| |
| |||||||
Log-Analyse und Auswertung: Google Suchergebnisse - leitet beim Klick auf das Suchergebnis umWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.11.2012, 04:11
| #1 |
| |  Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um Ein herzliches Hallo zusammen, mein Problem ist folgendes. Habe einen PC (Windows 7 32bit) beim dem man wenn man auf Google zB. Aldi eingibt dann beim anklicken der Suchergebnisse entweder auf Porno-seiten oder Verkaufs-seiten kommt. Kaspersky und Malewarebytest haben nichts gefunden. Dazu ist auch noch der Windows Sicherheitscenter deaktiviert. Ich habe den Dienst schon auf "Starten" gesetzt gehabt aber kurz danach ist er wieder deaktiviert. Hier erstmal CCleaner Logfile Code:
ATTFilter ABACUS Arag IT GmbH 02.11.2012
Adobe AIR Adobe Systems Incorporated 02.11.2012 3.2.0.2070
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 02.11.2012 6,00MB 11.4.402.287
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 02.11.2012 6,00MB 11.4.402.287
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 124MB 10.1.4
AIDA64 Extreme Edition v1.20 FinalWire Ltd. 09.02.2011 20,1MB 1.20
Angebots Msi Canada Life Assurance (Irl) Ltd 13.09.2011 133MB 14.0.00
AOWin2010 02.11.2012
AOWin2010 09.02.2011
Apple Application Support Apple Inc. 17.09.2012 64,4MB 2.2.2
Apple Mobile Device Support Apple Inc. 17.09.2012 23,1MB 6.0.0.59
Apple Software Update Apple Inc. 21.07.2011 2,38MB 2.1.3.127
AquaSoft PhotoKalender 3 AquaSoft 02.11.2012 3.6.03
ASC Easy 3.9.3 ASC GmbH 03.08.2011 207MB
ASC Easy Update auf Version 4.5.0 ASC Assekuranz Service Center GmbH 09.10.2012 70,6MB
AXA Beratungstechnologie AXA Konzern AG 04.07.2012 196MB 12.1.0
BB-Euro-Tarifrechner 02.11.2012 1.0
Beratungsprogramme W&W-Konzern 02.11.2012
Bonjour Apple Inc. 12.10.2011 1,04MB 3.0.0.10
Brother P-touch Address Book 1.1 Brother Industries, Ltd. 05.06.2012 11,7MB 1.1.100
Brother P-touch Editor 5.0 Brother Industries, Ltd. 05.06.2012 22,3MB 5.0.110
CardMinder PFU 20.07.2011 V4.1L10
CCleaner Piriform 24.10.2012 3.24
CleverPrint Abelssoft GmbH 27.07.2011 2.00
CodedColor FotoStudio 2010, 6.1.2 1STEIN 02.12.2011 76,0MB
CONDOR Angebotssystem Condor Versicherungsgruppe 02.11.2012 09/2012
Data Access Objects (DAO) 3.5 02.11.2012
DB_Firebird 1.5.0.4306 02.11.2012
DHTML Editing Component Microsoft Corporation 01.04.2011 554KB 6.02.0001
Dialog Tarifprogramm Dialog Lebensversicherungs-AG 06.12.2011 216MB 1.26.0008
Dir-It! Wirth New Media Sarl 31.03.2011 630KB 4.00.0000
Direkt Foto System 3.x 04.11.2011 270MB
ELBE SL SLP 02.11.2012 1.22.0.357 13.06.2012
ElektrALight DKV ein Unternehmen der ERGO Versicherungsgruppe 06.09.2012 32,5MB 12.10
Firebird SQL Server - MAGIX Edition MAGIX AG 23.01.2012 10,1MB 2.1.27.0
FUJIFILM MyFinePix Studio 2.0 15.08.2011
Fujitsu NetCOBOL Free Run-time FUJITSU LIMITED 05.09.2012 7,71MB 9.0.0020.0000
Garmin Communicator Plugin Garmin Ltd or its subsidiaries 25.09.2012 14,6MB 4.0.3
Geldgeschenke DruckShop 02.11.2012
Generali Versicherungen Beratungssoftware 02.11.2012
GEWA KV-Rational 02.11.2012
GEWA KVRATIO 02.11.2012
Google Chrome Google Inc. 06.07.2012 22.0.1229.94
Google Earth Google 21.11.2011 92,7MB 6.1.0.5001
Gothaer Softwarepaket, komplette Deinstallation 02.11.2012
HanseMerkur ISA Makler HanseMerkur Krankenversicherung AG 02.11.2012 1.5.0
HanseMerkur ISA Service Extensions Hanse Merkur 14.05.2012 7,28MB 1.1.4
HanseMerkur-Tarife 02.11.2012
Hardcopy (C:\Program Files\Hardcopy) www.hardcopy.de 02.11.2012 2011.07.02
Helvetia Porta Helvetia Versicherungen Deutschland 02.11.2012
HP Product Detection Hewlett-Packard Company 20.07.2011 1,90MB 10.7.9.0
iCloud Apple Inc. 08.10.2012 47,4MB 2.0.2.187
InterRisk WinRisk 4.9.0 InterRisk Versicherungs-AG Vienna Insurance Group, InterRisk Lebensversicherungs-AG Vienna Insurance Group 28.10.2011 406MB 4.9.246.0
IrfanView (remove only) Irfan Skiljan 02.11.2012 1,50MB 4.30
iTunes Apple Inc. 17.09.2012 180MB 10.7.0.21
Janitos Offline-Tarifrechner 3.2.4.0 Fairware24 23.12.2011
Java 2 Runtime Environment, SE v1.4.2_10 Sun Microsystems, Inc. 11.08.2011 131MB 1.4.2_10
Java 7 Update 9 Oracle 31.08.2012 128MB 7.0.90
Kaspersky Anti-Virus 2013 Kaspersky Lab 02.11.2012 13.0.1.4190
klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010 telegate MEDIA AG 09.02.2011 1.00.0000
klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 telegate MEDIA AG 29.07.2011 1.00.0000
KS-Win 2008 Kraftfahrerschutz e.V. 02.11.2012 1.4.42
KUBUS light ERGO ITERGO 05.04.2012 2,27GB 12.10
LAN-Fax Dienstprogramme 02.11.2012
MAGIX 3D Maker (embedded MSI) MAGIX AG 23.01.2012 19,8MB 6.0.0.8
MAGIX Foto Premium 9 MAGIX AG 02.11.2012 9.0.3.2
MAGIX Online Druck Service MAGIX AG 23.01.2012 10,2MB 3.4.3.0
MAGIX Screenshare MAGIX AG 23.01.2012 1,43MB 4.3.6.1987
MAGIX Speed 2 (MSI) MAGIX AG 23.01.2012 57,9MB 6.0.1.4
MAGIX Xtreme Grafik Designer 5 MAGIX AG 02.11.2012 5.1.2.10977
MailStore Home 5.0.1.6919 deepinvent Software GmbH 24.01.2012 24,1MB 5.0.1.6919
Maitre Swiss Life Partner 02.11.2012 1.14.0.180
MEAG-Angebotssoftware MEAG 05.04.2012 22,5MB 1.79.4
Microsoft .NET Framework 1.1 02.11.2012
Microsoft .NET Framework 1.1 German Language Pack 02.11.2012
Microsoft .NET Framework 4 Client Profile 09.02.2011 220MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 02.11.2012 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack 09.02.2011
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 02.11.2012 2,93MB 4.0.30319
Microsoft .NET Framework 4 Extended 09.02.2011 94,8MB
Microsoft .NET Framework 4 Extended Microsoft Corporation 02.11.2012 51,9MB 4.0.30319
Microsoft Access 2000 SR-1 Runtime Microsoft Corporation 03.08.2011 44,8MB 9.00.3821
Microsoft Dynamics CRM 2011 für Microsoft Office Outlook Microsoft Corporation 02.11.2012 5.0.9690.2243
Microsoft IntelliType Pro 8.2 Microsoft Corporation 02.11.2012 8.20.469.0
Microsoft LifeCam Microsoft Corporation 09.02.2011 49,9MB 3.22.270.0
Microsoft Office File Validation Add-In Microsoft Corporation 16.09.2011 7,95MB 14.0.5130.5003
Microsoft Office Live Add-in 1.5 Microsoft Corporation 02.05.2012 508KB 2.0.4024.1
Microsoft Office Outlook Connector Microsoft Corporation 01.09.2011 3,36MB 14.0.5118.5000
Microsoft Office Professional Plus 2007 Microsoft Corporation 02.11.2012 12.0.6612.1000
Microsoft Online Services-Anmeldeassistent Microsoft Corporation 30.05.2012 3,63MB 7.250.4287.0
Microsoft ReportViewer 2010 Redistributable Microsoft Corporation 29.05.2012 12,4MB 10.0.30319
Microsoft Silverlight Microsoft Corporation 15.05.2012 142MB 5.1.10411.0
Microsoft SQL Server 2005 Microsoft Corporation 02.11.2012
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 01.09.2011 1,69MB 3.1.0000
Microsoft SQL Server 2008 Microsoft Corporation 02.11.2012
Microsoft SQL Server 2008 Browser Microsoft Corporation 31.10.2012 8,03MB 10.3.5500.0
Microsoft SQL Server 2008 Native Client Microsoft Corporation 31.10.2012 3,27MB 10.3.5500.0
Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 29.05.2012 3,69MB 3.5.8082.0
Microsoft SQL Server Native Client Microsoft Corporation 10.04.2012 2,60MB 9.00.5000.00
Microsoft SQL Server Setup Support Files (English) Microsoft Corporation 10.04.2012 24,5MB 9.00.5000.00
Microsoft SQL Server VSS Writer Microsoft Corporation 31.10.2012 2,18MB 10.3.5500.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 17.06.2011 252KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 12.07.2011 300KB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 28.10.2011 234KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 27.09.2011 238KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 31.05.2011 596KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12.07.2011 600KB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 31.10.2012 11,0MB 10.0.30319
Microsoft Windows Media Video 9 VCM 02.11.2012
Microsoft Works 6-9 Converter Microsoft Corporation 13.04.2012 4,56MB 14.0.6120.5002
Microsoft XML Parser 19.07.2011 66,0KB 1.00.0000
MKVWin 12-1 10.10.2011 MKVWin 12-1
MobileMe Control Panel Apple Inc. 24.10.2011 12,9MB 3.1.8.0
MotoHelper 2.1.32 Driver 5.4.0 Motorola 02.11.2012 2.1.32
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.07.2011 35,0KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.07.2011 1,33MB 4.20.9876.0
MV-Makler-und-ADP 02.11.2012
myphotobook.de myphotobook GmbH 02.11.2012 1.3.0
MÜNCHENER VEREIN Software-Service 02.11.2012
Nero Burning ROM 10 Nero AG 13.09.2011 168MB 10.6.10600
Nero BurnRights 10 Nero AG 13.09.2011 6,14MB 4.4.10300.1.100
Outlook Backup Assistant 5 (Vollversion) Priotecs IT GmbH 31.03.2011 5,93MB 5.0
PhotoCleaner 02.11.2012
Pixpedia Publisher 3.1.1 1STEIN Corp. 02.12.2011 34,3MB
POLARIS 02.11.2012
Power Druckstudio Gold 1 13.09.2012 454MB
QuickTime Apple Inc. 21.05.2012 73,2MB 7.72.80.56
RAF FUJIFILM Corporation 15.08.2011 1.00.0001
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 02.11.2012 6.0.1.5910
