12:05:53 | 000,341,064 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVK.exe PRC - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) -- C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.29 17:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.09.10 03:31:11 | 000,352,256 | R--- | M] (AVerMedia) -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008.08.28 16:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.07.15 04:42:22 | 000,409,600 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2008.06.11 12:34:02 | 000,159,744 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2008.08.28 16:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe MOD - [2008.06.11 12:34:02 | 000,159,744 | R--- | M] () -- C:\Programme\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2012.10.15 17:35:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.07 15:38:02 | 001,128,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.11.26 13:50:52 | 000,302,152 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.11.25 03:07:32 | 001,251,488 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G DATA\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2009.11.25 03:05:05 | 001,547,104 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G DATA\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.08 12:33:28 | 000,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G DATA\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2008.10.29 17:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.09.10 03:31:11 | 000,352,256 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008.07.15 04:42:22 | 000,409,600 | R--- | M] () [Auto | Running] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LEBERE~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.05.01 18:20:34 | 000,040,904 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2009.12.20 19:12:47 | 000,028,616 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave) DRV - [2009.10.07 23:41:22 | 000,055,624 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2009.10.07 23:41:17 | 000,047,560 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2009.08.27 20:05:45 | 000,029,992 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2009.08.26 11:50:09 | 000,035,272 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2009.02.10 07:38:00 | 007,547,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.12.29 19:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.12.23 04:17:38 | 000,051,232 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.04.03 14:36:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2008.01.15 07:12:56 | 000,257,024 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv) DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de IE - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.07 10:22:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.09.07 10:22:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2012.10.22 23:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LeberechtHesse\AppData\Roaming\mozilla\Firefox\Profiles\06m07osk.default\extensions [2012.09.09 20:51:15 | 000,518,756 | ---- | M] () (No name found) -- C:\Users\LeberechtHesse\AppData\Roaming\mozilla\firefox\profiles\06m07osk.default\extensions\toolbar@web.de.xpi [2012.10.22 23:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.20 16:27:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.05.01 18:21:29 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} O1 HOSTS File: ([2012.10.22 19:12:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G DATA\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3433196442-3781222945-3439633654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A42317-615A-44E7-9C55-EA9E3D1644BF}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC4BC413-FCFD-4CA8-BCD7-9CC0BEF094CD}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\LeberechtHesse\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\LeberechtHesse\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk - C:\Programme\Common Files\AVerMedia\AVerQuick\AVerQuick.exe - (AVerMedia TECHNOLOGIES, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk - C:\Programme\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe - (Panasonic Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: MailCheck IE Broker - hkey= - key= - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{91178C3D-BB81-470A-A364-B6ED13BACC47} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.23 21:56:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LeberechtHesse\Desktop\OTL.exe [2012.10.22 21:09:50 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.22 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\LeberechtHesse\AppData\Roaming\HPAppData [2012.10.22 19:44:00 | 000,000,000 | ---D | C] -- C:\Users\LeberechtHesse\AppData\Local\temp [2012.10.22 19:43:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.22 19:32:26 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.22 18:58:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.22 18:58:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.22 18:58:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.22 18:54:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.22 18:53:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.22 18:44:51 | 004,986,434 | R--- | C] (Swearware) -- C:\Users\LeberechtHesse\Desktop\ComboFix.exe [2012.10.19 21:39:28 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\LeberechtHesse\Desktop\tdsskiller.exe [2012.10.18 22:08:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.17 23:00:03 | 000,000,000 | ---D | C] -- C:\Users\LeberechtHesse\AppData\Local\Secunia PSI [2012.10.17 22:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2012.10.16 21:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.15 16:44:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2 [2012.10.15 16:42:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.10.15 00:27:33 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012.10.15 00:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012.10.15 00:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com [2012.10.14 23:26:15 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2012.10.14 20:59:32 | 000,000,000 | ---D | C] -- C:\Users\LeberechtHesse\AppData\Roaming\Malwarebytes [2012.10.14 20:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.14 20:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.14 20:59:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.14 20:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.04 18:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck [2012.10.04 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH [2012.10.04 18:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2012.10.04 18:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb ========== Files - Modified Within 30 Days ========== [2012.10.23 22:18:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.23 22:16:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.23 22:08:08 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.23 22:08:08 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.23 22:08:08 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.23 22:08:08 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.23 22:01:12 | 000,081,332 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.10.23 22:00:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.23 22:00:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 22:00:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 22:00:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.23 21:56:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LeberechtHesse\Desktop\OTL.exe [2012.10.23 18:22:47 | 000,000,680 | ---- | M] () -- C:\Users\LeberechtHesse\AppData\Local\d3d9caps.dat [2012.10.23 02:00:18 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.10.23 02:00:18 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.10.23 01:07:47 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.10.22 19:12:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.22 18:51:19 | 000,081,332 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.10.22 18:46:06 | 004,986,434 | R--- | M] (Swearware) -- C:\Users\LeberechtHesse\Desktop\ComboFix.exe [2012.10.19 21:39:28 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\LeberechtHesse\Desktop\tdsskiller.exe [2012.10.17 21:33:54 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.17 20:17:21 | 000,538,941 | ---- | M] () -- C:\Users\LeberechtHesse\Desktop\adwcleaner (2).exe [2012.10.15 16:42:20 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2012.10.15 00:21:43 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012.10.04 18:43:09 | 000,002,057 | ---- | M] () -- C:\Users\LeberechtHesse\Desktop\WEB.DE.lnk [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.23 01:07:47 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.10.22 18:58:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.22 18:58:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.22 18:58:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.22 18:58:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.22 18:58:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.17 20:17:21 | 000,538,941 | ---- | C] () -- C:\Users\LeberechtHesse\Desktop\adwcleaner (2).exe [2012.10.15 16:38:13 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe [2012.10.15 00:21:43 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012.10.15 00:14:06 | 000,002,577 | ---- | C] () -- C:\Windows\System32\Config.nt.bak [2012.10.15 00:14:06 | 000,001,688 | ---- | C] () -- C:\Windows\System32\Autoexec.nt.bak [2012.10.15 00:14:06 | 000,000,761 | ---- | C] () -- C:\Windows\System32\hosts.bak [2012.10.14 20:59:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.14 20:55:13 | 000,000,680 | ---- | C] () -- C:\Users\LeberechtHesse\AppData\Local\d3d9caps.dat [2012.10.04 18:43:09 | 000,002,057 | ---- | C] () -- C:\Users\LeberechtHesse\Desktop\WEB.DE.lnk [2011.09.27 18:40:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011.09.27 18:40:17 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011.09.27 18:40:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011.09.27 18:40:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011.09.27 18:40:17 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011.09.27 18:40:17 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011.09.27 18:40:17 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011.09.27 18:40:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011.09.27 18:40:17 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011.09.27 18:40:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011.09.27 18:40:17 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011.09.27 18:40:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011.09.27 18:40:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011.09.27 18:40:17 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011.09.27 18:40:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.09.27 18:40:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011.09.27 18:40:17 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011.09.27 18:40:17 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011.09.27 18:40:17 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011.09.07 11:23:07 | 000,238,324 | ---- | C] () -- C:\Windows\hpoins52.dat.temp [2011.09.07 11:23:07 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp [2011.09.07 10:09:25 | 000,238,286 | ---- | C] () -- C:\Windows\hpoins52.dat [2009.07.05 16:03:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.30 17:30:47 | 000,001,232 | ---- | C] () -- C:\Users\LeberechtHesse\AppData\Roaming\wklnhst.dat [2009.04.30 08:42:43 | 000,005,632 | ---- | C] () -- C:\Users\LeberechtHesse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.02 15:15:39 | 000,081,332 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.03.02 15:15:37 | 000,081,332 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.04 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\1&1 Mail & Media GmbH [2011.09.30 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Panasonic [2009.11.15 15:49:21 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Template ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.10.04 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\1&1 Mail & Media GmbH [2009.05.21 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Adobe [2010.03.16 15:47:08 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Apple Computer [2011.10.06 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\ArcSoft [2009.06.12 19:44:04 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Corel [2009.05.02 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Google [2011.09.07 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\HP [2012.10.22 21:08:12 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\HPAppData [2012.01.13 17:15:21 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\HpUpdate [2009.04.29 23:34:01 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Identities [2011.09.27 18:24:05 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\InstallShield [2009.04.30 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Macromedia [2012.10.14 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Media Center Programs [2012.10.23 00:05:59 | 000,000,000 | --SD | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Microsoft [2012.10.22 23:32:54 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Mozilla [2011.08.22 20:50:11 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Nero [2011.09.30 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Panasonic [2012.10.14 22:58:55 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Skype [2011.08.25 15:47:09 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\skypePM [2009.11.15 15:49:21 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\Template [2011.10.21 17:03:56 | 000,000,000 | ---D | M] -- C:\Users\LeberechtHesse\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2009.07.31 10:27:24 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Users\LeberechtHesse\AppData\Roaming\Microsoft\Installer\{D729E05E-B2B9-4DC4-AF57-47310576EDE0}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > [2008.05.08 07:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe [2004.06.12 01:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe < %systemroot%\Installer\*. /s > [2009.02.26 21:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$ [2009.03.04 07:44:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D} [2010.06.09 12:19:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} [2010.05.19 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466} [2010.01.12 17:20:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} [2011.09.07 10:17:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1DDDFDF2-4A92-4E77-959F-59D196B99C0C} [2009.02.26 22:29:10 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238} [2009.03.04 07:41:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} [2010.04.13 16:32:42 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466} [2011.09.26 22:26:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3} [2012.04.20 15:02:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C} [2011.07.09 19:37:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008} [2009.02.26 22:21:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{47948554-90C6-4AAC-8CFA-D23CE11C1031} [2011.09.07 10:16:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E} [2011.07.27 01:47:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C} [2009.02.26 22:30:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5A166C0B-9557-4364-A057-F946D674E6AC} [2011.12.01 17:50:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} [2009.02.26 21:44:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} [2009.02.26 22:31:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6B96DADA-1A27-4A04-8CB2-CC45168D05FA} [2009.03.04 07:36:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB} [2009.02.26 22:31:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{81821BF8-DA20-4F8C-AA87-F70A274828D4} [2009.02.26 22:29:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{835686C5-8650-49EB-8CA0-4528B4035495} [2009.02.26 22:29:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} [2009.02.26 21:51:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} [2012.05.12 09:43:58 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} [2009.02.26 22:31:29 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{8C1E2925-14F8-45AA-B999-1E2A74BF5607} [2011.09.07 10:22:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A} [2012.08.19 19:52:57 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-0020-0407-0000-0000000FF1CE} [2009.05.05 19:09:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-006E-0407-0000-0000000FF1CE} [2012.09.19 08:20:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE} [2011.11.14 19:49:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-006E-0407-0000-0000000FF1CE} [2010.01.13 00:21:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466} [2012.08.19 19:53:03 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE} [2009.02.26 22:09:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A062A15F-9CAC-4B88-98DF-87628A0BD721} [2009.02.26 22:06:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D} [2012.08.27 17:58:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-A95000000001} [2009.11.11 11:42:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004} [2009.02.26 22:06:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{ADDBE07D-95B8-4789-9C76-187FFF9624B4} [2010.06.09 12:18:57 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8} [2011.12.01 17:50:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E} [2012.04.20 16:27:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120} [2009.03.04 07:43:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B7A0CE06-068E-11D6-97FD-0050BACBF861} [2009.02.26 