RSA SecurID Software Token RSA, The Security Division of EMC 29.09.2011 19,9MB 4.1.0
RSA Smart Card Middleware 3.5 RSA, The Security Division of EMC 29.09.2011 13,2MB 3.5.3.36
RuntimeInstallieren SIGNAL IDUNA 20.07.2011 2,28MB 1.20.0001
RV-Win 02.11.2012
ScanSnap Manager PFU 20.07.2011 V5.0L21
ScanSnap Organizer PFU 20.07.2011 V4.1L11
ScanSoft PDF Converter 3.0 ScanSoft, Inc 04.10.2011 78,3MB 3.00.0002
SDK - Angebotsprogramm Süddeutsche Krankenversicherung a.G. 15.08.2012 583MB 12.07.30
SIGNAL IDUNA Beratungssoftware freie Vertriebe SIGNAL IDUNA Gruppe 02.11.2012 012.33.0001
Skype™ 5.10 Skype Technologies S.A. 13.09.2012 19,4MB 5.10.116
SQLAnywhere11 02.11.2012
Swiss Life BeraterBüro Intelligent Solution Services AG 05.09.2012 191MB 7.45.0271
Swiss Life EVA 02.11.2012
T-Online 6.0 02.11.2012
TeamViewer 7 TeamViewer 02.11.2012 7.0.15723
trixiKfz trixi informationssysteme GmbH 30.05.2011 46,0MB 17.00.0000
Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 31.10.2012 30,0MB 10.3.5500.0
Vereins-Verwaltung Dr. Hartmut Braun 02.11.2012 11.6.07.12
VHV Maklerverwaltungsprogramm VHV Allgemeine Versicherung AG 08.02.2012 1.1.7.0
VHV RECOMAX VHV Allgemeine Versicherung AG 16.01.2012 7.00
VHV-Tarifprogramm VHV Allgemeine Versicherung AG 20.09.2012 50.0.37
VIA-P 12.20 ITERGO GmbH 03.07.2012 2,85GB 12.20
VorsorgePLANER Software für Vorsorge und Finanzplanung GmbH & Co. KG 13.09.2011 123MB 1.0
WebKIS Offline 02.11.2012
Windows Live Essentials Microsoft Corporation 01.09.2011 15.4.3538.0513
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 01.09.2011 5,57MB 15.4.5722.2
Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader (05/17/2005 5.2.3790.2444) Microsoft 02.11.2012 05/17/2005 5.2.3790.2444
WinRAR 4.11 (32-Bit) win.rar GmbH 02.11.2012 4.11.0
Zoner Photo Studio 12 ZONER software 02.12.2011 164MB 12.0.1.10
Hier die OTL Datei Code:
ATTFilter OTL logfile created on: 02.11.2012 03:51:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scheuer\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,77% Memory free 6,50 Gb Paging File | 4,75 Gb Available in Paging File | 73,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 292,97 Gb Total Space | 195,77 Gb Free Space | 66,82% Space Free | Partition Type: NTFS Drive E: | 7,53 Gb Total Space | 1,42 Gb Free Space | 18,85% Space Free | Partition Type: NTFS Drive F: | 172,79 Gb Total Space | 116,20 Gb Free Space | 67,25% Space Free | Partition Type: NTFS Drive G: | 962,07 Mb Total Space | 484,32 Mb Free Space | 50,34% Space Free | Partition Type: FAT32 Computer Name: HAUPT-PC | User Name: Scheuer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Scheuer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe () PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () PRC - F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe (BISS GmbH) PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) PRC - C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe () PRC - F:\Versicherungen\KOSYMA\update\bserver3.exe (Brainstorm Informatik GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (RSA, The Security Division of EMC.) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) PRC - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED) PRC - C:\Program Files\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) PRC - C:\Windows\System32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) PRC - F:\Versicherungen\WebKIS\Tomcat\bin\tomcat5.exe (Apache Software Foundation) PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project) PRC - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe () MOD - C:\Program Files\Hardcopy\HcDllS.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe () MOD - C:\Program Files\Hardcopy\hardcopy_03.dll () MOD - C:\Program Files\Hardcopy\HcDLL2_30_Win32.dll () MOD - C:\Program Files\PFU\ScanSnap\Driver\PfuSsConfig.dll () MOD - C:\Program Files\PFU\ScanSnap\Driver\PfuSsExtention.dll () MOD - C:\Program Files\PFU\ScanSnap\CardMinder\CardPath.dll () MOD - C:\Program Files\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll () MOD - C:\Program Files\PFU\ScanSnap\Driver\SSsltsa.dll () MOD - C:\Program Files\PFU\ScanSnap\Driver\PfuSsImgIO.dll () ========== Services (SafeList) ========== SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WinRiskXAAppService) -- F:\Versicherungen\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe () SRV - (CrmSqlStartupSvc) -- C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe (Microsoft Corporation) SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () SRV - (WinRiskXAServiceHandler) -- F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe () SRV - (WinRiskXASoftwareUpdate) -- F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe (BISS GmbH) SRV - (BserverDienst) -- F:\Versicherungen\KOSYMA\update\bserver3.exe (Brainstorm Informatik GmbH) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Printer Control) -- C:\Windows\System32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (ApacheTomcatKLV) -- F:\Versicherungen\WebKIS\Tomcat\bin\tomcat5.exe (Apache Software Foundation) SRV - (ARAGHSQL) -- F:\Versicherungen\DB\ABACUS\fp\HsqlService.exe (Multiplan Consultants Limited) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe (The Firebird Project) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe (The Firebird Project) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys () DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nachrichten.t-online.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\..\SearchScopes,DefaultScope = {0118E0F7-9F49-4502-AA50-52CF776CA330} IE - HKCU\..\SearchScopes\{0118E0F7-9F49-4502-AA50-52CF776CA330}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Scheuer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Scheuer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.11.02 01:57:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.11.02 01:57:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.11.02 01:57:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.11.02 03:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.02 02:00:41 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\mozilla firefox\extensions\quickstores@quickstores.de ========== Chrome ========== CHR - homepage: hxxp://nachrichten.t-online.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://nachrichten.t-online.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: SiteRanker = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgldkplledicnbnnliodeffobaiaodaf\1.0.0.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Google Mail = C:\Users\Scheuer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.11.01 10:19:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [PDF3 Registry Controller] C:\Program Files\ScanSoft\PDF Converter 3.0\RegistryController.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com) O4 - HKLM..\Run: [RSA Card Conversion Utility] C:\Program Files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe (RSA, The Security Division of EMC.) O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED) O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found O4 - HKLM..\RunOnce: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: vhv.de ([maxnet] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_10-windows-i586.cab (Java Plug-in 1.4.2_10) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{253A9CB9-9CF4-4CB4-A6C9-48ED5393596E}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADC195FF-FC71-43F2-BE2B-816D64DB9611}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (msoidssp) - C:\Windows\System32\msoidssp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.08.17 09:16:35 | 000,000,107 | ---- | M] () - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.02 03:39:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scheuer\Desktop\OTL.exe [2012.11.02 03:35:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2012.11.02 03:32:36 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2012.11.02 03:06:02 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.11.02 03:06:02 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.11.02 03:05:51 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.11.02 03:05:51 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.11.02 03:05:51 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.11.02 03:03:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.11.02 03:01:12 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.11.02 03:01:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.11.02 01:49:00 | 000,000,000 | --SD | C] -- C:\Users\Scheuer\AppData\Roaming\Microsoft [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Videos [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Saved Games [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Pictures [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Music [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Links [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Favorites [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Downloads [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Documents [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\Desktop [2012.11.02 01:49:00 | 000,000,000 | R--D | C] -- C:\Users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Vorlagen [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\AppData\Local\Verlauf [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\AppData\Local\Temporary Internet Files [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Startmenü [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\SendTo [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Recent [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Netzwerkumgebung [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Lokale Einstellungen [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Documents\Eigene Videos [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Documents\Eigene Musik [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Eigene Dateien [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Documents\Eigene Bilder [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Druckumgebung [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Cookies [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\AppData\Local\Anwendungsdaten [2012.11.02 01:49:00 | 000,000,000 | -HSD | C] -- C:\Users\Scheuer\Anwendungsdaten [2012.11.02 01:49:00 | 000,000,000 | -H-D | C] -- C:\Users\Scheuer\AppData [2012.11.02 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Local\Temp [2012.11.02 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Local\Microsoft [2012.11.02 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Media Center Programs [2012.11.02 01:47:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2012.11.02 01:47:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.11.02 01:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.11.02 01:45:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012.11.02 01:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.11.02 01:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.11.02 01:40:20 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.11.02 01:29:31 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q [2012.11.02 01:19:08 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR [2012.11.01 23:59:29 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.01 23:53:44 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Local\VS Revo Group [2012.11.01 23:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2012.11.01 22:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012.11.01 22:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.01 22:02:04 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Runscanner.net [2012.11.01 22:01:59 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\LavasoftStatistics [2012.11.01 22:00:54 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Ad-Aware Antivirus [2012.11.01 21:54:37 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012.11.01 21:54:37 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Documents\Anti-Malware [2012.11.01 10:04:21 | 004,991,994 | R--- | C] (Swearware) -- C:\Users\Scheuer\Desktop\cofi.exe [2012.11.01 09:14:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.01 09:14:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.01 09:14:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.01 09:14:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.01 09:13:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.31 14:51:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2012.10.31 14:51:11 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2012.10.31 14:50:38 | 000,073,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$CRM-sqlctr10.3.5500.0.dll [2012.10.31 14:50:37 | 000,089,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SQSRVRES.DLL [2012.10.31 13:48:13 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\Malwarebytes [2012.10.31 13:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.31 13:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.10.31 13:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2012.10.31 12:47:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.10.31 12:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013 [2012.10.31 12:32:09 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2012.10.31 12:23:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.31 12:23:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.31 12:23:15 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.25 14:56:44 | 000,000,000 | -H-D | C] -- C:\Windows\$CrmUninstallKB2739504_Mui_1031$ [2012.10.22 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Documents\RVWin [2012.10.22 11:42:32 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\AppData\Roaming\RVWIN [2012.10.19 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Interessantes [2012.10.10 16:37:32 | 000,000,000 | ---D | C] -- C:\Users\Scheuer\Desktop\Fotos_Maria_Elsass [2012.10.08 09:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012.10.05 12:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VV Vereinsverwaltung [2012.01.16 11:55:40 | 001,129,320 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\ClientSetupResources.dll [2012.01.16 11:55:40 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\SetupClient.exe [2012.01.16 11:55:40 | 000,354,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\ClientSetup.dll [2010.10.28 04:34:50 | 004,368,744 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\mfc100u.dll [2010.10.26 19:08:50 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\msvcr100.dll [2010.10.26 19:08:50 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\msvcp100.dll [2010.10.26 19:08:50 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Users\Scheuer\mfcm100u.dll [2009.12.01 14:40:19 | 001,495,824 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Users\Scheuer\Lantreiber.exe [2009.01.15 17:40:18 | 184,521,568 | ---- | C] (T-Online) -- C:\Users\Scheuer\T-Online_6.0.exe [2009.01.10 11:52:21 | 017,788,641 | ---- | C] (VHV ) -- C:\Users\Scheuer\VHV_23.4.00.i.exe [2009.01.10 11:52:21 | 004,849,303 | ---- | C] (SDK) -- C:\Users\Scheuer\slp_kv_setup.exe [2009.01.10 11:52:19 | 002,633,928 | ---- | C] (Sammsoft ) -- C:\Users\Scheuer\AROTrial.exe [2009.01.10 11:52:19 | 000,153,744 | ---- | C] (Symantec Corporation) -- C:\Users\Scheuer\fixkorgo.exe ========== Files - Modified Within 30 Days ========== [2012.11.02 03:43:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000UA.job [2012.11.02 03:39:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scheuer\Desktop\OTL.exe [2012.11.02 03:21:57 | 000,826,836 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.02 03:21:57 | 000,779,848 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.02 03:21:57 | 000,196,370 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.02 03:21:57 | 000,168,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.02 03:20:38 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 03:20:38 | 000,023,632 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.02 03:16:01 | 000,004,838 | ---- | M] () -- C:\Windows\gauss.ini [2012.11.02 03:15:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.02 03:14:33 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\sgugfj.job [2012.11.02 03:14:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.02 03:14:12 | 2616,684,544 | -HS- | M] () -- C:\hiberfil.sys [2012.11.02 03:12:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.02 03:10:48 | 000,413,106 | RHS- | M] () -- C:\FTSMQ [2012.11.02 03:10:48 | 000,000,020 | RHS- | M] () -- C:\win7.ld [2012.11.02 03:00:36 | 000,161,548 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.11.02 03:00:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.02 02:49:12 | 000,022,140 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat [2012.11.02 02:45:20 | 000,543,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.02 01:46:08 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.11.02 01:45:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.02 01:40:07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012.11.02 00:20:37 | 000,003,368 | ---- | M] () -- C:\Users\Scheuer\Desktop\Windows-Kompatibilitätsbericht.htm [2012.11.02 00:16:15 | 000,002,543 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.11.02 00:16:15 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2012.11.01 10:19:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.01 09:15:44 | 000,002,470 | ---- | M] () -- C:\Windows\ODBC.INI [2012.11.01 09:11:03 | 004,991,994 | R--- | M] (Swearware) -- C:\Users\Scheuer\Desktop\cofi.exe [2012.11.01 08:41:05 | 000,001,086 | ---- | M] () -- C:\Users\Scheuer\Documents\cc_20121101_084102.reg [2012.10.31 17:01:20 | 000,016,974 | ---- | M] () -- C:\Windows\VFRAME32.INI [2012.10.31 16:55:37 | 000,000,904 | ---- | M] () -- C:\Windows\VPMS.INI [2012.10.31 15:53:30 | 000,001,572 | ---- | M] () -- C:\Windows\VFORTSCH.INI [2012.10.31 13:14:31 | 000,587,096 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.10.31 13:14:31 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys [2012.10.31 13:14:31 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys [2012.10.31 12:59:04 | 000,038,858 | ---- | M] () -- C:\Users\Scheuer\Documents\cc_20121031_125859.reg [2012.10.31 12:53:28 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.31 10:43:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000Core.job [2012.10.31 10:14:42 | 000,001,027 | ---- | M] () -- C:\Users\Scheuer\Desktop\KV-Rational neu.lnk [2012.10.30 17:10:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2012.10.30 11:23:22 | 000,000,358 | ---- | M] () -- C:\Windows\ktel.ini [2012.10.29 17:47:45 | 000,000,697 | ---- | M] () -- C:\Windows\AdrBook.INI [2012.10.22 17:02:48 | 000,000,185 | ---- | M] () -- C:\Users\Scheuer\AppData\Roaming\CASUpdateSkip.lst [2012.10.17 14:38:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2012.10.15 12:28:07 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.15 12:28:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.15 11:24:12 | 000,001,268 | ---- | M] () -- C:\Windows\NSECOL2.WIN [2012.10.11 08:41:34 | 000,155,810 | ---- | M] () -- C:\Users\Scheuer\Desktop\MVPExport.CSV [2012.10.09 10:29:09 | 000,023,214 | ---- | M] () -- C:\Windows\unins000.dat [2012.10.09 10:28:39 | 000,716,810 | ---- | M] () -- C:\Windows\unins000.exe [2012.10.05 12:46:25 | 000,000,520 | ---- | M] () -- C:\Users\Public\Desktop\Vereins-Verwaltung.lnk ========== Files Created - No Company Name ========== [2012.11.02 03:10:48 | 000,413,106 | RHS- | C] () -- C:\FTSMQ [2012.11.02 03:10:48 | 000,000,020 | RHS- | C] () -- C:\win7.ld [2012.11.02 03:08:49 | 000,001,422 | ---- | C] () -- C:\Users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.02 03:02:03 | 2616,684,544 | -HS- | C] () -- C:\hiberfil.sys [2012.11.02 02:49:12 | 000,022,140 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2012.11.02 01:47:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.11.02 01:46:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.11.02 01:46:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.02 01:45:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.11.02 01:11:09 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2012.11.02 00:08:07 | 000,003,368 | ---- | C] () -- C:\Users\Scheuer\Desktop\Windows-Kompatibilitätsbericht.htm [2012.11.02 00:01:54 | 000,002,543 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.11.02 00:01:54 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml [2012.11.01 09:14:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.01 09:14:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.01 09:14:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.01 09:14:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.01 09:14:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.01 08:41:04 | 000,001,086 | ---- | C] () -- C:\Users\Scheuer\Documents\cc_20121101_084102.reg [2012.10.31 12:59:02 | 000,038,858 | ---- | C] () -- C:\Users\Scheuer\Documents\cc_20121031_125859.reg [2012.10.30 17:10:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2012.10.17 14:38:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf [2012.10.15 11:24:12 | 000,001,268 | ---- | C] () -- C:\Windows\NSECOL2.WIN [2012.10.09 10:29:03 | 000,716,810 | ---- | C] () -- C:\Windows\unins000.exe [2012.10.05 12:46:25 | 000,000,520 | ---- | C] () -- C:\Users\Public\Desktop\Vereins-Verwaltung.lnk [2012.09.03 13:10:18 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\SSShim8.dll [2012.08.22 15:01:26 | 000,000,094 | ---- | C] () -- C:\Windows\BBU.INI [2012.08.22 15:01:02 | 000,000,481 | ---- | C] () -- C:\Windows\BTI.INI [2012.08.22 15:00:49 | 000,100,864 | ---- | C] () -- C:\Windows\WDBUUI32.DLL [2012.08.22 15:00:49 | 000,065,536 | ---- | C] () -- C:\Windows\WDBUMK32.DLL [2012.08.22 15:00:48 | 000,320,512 | ---- | C] () -- C:\Windows\System32\W32MKDE.EXE [2012.08.22 15:00:48 | 000,110,080 | ---- | C] () -- C:\Windows\System32\W32MKRC.DLL [2012.08.22 15:00:48 | 000,101,888 | ---- | C] () -- C:\Windows\BUTIL.DLL [2012.08.22 15:00:48 | 000,053,248 | ---- | C] () -- C:\Windows\BUTIL.EXE [2012.08.22 15:00:48 | 000,041,472 | ---- | C] () -- C:\Windows\System32\r32.exe [2012.08.22 15:00:48 | 000,012,288 | ---- | C] () -- C:\Windows\System32\REGOCX32.EXE [2012.08.22 15:00:47 | 000,038,576 | ---- | C] () -- C:\Windows\System32\NWLOCALE.DLL [2012.08.09 14:18:44 | 000,000,084 | ---- | C] () -- C:\Users\Scheuer\axa-bt.ini [2012.07.04 12:37:58 | 000,000,064 | ---- | C] () -- C:\Users\Scheuer\btFrame.user [2012.07.03 17:07:15 | 000,000,426 | ---- | C] () -- C:\Windows\VICTORIA.INI [2012.06.27 17:10:16 | 000,000,697 | ---- | C] () -- C:\Windows\AdrBook.INI [2012.05.14 10:25:31 | 000,002,859 | ---- | C] () -- C:\Windows\HME_ISIS32E.INI [2012.05.09 03:28:25 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2012.04.24 11:55:31 | 000,000,345 | ---- | C] () -- C:\Users\Scheuer\AppData\Roaming\CASDruckstuecke.ini [2012.04.20 15:17:59 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys [2012.04.20 15:14:03 | 000,025,600 | ---- | C] () -- C:\Windows\System32\VADE232.DLL [2012.04.20 15:14:02 | 000,544,256 | ---- | C] () -- C:\Windows\System32\ChangeGraphics.dll [2012.03.13 14:01:12 | 000,029,567 | ---- | C] () -- C:\Windows\kubus.ini [2012.02.21 16:07:06 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2012.02.01 11:04:38 | 000,000,065 | ---- | C] () -- C:\Windows\BADENIA.INI [2012.01.16 17:42:12 | 009,387,008 | ---- | C] () -- C:\Users\Scheuer\Client.msi [2012.01.16 17:42:12 | 005,029,376 | ---- | C] () -- C:\Users\Scheuer\MUISetup_1031_i386.msi [2012.01.11 13:06:52 | 000,000,999 | ---- | C] () -- C:\Windows\BECCOLOR.INI [2012.01.09 13:49:08 | 000,000,343 | ---- | C] () -- C:\Users\Scheuer\SpawnCmd.js [2012.01.09 13:36:28 | 000,097,120 | ---- | C] () -- C:\Users\Scheuer\EnvironmentDiagnostics.chm [2012.01.09 13:36:28 | 000,007,452 | ---- | C] () -- C:\Users\Scheuer\Readme.htm [2011.12.19 13:38:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.11.29 13:39:03 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lbj.ini [2011.11.22 15:09:53 | 000,000,026 | ---- | C] () -- C:\Windows\AFORTSCH.INI [2011.11.10 11:03:45 | 000,317,440 | ---- | C] () -- C:\Windows\UninsVHV.exe [2011.11.10 10:44:21 | 000,016,974 | ---- | C] () -- C:\Windows\VFRAME32.INI [2011.11.09 10:56:52 | 000,000,103 | ---- | C] () -- C:\Windows\VHV_SicherungRuecksicherung.ini [2011.11.09 10:50:57 | 000,000,904 | ---- | C] () -- C:\Windows\VPMS.INI [2011.11.09 10:50:31 | 000,000,000 | ---- | C] () -- C:\Windows\VMAPO.DAT [2011.10.10 13:31:31 | 000,000,045 | ---- | C] () -- C:\Windows\MVOPT.INI [2011.10.10 13:31:30 | 000,000,006 | ---- | C] () -- C:\Windows\MV-CD.INI [2011.10.10 13:29:46 | 000,000,000 | ---- | C] () -- C:\Program Files\Version.ini [2011.09.29 14:11:03 | 000,104,651 | ---- | C] () -- C:\Users\Scheuer\OS_2001_nachtrag_78586240_20110721_023618.pdf [2011.09.13 09:41:14 | 000,000,331 | ---- | C] () -- C:\Windows\axabt.ini [2011.09.13 09:41:14 | 000,000,052 | ---- | C] () -- C:\Windows\axae.ini [2011.09.13 09:41:12 | 000,005,968 | ---- | C] () -- C:\Windows\alias.ini [2011.09.13 09:41:07 | 000,005,128 | ---- | C] () -- C:\Windows\vfrx.ini [2011.08.30 09:41:36 | 000,023,214 | ---- | C] () -- C:\Windows\unins000.dat [2011.08.25 13:47:30 | 000,255,848 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.08.08 10:04:57 | 000,001,572 | ---- | C] () -- C:\Windows\VFORTSCH.INI [2011.08.02 10:27:44 | 000,104,614 | ---- | C] () -- C:\Windows\arj.exe [2011.08.02 10:27:44 | 000,004,838 | ---- | C] () -- C:\Windows\gauss.ini [2011.07.27 16:12:23 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe [2011.07.27 16:12:23 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe [2011.07.27 12:42:31 | 000,000,185 | ---- | C] () -- C:\Users\Scheuer\AppData\Roaming\CASUpdateSkip.lst [2011.07.27 12:40:55 | 000,000,044 | ---- | C] () -- C:\Windows\VOPTCON.INI [2011.07.20 10:21:08 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.07.20 10:19:04 | 000,000,842 | ---- | C] () -- C:\Windows\VPL_Apps.ini [2011.07.20 10:18:53 | 000,000,395 | ---- | C] () -- C:\Windows\gsall.ini [2011.07.20 10:03:41 | 000,001,068 | ---- | C] () -- C:\Windows\DOCS.INI [2011.07.19 15:12:37 | 000,195,072 | ---- | C] () -- C:\Windows\System32\Msodeger.dll [2011.05.31 11:36:16 | 000,001,603 | ---- | C] () -- C:\Windows\CAF.INI [2011.05.31 11:36:16 | 000,000,429 | ---- | C] () -- C:\Windows\allianzl.ini [2011.05.31 11:35:13 | 000,003,213 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.05.31 11:35:13 | 000,002,470 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.31 11:32:40 | 000,012,338 | ---- | C] () -- C:\Windows\Tabaus.ini [2011.04.12 02:30:05 | 000,826,836 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 02:30:05 | 000,196,370 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.04.11 17:32:23 | 000,156,242 | ---- | C] () -- C:\Users\Scheuer\Tamer_Mahmoud.pdf [2011.02.09 16:24:42 | 000,000,358 | ---- | C] () -- C:\Windows\ktel.ini [2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.10.26 19:15:44 | 000,119,751 | ---- | C] () -- C:\Users\Scheuer\MSCRMClientEULA.rtf [2010.10.26 19:06:24 | 000,000,530 | ---- | C] () -- C:\Users\Scheuer\Default_Client_Config.xml [2010.09.08 16:52:28 | 000,015,679 | ---- | C] () -- C:\Users\Scheuer\invoice-10110095-o-140410-c-123219-d-20100908.pdf [2010.08.10 10:01:07 | 000,122,098 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle_Seite_1.jpg [2010.08.10 10:01:07 | 000,113,572 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle_Seite_2.jpg [2010.08.10 10:01:07 | 000,059,154 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle_Seite_3.jpg [2010.08.10 09:50:58 | 000,328,865 | ---- | C] () -- C:\Users\Scheuer\nacktes_päpstle.pdf [2010.08.05 12:16:24 | 004,233,414 | ---- | C] () -- C:\Users\Scheuer\hp_clj4600_handbuch.pdf [2010.07.07 14:05:33 | 017,780,906 | ---- | C] () -- C:\Users\Scheuer\BedienungsanleitungWebPortalBedienungsanleitungWebPortal.pdf [2010.05.31 11:59:31 | 000,103,403 | ---- | C] () -- C:\Users\Scheuer\roter Mohn.jpg [2010.05.31 11:59:12 | 000,125,985 | ---- | C] () -- C:\Users\Scheuer\Katze.jpg [2010.05.31 11:58:40 | 000,128,943 | ---- | C] () -- C:\Users\Scheuer\3 Pfingstrosen.jpg [2010.04.07 13:06:31 | 000,135,116 | ---- | C] () -- C:\Users\Scheuer\Widmann_EDV.pdf [2010.03.31 10:35:50 | 000,178,127 | ---- | C] () -- C:\Users\Scheuer\Dervisbegovic_Senija.pdf [2010.01.29 16:36:28 | 000,211,572 | ---- | C] () -- C:\Users\Scheuer\DVD_Label.jpg [2010.01.13 18:31:48 | 000,019,117 | ---- | C] () -- C:\Users\Scheuer\Intersky.mht [2010.01.07 12:32:07 | 000,349,313 | ---- | C] () -- C:\Users\Scheuer\Condor_Download_20100107_123157.zip [2010.01.05 19:03:31 | 000,042,931 | ---- | C] () -- C:\Users\Scheuer\WeiFei09_031.JPG [2009.11.12 14:39:54 | 000,567,191 | ---- | C] () -- C:\Users\Scheuer\Ausweis_2.jpg [2009.11.12 14:39:28 | 000,690,307 | ---- | C] () -- C:\Users\Scheuer\ausweis_1.jpg [2009.11.04 11:46:47 | 000,305,202 | ---- | C] () -- C:\Users\Scheuer\Daten & Gebühren UBS (LUX) KEY SELECTION SICAV - GLOBAL ALLOCATION (EUR) B Fonds A0B8QJ LU0197216558.mht [2009.11.03 18:41:38 | 000,095,376 | ---- | C] () -- C:\Users\Scheuer\Hitparade_2009.pdf [2009.06.22 13:41:40 | 000,048,226 | ---- | C] () -- C:\Users\Scheuer\PGGZVF_ 061.jpg [2009.06.09 12:14:41 | 000,052,668 | ---- | C] () -- C:\Users\Scheuer\Rechtsschutzversicherung.htm [2009.04.24 16:31:07 | 000,016,257 | ---- | C] () -- C:\Users\Scheuer\Adressbuch_2.ldif [2009.04.03 10:40:29 | 000,027,850 | ---- | C] () -- C:\Users\Scheuer\formular_rtf.rtf [2009.03.19 15:38:28 | 000,444,942 | ---- | C] () -- C:\Users\Scheuer\Aufnahmefähigkeit 001.jpg [2009.03.19 15:28:08 | 000,190,987 | ---- | C] () -- C:\Users\Scheuer\Meldebestätigung.jpg [2009.02.25 11:29:43 | 003,546,098 | ---- | C] () -- C:\Users\Scheuer\siemens_gigaset_c325.pdf [2009.02.16 12:34:20 | 000,032,893 | ---- | C] () -- C:\Users\Scheuer\iTunes Softwarelizenz.rtf [2009.02.11 15:27:09 | 015,768,645 | ---- | C] () -- C:\Users\Scheuer\iPhone_Benutzerhandbuch.pdf [2009.02.10 10:30:59 | 000,234,796 | ---- | C] () -- C:\Users\Scheuer\Google Maps.mht [2009.01.21 18:18:03 | 000,072,120 | ---- | C] () -- C:\Users\Scheuer\Anfahrtshilfe.jpg [2009.01.10 11:52:22 | 000,062,855 | ---- | C] () -- C:\Users\Scheuer\Vogelgrippe_Merkblatt_Wassersportler1.pdf [2009.01.10 11:52:21 | 002,508,528 | ---- | C] () -- C:\Users\Scheuer\SetupProKasse50.EXE [2009.01.10 11:52:21 | 000,138,192 | ---- | C] () -- C:\Users\Scheuer\SCHNEESCHUHPROFI-Tipps und Infos_pdf.htm [2009.01.10 11:52:21 | 000,090,933 | ---- | C] () -- C:\Users\Scheuer\Versicherungsbestätigung.pdf [2009.01.10 11:52:21 | 000,013,020 | ---- | C] () -- C:\Users\Scheuer\Quarta_Antonio_2.jpg [2009.01.10 11:52:21 | 000,000,604 | ---- | C] () -- C:\Users\Scheuer\privat.p7b [2009.01.10 11:52:20 | 005,272,954 | ---- | C] () -- C:\Users\Scheuer\neptun_27_Prospekt_neu_pdf.htm [2009.01.10 11:52:20 | 000,042,676 | ---- | C] () -- C:\Users\Scheuer\kfz_kaufvertrag.pdf [2009.01.10 11:52:20 | 000,002,304 | ---- | C] () -- C:\Users\Scheuer\LOCKFILE.dat [2009.01.10 11:52:20 | 000,000,000 | ---- | C] () -- C:\Users\Scheuer\PDVD_MediaDisc.PlayList [2009.01.10 11:52:19 | 002,768,896 | ---- | C] () -- C:\Users\Scheuer\kddat32_2006-08-07_15-25-18.mde [2009.01.10 11:52:19 | 001,228,918 | ---- | C] () -- C:\Users\Scheuer\Image.nrg [2009.01.10 11:52:19 | 000,955,771 | ---- | C] () -- C:\Users\Scheuer\ISO1.nri [2009.01.10 11:52:19 | 000,376,832 | ---- | C] () -- C:\Users\Scheuer\EVAAntragPatch.exe [2009.01.10 11:52:19 | 000,194,519 | ---- | C] () -- C:\Users\Scheuer\karte2_Allensbach.gif [2009.01.10 11:52:19 | 000,174,309 | R--- | C] () -- C:\Users\Scheuer\DSC01198_Föllmer9..JPG [2009.01.10 11:52:19 | 000,166,743 | ---- | C] () -- C:\Users\Scheuer\IMG_4155.JPG [2009.01.10 11:52:19 | 000,160,324 | ---- | C] () -- C:\Users\Scheuer\IMG_4156.JPG [2009.01.10 11:52:19 | 000,062,625 | ---- | C] () -- C:\Users\Scheuer\Geiselmann_2.jpg [2009.01.10 11:52:19 | 000,053,683 | ---- | C] () -- C:\Users\Scheuer\Bootszulassung1.jpg [2009.01.10 11:52:19 | 000,012,983 | ---- | C] () -- C:\Users\Scheuer\CVersicherungenCSoftworkVorschlag.pdf [2009.01.10 11:52:19 | 000,002,693 | ---- | C] () -- C:\Users\Scheuer\Einstel.xml [2009.01.09 12:49:57 | 000,000,027 | ---- | C] () -- C:\Users\Scheuer\version.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.09.16 15:18:53 | 012,874,752 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.02 02:27:51 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\1&1 Mail & Media GmbH [2012.11.02 02:27:51 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Ad-Aware Antivirus [2012.11.02 02:27:51 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\apkv [2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\AquaSoft [2011.12.02 15:49:24 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Ashampoo Slideshow Studio Elements [2011.12.02 14:47:34 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Burn4U [2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Byngo [2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\CodedColor [2012.11.02 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.04.05 16:35:20 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Elektra [2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Foxit Software [2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Fujitsu [2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Garmin [2012.11.02 02:28:33 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\HanseMerkurISAMA [2012.11.02 02:28:35 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\HartlauerFotoService3 [2012.11.02 02:28:35 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\IrfanView [2012.11.02 02:28:35 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\klickTel [2012.11.02 02:28:36 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\MAGIX [2012.11.02 02:28:43 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Motorola [2012.11.02 02:28:44 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Notepad++ [2012.11.02 02:28:44 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\PFU [2012.11.02 02:28:44 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\PhotoCleaner [2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Pixpedia Publisher [2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Runscanner.net [2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\RVWIN [2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\SiteRanker [2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\SQL Anywhere 11 [2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\SwissLife [2012.11.02 02:28:45 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\T-Online [2012.11.02 02:29:00 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\TeamViewer [2012.11.02 02:29:00 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\VHV [2012.06.25 09:33:14 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Windows Live Writer [2012.11.02 02:29:01 | 000,000,000 | ---D | M] -- C:\Users\Scheuer\AppData\Roaming\Zoner ========== Purity Check ========== < End of report > Hier der OTL Extras Logfile Code:
ATTFilter OTL Extras logfile created on: 02.11.2012 03:51:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Scheuer\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,77% Memory free