21:50:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF} [2010.02.12 20:23:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C084BC61-E537-11DE-8616-005056806466} [2009.02.26 21:51:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C523D256-313D-4866-B36A-F3DE528246EF} [2009.03.04 07:40:09 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} [2011.09.07 10:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CD31E63D-47FD-491C-8117-CF201D0AFAB5} [2009.03.04 07:44:34 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D36DD326-7280-11D8-97C8-000129760CBE} [2009.08.02 22:03:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426} [2012.08.01 20:24:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} [2009.02.26 22:30:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} [2010.06.09 12:18:56 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} [2009.02.26 22:06:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} [2009.12.02 18:44:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} [2010.10.06 13:37:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466} [2012.04.20 15:14:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed [2012.01.03 18:18:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC [2012.01.03 18:22:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC [2011.11.14 19:47:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC [2011.11.01 14:12:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC [2011.11.01 14:12:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC [2011.11.01 14:13:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC [2011.02.14 12:02:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC [2011.11.01 14:13:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC [2011.11.01 14:13:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC [2011.11.01 14:20:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC [2011.11.01 14:17:05 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC [2011.11.14 19:49:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC [2012.01.03 18:19:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC [2012.01.03 18:19:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC [2012.01.03 18:19:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC [2012.01.03 18:19:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581 [2011.09.07 10:20:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1026B0516E9EBFD469E0CCDB35BFDDDE [2009.02.26 23:10:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D [2011.09.07 10:16:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\286FF0AF07CC75C439DC2E673F7E35E7 [2011.09.07 10:17:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2FDFDDD129A477E459F9951D699BC9C0 [2009.06.12 17:17:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7 [2011.09.07 10:18:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\436520B5B5D7D8B4EBA297341CFCD2D5 [2011.04.24 21:59:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A [2011.06.29 19:59:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1 [2012.04.20 14:50:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0500000010 [2009.11.11 11:42:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040 [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7E577B2224C65CF4E801A9E52375DB49 [2011.09.07 10:19:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\961F4929EE2747D4EA29AC526FB4F48F [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A76A12931BA584E449447C8141FC0372 [2011.09.07 10:19:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AB4027DB46DDE994B955A682C2FDF44A [2011.09.19 20:22:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AC5F6FF803E4B3E49B1502C4AA2A17A6 [2011.09.27 18:25:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0 [2011.09.07 10:20:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B78DD5CB341041D4AA6E79016941CDB6 [2011.06.22 21:42:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a [2011.09.07 10:15:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C88D1A60201E7254FA0792FF7DFA12A5 [2011.09.07 10:20:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D36E13DCDF74C1941871FC02D1A0AF5B [2009.02.26 21:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100 [2009.12.02 18:44:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.4518 [2012.08.19 19:52:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6612 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.4518 [2012.01.03 18:23:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6612 [2011.11.01 14:12:52 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.4763 [2011.11.14 19:47:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.6029 [2011.11.01 14:12:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC\14.0.4763 [2011.11.01 14:12:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC\14.0.4763 [2011.11.01 14:13:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC\14.0.4763 [2011.02.14 12:02:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC\14.0.4763 [2011.11.01 14:13:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.4763 [2012.04.20 15:00:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.6029 [2011.11.01 14:13:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC\14.0.4763 [2011.11.01 14:20:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC\14.0.4763 [2012.05.12 09:53:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763 [2012.08.19 19:43:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029 [2011.11.01 14:11:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.4763 [2011.11.14 19:49:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.6029 [2011.11.01 14:21:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.4763 [2012.01.03 18:19:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.6029 [2012.01.03 18:19:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.4763 [2012.01.03 18:19:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.6029 [2012.01.03 18:19:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.4763 [2012.08.19 19:47:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.6029 [2011.11.01 14:21:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.4763 [2012.01.03 18:19:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.6029 [2010.04.16 12:07:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727 [2011.09.07 10:20:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1026B0516E9EBFD469E0CCDB35BFDDDE\140.0.212 [2012.05.12 10:03:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729 [2011.09.07 10:19:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\286FF0AF07CC75C439DC2E673F7E35E7\140.0.212 [2011.09.07 10:17:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2FDFDDD129A477E459F9951D699BC9C0\140.0.273 [2012.04.20 15:02:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7\9.7.621 [2011.09.07 10:18:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\436520B5B5D7D8B4EBA297341CFCD2D5\140.0.256 [2012.06.13 19:14:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319 [2011.06.29 20:05:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1\4.0.30319 [2012.08.27 17:57:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0500000010\9.5.0 [2009.11.11 11:42:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040\9.0.0 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7E577B2224C65CF4E801A9E52375DB49\14.0.1468 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\961F4929EE2747D4EA29AC526FB4F48F\140.0.212 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A76A12931BA584E449447C8141FC0372\1.0.0 [2012.04.20 14:56:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AB4027DB46DDE994B955A682C2FDF44A\140.0.77 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AC5F6FF803E4B3E49B1502C4AA2A17A6\140.0.186 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0\8.0.56336 [2011.09.07 10:20:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B78DD5CB341041D4AA6E79016941CDB6\140.0.214 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\8.0.61001 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C88D1A60201E7254FA0792FF7DFA12A5\140.0.80 [2011.09.07 10:20:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D36E13DCDF74C1941871FC02D1A0AF5B\140.0.212 [2009.02.26 21:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0 [2009.12.02 18:44:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217\4.20.9870 < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Installer\*. /s > [2009.02.26 21:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$ [2009.03.04 07:44:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D} [2010.06.09 12:19:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7} [2010.05.19 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{08C0729E-3E50-11DF-9D81-005056806466} [2010.01.12 17:20:48 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} [2011.09.07 10:17:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{1DDDFDF2-4A92-4E77-959F-59D196B99C0C} [2009.02.26 22:29:10 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{205C6BDD-7B73-42DE-8505-9A093F35A238} [2009.03.04 07:41:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} [2010.04.13 16:32:42 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466} [2011.09.26 22:26:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3} [2012.04.20 15:02:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{39D0E034-1042-4905-BECB-5502909FCB7C} [2011.07.09 19:37:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{4286E640-B5FB-11DF-AC4B-005056C00008} [2009.02.26 22:21:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{47948554-90C6-4AAC-8CFA-D23CE11C1031} [2011.09.07 10:16:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E} [2011.07.27 01:47:20 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C} [2009.02.26 22:30:11 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5A166C0B-9557-4364-A057-F946D674E6AC} [2011.12.01 17:50:36 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E} [2009.02.26 21:44:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75} [2009.02.26 22:31:47 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{6B96DADA-1A27-4A04-8CB2-CC45168D05FA} [2009.03.04 07:36:17 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB} [2009.02.26 22:31:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{81821BF8-DA20-4F8C-AA87-F70A274828D4} [2009.02.26 22:29:04 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{835686C5-8650-49EB-8CA0-4528B4035495} [2009.02.26 22:29:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} [2009.02.26 21:51:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} [2012.05.12 09:43:58 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} [2009.02.26 22:31:29 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{8C1E2925-14F8-45AA-B999-1E2A74BF5607} [2011.09.07 10:22:40 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A} [2012.08.19 19:52:57 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-0020-0407-0000-0000000FF1CE} [2009.05.05 19:09:50 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90120000-006E-0407-0000-0000000FF1CE} [2012.09.19 08:20:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE} [2011.11.14 19:49:28 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{90140000-006E-0407-0000-0000000FF1CE} [2010.01.13 00:21:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466} [2012.08.19 19:53:03 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE} [2009.02.26 22:09:16 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A062A15F-9CAC-4B88-98DF-87628A0BD721} [2009.02.26 22:06:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D} [2012.08.27 17:58:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-A95000000001} [2009.11.11 11:42:13 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004} [2009.02.26 22:06:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{ADDBE07D-95B8-4789-9C76-187FFF9624B4} [2010.06.09 12:18:57 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8} [2011.12.01 17:50:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E} [2012.04.20 16:27:39 