6,50 Gb Paging File | 4,75 Gb Available in Paging File | 73,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 292,97 Gb Total Space | 195,77 Gb Free Space | 66,82% Space Free | Partition Type: NTFS
Drive E: | 7,53 Gb Total Space | 1,42 Gb Free Space | 18,85% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 116,20 Gb Free Space | 67,25% Space Free | Partition Type: NTFS
Drive G: | 962,07 Mb Total Space | 484,32 Mb Free Space | 50,34% Space Free | Partition Type: FAT32
Computer Name: HAUPT-PC | User Name: Scheuer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039F9D0B-1C98-4C64-814C-9D26F7BCA855}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19A940B6-6851-4B49-AA92-A6EE1507FFF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FB7D58E-6F2E-4D17-AA48-6327C39237E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2020BF51-E221-4550-B055-D37CFB4E8673}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{319D0111-F4A7-4618-ACA5-3CFA7544B11C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31D8B164-EDFF-4A29-A8CA-D90389E4466D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{572CFD24-5A5A-495C-A3B6-F68FBFEC2EB5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7B110DD4-D586-4FE1-AD77-E7CCDA95DD9A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A13AA54C-AF4E-4D7C-AEFB-9D651FF532C2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A8D3BF54-D1DB-4988-8B3A-F709E3D3A6BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADA4B0DE-A358-48AC-A217-6658CA6CDF41}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF569B48-B5A8-4782-994C-F199808F91FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D407F147-3836-45B4-BF55-B0FBEDC0FCF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E0985840-0281-441A-A499-7B960708AFEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FECCAFED-91D1-41FD-82F6-9D9724BE2925}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010848A9-E178-4B55-AF0F-7C63D4D869AB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{085F3FB5-C6E7-4506-8B67-F471512D2729}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe |
"{093649AD-F5FF-411B-ACCD-526E80812041}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{126FE23E-3587-415D-B17A-60748A671428}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{130A7FD7-00C6-4F9F-B3BA-7DAE43EA8D8A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{162643AE-963B-48C7-9A47-67B4443FC7F8}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{18B3C4CA-6DFC-47B7-A278-4CF38483C194}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe |
"{1910BC65-2D75-432D-814F-511A1B8D98DD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{22F5C0FD-7210-44EE-BCFE-2486A837C806}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{2754EE62-A146-4128-9221-88EE6DED84C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A450943-9F79-4EF6-8C47-7E4EDC453894}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31999F69-4932-4E43-B809-E443C00F5E24}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{333E60CB-5104-489B-A8B6-75E97DB64577}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3EE622ED-6482-4E11-B66F-55AF32D9BA56}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{467A8882-A706-4F47-BB76-5C406DFBC8C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49C6A332-BAE0-48CE-83DE-915FDB799034}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{4A41FC8A-CBCF-4903-855A-33809E311816}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe |
"{4C3105AD-DA4E-4512-B13E-ED7BB179651E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{5468CDA1-F4DC-44D4-88E7-B9DBC60158B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5482D99C-3A4B-448B-BEC2-94858CC2C1FE}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{5AB3D55B-26F0-4A9C-B7D6-8C06D83BEBD1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5B016F55-5F64-4A87-87BE-8E9B6DA991C5}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{5D8E4E4D-E985-4BD1-A36C-CDBBC2B47CFD}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{5FB6C874-9CDE-474F-8C3D-C9B279BE010C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A681E1-C556-4A1B-899F-CCDED8F1E9AC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{688FA4B3-F5EC-4C31-9BD7-382B1EB4E88C}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{71AC7B92-B550-405D-8879-A9C80E8ACDD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7786C7C5-38AF-4DF9-A246-BBB6F426B79B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78222845-262E-4C4E-8883-5BCA858910EA}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{7D1638B9-8A32-4F90-BD6D-A91FD282CE01}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{8623013B-8D49-4F3F-88B5-3A8B0B928010}" = protocol=6 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{8B4D2771-6CFB-4C97-B6F8-0513E53640D3}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe |
"{9429C969-E3A8-46F6-B7EB-9B8A7F6B00B3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{9AC63C6E-EF60-406C-8C59-734908370281}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{9B413351-5600-4079-A8D1-33A6B2ECEEB9}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\jre\bin\java.exe |
"{9E14C388-82EC-40A6-A5AD-B13E4A7E2446}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{9EEA2C8A-E0CF-4B3F-9F3D-33B78FF9EBB6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A03ED4D6-8978-43C5-A232-BF2F6BBFA0DF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{AAB5F187-5556-4E89-BF9B-D803D215CBA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABB0B2C1-7AD4-4A35-AC6F-B7D26103D9CD}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{ACC34735-C8BC-4FE2-BA71-241E9D341E7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AECF5E17-E285-442C-B5FB-616708034E04}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{B43DEAFD-55E6-4F06-A1AF-F08A16A349CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B78E47E7-4FE4-4B8C-B0B6-DE7561C8D616}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe |
"{BB0BC0A2-42B4-4088-8CAE-DCFE4E355471}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB6096C9-21C0-4CCB-AC66-FC80B08D4640}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{BEEDCA98-1C2C-404D-8D27-610DD71A9DB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF887BAD-F690-4103-8C9E-39902A8435FE}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{C5B6B44D-2278-46E5-BA87-E372D7CBF4AE}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{C601E2E0-1BB2-40AB-B30D-64DEC44EA26D}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{C6955C60-9537-45EF-B9BE-D275A59D9B6E}" = protocol=6 | dir=out | app=system |
"{C8424C45-4A52-4B3C-9B2A-4E70BE2B1263}" = protocol=17 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{C88C0988-7CED-41F4-A123-B9838467926D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{D24B5DC5-5C13-4775-BBA9-98F468B19F8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D692402A-D835-4E91-BD70-F5FBBD9F0F8B}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{D7B7F914-1B16-4190-9D34-C85D40EC4060}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{DA33C63A-8F78-492E-A53B-660E3AF62694}" = protocol=6 | dir=in | app=c:\program files\vhv hannover\vpl_apps\versandzentrale\vhvkommunikationszentrale.exe |
"{E7654D6F-7A02-44CA-866B-92A7EEB20560}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E952B21A-92DC-43DE-BB17-07897DD6A358}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{F9B71874-E363-4A82-B48E-5B1C756B85E1}" = protocol=6 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe |
"{FAE19A7D-72FE-4B65-886E-68D2F9ED2E3D}" = protocol=17 | dir=in | app=f:\versicherungen\vhv\vhv tarifprogramm\vpl_apps\versandzentrale\jre\bin\javaw.exe |
"{FB5159E6-13A6-4168-87EC-01210AB4DB48}" = protocol=17 | dir=in | app=c:\vhv\vhv maklerverwaltungsprogramm\kommz\vhvmvpclient.exe |
"TCP Query User{A6186E83-E4E4-46D3-ABEF-FAD044E6F516}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C7AF121F-7EAF-4E90-9E32-929AABA9A730}F:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe" = protocol=6 | dir=in | app=f:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe |
"UDP Query User{8C17FDA2-2F46-4DF6-8558-38854A3C642C}F:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe" = protocol=17 | dir=in | app=f:\versicherungen\java\arag_jre1.5.0_19\bin\java.exe |
"UDP Query User{F4976A73-6FC9-4999-B3C0-578E45A3AC31}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1 Runtime
"{01FE12C6-DEEA-492F-86F9-DD94D8E5DC95}" = MAGIX Foto Premium 9
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02DDD716-E180-4367-9E18-576BD000EEFC}" = Swiss Life BeraterBüro
"{0340FC65-9ED5-42AF-9791-961F5AB154DA}" = CAP GEV Child
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{060c0bc3-df11-4bb3-8815-627c8c243fb0}.sdb" = MV-Makler-und-ADP
"{0712638F-559B-4F49-B8BE-BF3AAEE54A38}" = ScanSnap