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120} [2009.03.04 07:43:22 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{B7A0CE06-068E-11D6-97FD-0050BACBF861} [2009.02.26 21:50:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF} [2010.02.12 20:23:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C084BC61-E537-11DE-8616-005056806466} [2009.02.26 21:51:07 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{C523D256-313D-4866-B36A-F3DE528246EF} [2009.03.04 07:40:09 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} [2011.09.07 10:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{CD31E63D-47FD-491C-8117-CF201D0AFAB5} [2009.03.04 07:44:34 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{D36DD326-7280-11D8-97C8-000129760CBE} [2009.08.02 22:03:41 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426} [2012.08.01 20:24:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} [2009.02.26 22:30:54 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} [2010.06.09 12:18:56 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262} [2009.02.26 22:06:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} [2009.12.02 18:44:59 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} [2010.10.06 13:37:25 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{F7B0939E-58DF-11DF-B3A6-005056806466} [2012.04.20 15:14:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed [2012.01.03 18:18:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC [2012.01.03 18:22:35 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC [2011.11.14 19:47:53 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC [2011.11.01 14:12:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC [2011.11.01 14:12:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC [2011.11.01 14:13:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC [2011.02.14 12:02:13 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC [2011.11.01 14:13:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC [2011.11.01 14:13:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC [2011.11.01 14:20:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC [2011.11.01 14:17:05 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC [2011.11.14 19:49:24 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC [2012.01.03 18:19:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC [2012.01.03 18:19:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC [2012.01.03 18:19:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC [2012.01.03 18:19:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581 [2011.09.07 10:20:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1026B0516E9EBFD469E0CCDB35BFDDDE [2009.02.26 23:10:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D [2011.09.07 10:16:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\286FF0AF07CC75C439DC2E673F7E35E7 [2011.09.07 10:17:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2FDFDDD129A477E459F9951D699BC9C0 [2009.06.12 17:17:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7 [2011.09.07 10:18:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\436520B5B5D7D8B4EBA297341CFCD2D5 [2011.04.24 21:59:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A [2011.06.29 19:59:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1 [2012.04.20 14:50:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0500000010 [2009.11.11 11:42:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040 [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7E577B2224C65CF4E801A9E52375DB49 [2011.09.07 10:19:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\961F4929EE2747D4EA29AC526FB4F48F [2009.10.17 13:25:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A76A12931BA584E449447C8141FC0372 [2011.09.07 10:19:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AB4027DB46DDE994B955A682C2FDF44A [2011.09.19 20:22:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AC5F6FF803E4B3E49B1502C4AA2A17A6 [2011.09.27 18:25:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0 [2011.09.07 10:20:40 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B78DD5CB341041D4AA6E79016941CDB6 [2011.06.22 21:42:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a [2011.09.07 10:15:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C88D1A60201E7254FA0792FF7DFA12A5 [2011.09.07 10:20:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D36E13DCDF74C1941871FC02D1A0AF5B [2009.02.26 21:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100 [2009.12.02 18:44:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.4518 [2012.08.19 19:52:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002109020070400000000000F01FEC\12.0.6612 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.4518 [2012.01.03 18:23:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00002159FA0070400000000000F01FEC\12.0.6612 [2011.11.01 14:12:52 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.4763 [2011.11.14 19:47:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\000041091A0070400000000000F01FEC\14.0.6029 [2011.11.01 14:12:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109510070400000000000F01FEC\14.0.4763 [2011.11.01 14:12:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109610070400000000000F01FEC\14.0.4763 [2011.11.01 14:13:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109810070400000000000F01FEC\14.0.4763 [2011.02.14 12:02:14 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109910070400000000000F01FEC\14.0.4763 [2011.11.01 14:13:06 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.4763 [2012.04.20 15:00:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109A10070400000000000F01FEC\14.0.6029 [2011.11.01 14:13:30 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109B10070400000000000F01FEC\14.0.4763 [2011.11.01 14:20:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109C20070400000000000F01FEC\14.0.4763 [2012.05.12 09:53:09 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.4763 [2012.08.19 19:43:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109D30000000000000000F01FEC\14.0.6029 [2011.11.01 14:11:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.4763 [2011.11.14 19:49:25 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109E60070400000000000F01FEC\14.0.6029 [2011.11.01 14:21:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.4763 [2012.01.03 18:19:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10001400000000000F01FEC\14.0.6029 [2012.01.03 18:19:15 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.4763 [2012.01.03 18:19:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10070400000000000F01FEC\14.0.6029 [2012.01.03 18:19:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.4763 [2012.08.19 19:47:54 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F10090400000000000F01FEC\14.0.6029 [2011.11.01 14:21:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.4763 [2012.01.03 18:19:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\00004109F100C0400000000000F01FEC\14.0.6029 [2010.04.16 12:07:19 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\0D756077321A70C3E844C138CE981581\8.0.50727 [2011.09.07 10:20:51 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\1026B0516E9EBFD469E0CCDB35BFDDDE\140.0.212 [2012.05.12 10:03:50 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729 [2011.09.07 10:19:44 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\286FF0AF07CC75C439DC2E673F7E35E7\140.0.212 [2011.09.07 10:17:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\2FDFDDD129A477E459F9951D699BC9C0\140.0.273 [2012.04.20 15:02:46 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\430E0D9324015094EBBC552009F9BCC7\9.7.621 [2011.09.07 10:18:36 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\436520B5B5D7D8B4EBA297341CFCD2D5\140.0.256 [2012.06.13 19:14:02 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\5C1093C35543A0E32A41B090A305076A\4.0.30319 [2011.06.29 20:05:17 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\689C057F0135A5A3598FE47CC1A80CC1\4.0.30319 [2012.08.27 17:57:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B7449A0500000010\9.5.0 [2009.11.11 11:42:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040\9.0.0 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\7E577B2224C65CF4E801A9E52375DB49\14.0.1468 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\961F4929EE2747D4EA29AC526FB4F48F\140.0.212 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\A76A12931BA584E449447C8141FC0372\1.0.0 [2012.04.20 14:56:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AB4027DB46DDE994B955A682C2FDF44A\140.0.77 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\AC5F6FF803E4B3E49B1502C4AA2A17A6\140.0.186 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\b25099274a207264182f8181add555d0\8.0.56336 [2011.09.07 10:20:41 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\B78DD5CB341041D4AA6E79016941CDB6\140.0.214 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\c1c4f01781cc94c4c8fb1542c0981a2a\8.0.61001 [2012.04.20 14:56:22 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\C88D1A60201E7254FA0792FF7DFA12A5\140.0.80 [2011.09.07 10:20:10 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D36E13DCDF74C1941871FC02D1A0AF5B\140.0.212 [2009.02.26 21:12:03 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0 [2009.12.02 18:44:56 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\$PatchCache$\Managed\DDA39468D428E8B4DB27C8D5DC5CA217\4.20.9870 < End of report > |
|
24.10.2012, 11:45
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.WinlockZitat:
 Wie ich sehe hast du eine ein "unglückliche" SecuritySuite von GDATA. Hast du die mal komplett deaktivierten? Funktioniert die Internetverbindung dann wieder? Notfalls mal vorübergehend komplett deinstallieren und weitertesten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2012, 12:14
| #25 |
| | Trojan.Winlock Nein, das stimmt natürlich. Ich habe keine Verbindung zum Internet. Bei G-Data ist ziemlich alles inaktiv und ich wüsste nicht was ist noch deaktiviren soll... ..Ist schon alles rot:-).Irgendwas scheint die Verbindungen zu blockieren.Ich habe alle add ons raus genommen und und viele Dienste beim Start deaktiviert. Gibt es keinen weiteren Scans die ich machen kann? TREFFER...Cosinus du hattest recht. Ich habe G Data mit einem removal Tool entfernt und schwups bin ich wieder online. Hast du noch etwas auf der Agenda was das Virenthema angeht? Ansonsten könnten wir "aufräumen" |
|
24.10.2012, 18:31
| #26 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.WinlockZitat:
 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2012, 20:11
| #27 |
| | Trojan.Winlock JA, deine Argumentatiin war dann schlüssig. Die Scans waren etwas holprig. GMER hat 2x eine Absturz verursacht..habe ich abgebrochen. OSAM lief durch: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:44:17 on 24.10.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS "catchme" (catchme) - ? - C:\Users\LEBERE~1\AppData\Local\Temp\catchme.sys (File not found) "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - ? - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (File not found) {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "WEB.DE MailCheck Protocol" - "1und1 Mail und Media GmbH" - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl (File not found) {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\MLSHEXT.DLL {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- Locked "Locked" - ? - (File not found | COM-object registry key not found) <binary data> "WEB.DE MailCheck" - "1und1 Mail und Media GmbH" - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - ? - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (File not found) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} "WEB.DE MailCheck BHO" - "1und1 Mail und Media GmbH" - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\LeberechtHesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "AVer HID Receiver.lnk" - ? - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "MDS_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" "PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe" "tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpf3l101.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l101.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "ArcSoft Connect Daemon" (ACDaemon) - ? - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (File not found) "AVerRemote" (AVerRemote) - "AVerMedia" - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe "AVerScheduleService" (AVerScheduleService) - ? - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe "B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Google Update Service (gupdate1c9fd782a786bb0)" (gupdate1c9fd782a786bb0) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe (File found, but it contains no detailed information) "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 21:01:41
-----------------------------
21:01:41.022 OS Version: Windows 6.0.6002 Service Pack 2
21:01:41.022 Number of processors: 2 586 0x170A
21:01:41.022 ComputerName: GARTENPC UserName:
21:01:42.769 Initialize success
21:01:51.006 AVAST engine defs: 12102400
21:02:07.994 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:02:07.994 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC60G Size: 476940MB BusType: 3
21:02:08.010 Disk 0 MBR read successfully
21:02:08.010 Disk 0 MBR scan
21:02:08.057 Disk 0 Windows VISTA default MBR code
21:02:08.072 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 450941 MB offset 2048
21:02:08.104 Disk 0 Partition 2 00 0C FAT32 LBA MSWIN4.1 25997 MB offset 923529216
21:02:08.119 Disk 0 scanning sectors +976771072
21:02:08.197 Disk 0 scanning C:\Windows\system32\drivers
21:02:18.899 Service scanning
21:02:44.077 Modules scanning
21:02:50.692 Disk 0 trace - called modules:
21:02:50.723 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
21:02:50.723 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bfa450]
21:02:50.723 3 CLASSPNP.SYS[8a3a78b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8531eb98]
21:02:50.723 Scan finished successfully
21:03:02.813 Disk 0 MBR has been saved successfully to "C:\Users\LeberechtHesse\Desktop\MBR.dat"
21:03:02.828 The log file has been saved successfully to "C:\Users\LeberechtHesse\Desktop\aswMBR.txt"
|
|
24.10.2012, 20:57
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Winlock Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2012, 17:16
| #29 |
| | Trojan.Winlock Okay hier die beiden Scans: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/25/2012 at 01:24 AM
Application Version : 5.6.1012
Core Rules Database Version : 9466
Trace Rules Database Version: 7278
Scan type : Complete Scan
Total Scan Time : 01:52:11
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator
Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 39925
Registry threats detected : 0
File items scanned : 152259
File threats detected : 157
Adware.Tracking Cookie
C:\USERS\LEBERECHTHESSE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROMF6X79.txt [ Cookie:leberechthesse@doubleclick.net/ ]
.apmebf.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.-hd.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.freesexnavigator.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.freesexnavigator.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.freesexnavigator.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
adserv.adservercentral.info [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ads.crakmedia.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.trafficholder.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.rawhomeporn.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.trafficholder.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.trafficholder.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.123counter.at [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.trafficholder.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]E ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
24x7adservice.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.netdebit-counter.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.trafficholder.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.www.cracked.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
delivery.trafficbroker.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.toplist.eu [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.toplist.sk [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.toplist.cz [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.exoclick.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.deutschepostag.112.2o7.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
keyword-advertising.web.de [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
.philips.112.2o7.net [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LEBERECHTHESSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\06M07OSK.DEFAULT\COOKIES.SQLITE ]
Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.24.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 LeberechtHesse :: GARTENPC [Administrator] Schutz: Aktiviert 24.10.2012 22:15:12 mbam-log-2012-10-24 (22-15-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 365770 Laufzeit: 1 Stunde(n), 5 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich habe noch folgende Progr. von der Bereinigung auf dem PC: OTL,tdsskiller,aswMBR,Combofix,adwcleaner Können die weg,und gibt es dafür ein removal toll oder geht das einfach über die Systemsteuerung (Prgr.deinstallieren) Viele Grüße sony |
|
25.10.2012, 20:42
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Winlock Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Winlock |
| abgesicherten, administrator, anti-malware, autostart, code, dateien, erfolgreich, explorer, gelöscht, gen, heute, internet, logfile, malwarebytes, microsoft, quarantäne, registrierung, service, service pack 2, software, speicher, test, version, virusfund, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