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C524D20-0407-0050-8A9E-0C4C490E4E54}" = Microsoft Dynamics CRM 2011 für Microsoft Office Outlook
"{0C524DC1-0407-0050-8121-88490F4D5549}" = Microsoft Dynamics CRM 2011 Language Pack für German
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1269ED0D-BFDB-439D-988C-01AC2125FD10}" = Dialog Tarifprogramm
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{150F9D4D-F555-41BB-AF49-D9DA8F53A82D}" = KUBUS light ERGO
"{159EC8B7-6866-42BE-9CC6-46E7FC2A9A73}" = TransSELEKT
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{17E7B2A7-5724-4512-ACAF-C8A8A7B31587}" = MAGIX Speed 2 (MSI)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24C4AC5A-67A4-4E1D-B30C-8C7A01712607}" = RSA SecurID Software Token
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{26FA3721-E325-44DE-8318-6FA434F2A064}" = CardMinder V4.0
"{280E91D7-BBA8-42A2-8F45-00FD89E454B0}_is1" = HanseMerkur ISA Service Extensions
"{2A0FC4FF-8818-4648-A4F2-93D16DB3EF29}" = Updateservice GEV
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (KIS)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{383217E3-8F0C-4B85-92B5-6B579A52B0F1}" = AOWin2010
"{383217E3-8F0C-4B85-92B5-6B579A52B0FC}" = AOWin2010
"{39D6D822-4BB4-46D5-90C8-8C1E5837CEBD}" = klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{49C1A51C-7A09-49AE-9447-90D3945FC6A7}" = MAGIX Screenshare
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E266E5D-F9A6-4AF4-9431-679CF35C25AD}" = Moreba GEV
"{4E8026BF-F024-44D4-8299-3F4694636825}" = ScanSoft PDF Converter 3.0
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{53CFF9B1-4ED7-4114-8ECF-ADD13BC8AC57}" = VHV RECOMAX
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{54FA5000-9FF8-47D5-BF65-4A17BE040242}" = klickTel Telefon- und Branchenbuch + Rückwärtssuche Herbst 2010
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AE34761-0D70-4E9A-BF4B-BE366D9E0478}" = ElektrALight
"{5F8F65CC-787E-4DD6-95ED-07DF214DBDB3}" = trixiKfz
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{602A58C3-BDF2-4B8A-B9D3-B6D9BACA386A}" = Dir-It!
"{61ED7FB5-495E-4BA7-B4EA-D8E0077353FE}_is1" = Power Druckstudio Gold 1
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6474E823-3AB2-FFE2-08B2-D1AF0DA1AAA7}" = myphotobook.de
"{6481496E-555D-4BE5-83F2-55C6C2851A48}" = Beratungsprotokolle
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C12B6BF-3891-497B-B5CA-3D64DA093947}" = Motorola Mobile Drivers Installation 5.4.0
"{6DD40B68-1851-4BBD-AED6-CD82CB884735}" = Moreba
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E5410F7-6FDF-412D-B3D5-9EC985F8FEF4}" = Generali Tarifierungen Gev
"{6E75A7A0-DA88-4F78-8068-2DE42ECBB91E}" = WebKIS Offline
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142100}" = Java 2 Runtime Environment, SE v1.4.2_10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B29AA98-B40C-4D6B-A15B-B6A00D71F133}" = Abgeltungsteuer GEV
"{7EB65C13-CFDC-4312-97B7-92AFBFC2AA18}" = VHV Maklerverwaltungsprogramm
"{832BFF4E-B65C-4AF0-AA0E-52A64705C5F6}" = MAGIX Xtreme Grafik Designer 5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8393592A-B977-489E-8C78-84E19DE9FE21}" = MAGIX 3D Maker (embedded MSI)
"{83B34C33-5337-4EA9-A886-04D63F486861}" = Stufenmodell GEV
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85530EE5-B265-4F84-BD2A-DE2BBBC990B7}" = Beratungsprogramme W&W-Konzern
"{859258F8-3F00-4335-BBD5-318F17369012}" = MAGIX Online Druck Service
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{891F6136-6540-495D-95D9-703DA7EDE3AD}" = SDK - Angebotsprogramm
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6BB58D-82A9-4FC7-B65F-A4EA87A4C138}" = Microsoft Online Services-Anmeldeassistent
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8D86B3AE-F744-4F97-ADDD-6B13345C62FF}_is1" = VorsorgePLANER
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EFC9E98-A218-4D83-BFC5-5E67E318767F}" = GEV Excelloesungen
"{A2397CA0-C472-46CC-83CD-EE54CE2A2117}" = Vera Kompas GEV
"{A31AB657-D929-4B80-A2B2-45E03902A3DD}" = InterRisk WinRisk 4.9.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC2E0432-9092-42F8-B4C2-E95DF8ADE82C}" = VHV-Tarifprogramm
"{AC2F9FCC-170E-4B0B-84AB-7307A373570F}" = RSA Smart Card Middleware 3.5
"{AC63EF8A-ABE1-79BB-F8B3-06C06BCA8B3C}" = HanseMerkur ISA Makler
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADA12202-A22B-445D-987F-D4CFADA12202}" = VIA-P
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8381511-3832-4449-B33A-763931D2590B}" = BB-Euro-Tarifrechner
"{B8777FFC-165B-4DDE-B60B-AD5533D9EAD3}" = AquaSoft PhotoKalender 3
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BBF0B1C3-EEC1-4AA6-916B-126E895A46D8}" = Fujitsu NetCOBOL Free Run-time
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 Redistributable
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C821456C-43B2-4A7E-B3E3-BB24DE58705A}" = MEAG-Angebotssoftware
"{C8320AEC-2E97-4C78-81EC-43CF6D248B01}" = Microsoft XML Parser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7D48A0-CB2A-4293-8C41-68A116430BE9}" = AXA Beratungstechnologie
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DE5CF410-90B1-4963-ABC3-C23289E52255}" = Angebots Msi
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A69F09-B3A1-4E4B-AB8F-16B94981A67B}" = Geldgeschenke DruckShop
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{ED7BE5AA-4E2D-4030-95BA-6CCA4BFABB03}" = BEG-Rechner GEV
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFA462DC-DF28-49B4-A82B-D47D2A94AB1E}" = ELBE SL
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DA699A-5279-49F2-AC5C-1BA58B3CC613}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDC7BD51-0E41-4743-A843-41055F0BCB61}" = FIT GEV
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF0F7090-18DC-43ED-8A3F-F04DBAEC5600}" = Beraterplatz GEV
"{FF460B05-3F84-4A44-886A-13DA143C7C26}" = ScanSnap Organizer
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"812A5AC8-50DA-43D8-B36E-30CDD7FCCAA1_is1" = Outlook Backup Assistant 5 (Vollversion)
"ABACUS" = ABACUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.20
"AquaSoft PhotoKalender 3" = AquaSoft PhotoKalender 3
"ASC Easy Updater_is1" = ASC Easy Update auf Version 4.5.0
"ASC Easy_is1" = ASC Easy 3.9.3
"CCleaner" = CCleaner
"CleverPrint_is1" = CleverPrint
"CodedColor_is1" = CodedColor FotoStudio 2010, 6.1.2
"CONDOR Angebotssystem" = CONDOR Angebotssystem
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DB_Firebird 1.5.0.4306" = DB_Firebird 1.5.0.4306
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"E38B2136962D21A7BDE5AAC98CD1C6EA6B6D0687" = Windows-Treiberpaket - Microsoft (USBCCID) SmartCardReader (05/17/2005 5.2.3790.2444)
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0
"Generali Versicherungen Beratungssoftware" = Generali Versicherungen Beratungssoftware
"GEWA KVRATIO" = GEWA KVRATIO
"GEWA KV-Rational" = GEWA KV-Rational
"GSPDEINSTALL" = Gothaer Softwarepaket, komplette Deinstallation
"HanseMerkurISAMA" = HanseMerkur ISA Makler
"HanseMerkur-Tarife" = HanseMerkur-Tarife
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HartlauerFotoService3_is1" = Direkt Foto System 3.x
"Helvetia Porta" = Helvetia Porta
"InstallShield_{150F9D4D-F555-41BB-AF49-D9DA8F53A82D}" = KUBUS light ERGO
"InstallShield_{B2023017-DEE4-44F7-8A71-CA6084BF534C}" = Brother P-touch Address Book 1.1
"InstallShield_{BBF0B1C3-EEC1-4AA6-916B-126E895A46D8}" = Fujitsu NetCOBOL Free Run-time
"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.4.0
"LAN-Fax Dienstprogramme" = LAN-Fax Dienstprogramme
"MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX Foto Premium 9
"MAGIX_MSI_XtremeGrafik5" = MAGIX Xtreme Grafik Designer 5
"MailStore Home_universal1" = MailStore Home 5.0.1.6919
"Maitre" = Maitre
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft CRM Client" = Microsoft Dynamics CRM 2011 für Microsoft Office Outlook
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MKVWin_XX-X_is1" = MKVWin 12-1
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"MUENCHENER VEREIN" = MÜNCHENER VEREIN Software-Service
"PhotoCleaner" = PhotoCleaner
"pixpedia-de_is1" = Pixpedia Publisher 3.1.1
"POLARIS" = POLARIS
"PROPLUS" = Microsoft Office Professional Plus 2007
"R:BASE 76 Runtime for VV" = Vereins-Verwaltung
"RV-Win" = RV-Win
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SQLAnywhere11" = SQLAnywhere11
"Swiss Life EVA" = Swiss Life EVA
"TeamViewer 7" = TeamViewer 7
"VIA-P 12.20" = VIA-P 12.20
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"YTdetect" = Yahoo! Detect
"ZonerPhotoStudio12_DE_is1" = Zoner Photo Studio 12
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"KS-Win 2008" = KS-Win 2008
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 03.08.2012 03:59:00 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 03.08.2012 03:59:02 | Computer Name = Haupt-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 07.08.2012 13:36:17 | Computer Name = Haupt-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 12.0.6661.5003 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1224 Startzeit: 01cd74c228e37cdd Endzeit: 15 Anwendungspfad:
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Berichts-ID: 53acf146-e0b6-11e1-b540-002215263d69
Error - 08.08.2012 04:27:13 | Computer Name = Haupt-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16447 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 15b4 Startzeit: 01cd753f43653bdc Endzeit: 15 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
[ OSession Events ]
Error - 01.06.2011 05:33:16 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16.11.2011 12:47:14 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17972
seconds with 420 seconds of active time. This session ended with a crash.
Error - 08.12.2011 08:54:44 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5452
seconds with 60 seconds of active time. This session ended with a crash.
Error - 22.12.2011 12:11:12 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 426
seconds with 60 seconds of active time. This session ended with a crash.
Error - 06.06.2012 12:28:28 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1314
seconds with 360 seconds of active time. This session ended with a crash.
Error - 13.08.2012 05:49:46 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2772
seconds with 240 seconds of active time. This session ended with a crash.
Error - 07.09.2012 11:19:20 | Computer Name = Haupt-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.11.2012 22:02:14 | Computer Name = Haupt-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 01.11.2012 22:02:14 | Computer Name = Haupt-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 01.11.2012 22:03:41 | Computer Name = Haupt-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KLIM6
Error - 01.11.2012 22:08:31 | Computer Name = Haupt-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
Error - 01.11.2012 22:14:17 | Computer Name = Haupt-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 01.11.2012 22:14:17 | Computer Name = Haupt-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 01.11.2012 22:15:25 | Computer Name = Haupt-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
KLIM6
Error - 01.11.2012 22:34:39 | Computer Name = Haupt-PC | Source = DCOM | ID = 10010
Description =
Error - 01.11.2012 22:34:44 | Computer Name = Haupt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80080005 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2731847)
Error - 01.11.2012 22:34:57 | Computer Name = Haupt-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Updaterollup 11 für Microsoft Dynamics CRM 2011
für Outlook (KB2739504)
< End of report >
|
|
02.11.2012, 17:21
| #2 |
| | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um Leider habe ich keine Bearbeitungsfunktion hier deshalb der Nachtrag hier.
__________________Gmer LOg Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-02 15:06:19
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.CC46
Running: h3vibotv.exe; Driver: C:\Users\Scheuer\AppData\Local\Temp\kwloipoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x91DA80C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x91D5BD66]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x91D5C0AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x91D5C4F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x91D4479E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x91D5BA40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x91D44D16]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x91D44BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x91D5BF12]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x91DAAF2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x91D44E36]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x91DAA3C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x91DAA604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x91DAA068]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x91D5BFE0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x91DA9F0E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x91D447E2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x91DA8204]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x91DA7E6C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x91DAAD26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x91D5A1D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x91D44DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x91D44C8C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x91DA9AB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x91DAB1D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x91D44ECC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x91DAA120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x91D44F56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x91D5A3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x91DAABDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x91D5C2D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x91D5C166]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePortEx [0x91D5C21C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x91D5C348]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x91DAA906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x91D5BBCE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x91DAAA62]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x91D44FF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x91DA7F76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x91DA9C56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x91DAA7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x91D4500A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x91DA9DB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x91DAA2C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x91DAB340]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x91DAB06A]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackComplete + 1415 830539E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308D452 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 830944AC 4 Bytes [C2, 80, DA, 91] {RET 0xda80; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 830944D4 8 Bytes [66, BD, D5, 91, AE, C0, D5, ...] {MOV BP, 0x91d5; SCASB ; RCL CH, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83094518 4 Bytes [F4, C4, D5, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83094544 4 Bytes [9E, 47, D4, 91] {SAHF ; INC EDI; AAM 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 83094568 4 Bytes [40, BA, D5, 91]
.text ...
.text C:\Windows\system32\drivers\SSHDRV86.sys section is writeable [0x84354000, 0x26354, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV86.sys entry point in ".pklstb" section [0x84389000]
.relo2 C:\Windows\system32\drivers\SSHDRV86.sys unknown last section [0x843A0000, 0x8E, 0x42000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92A03000, 0x2D5378, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B944C000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B944C123 629 Bytes [75, 44, B9, FE, 05, 34, 75, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B944C399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B944C3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B944C4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 klkbdflt.sys (KLKBDFLT Keyboard Device Filter [fre_wlh_x86]/Kaspersky Lab)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 klkbdflt.sys (KLKBDFLT Keyboard Device Filter [fre_wlh_x86]/Kaspersky Lab)
Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys (Network filtering component/Kaspersky Lab)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
02.11.2012, 17:44
| #3 | |
| /// Malware-holic   | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis umCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
02.11.2012, 18:12
| #4 |
| | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um Der Combofix Log: Code:
ATTFilter ComboFix 12-10-31.03 - Scheuer 02.11.2012 18:00:35.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3327.1896 [GMT 1:00]
ausgeführt von:: c:\users\Scheuer\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-02 bis 2012-11-02 ))))))))))))))))))))))))))))))
.
.
2012-11-02 17:07 . 2012-11-02 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 02:33 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 02:32 . 2012-08-30 17:06 3972464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-02 02:32 . 2012-08-30 17:06 3917168 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-02 02:32 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-11-02 02:06 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-02 02:06 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-11-02 02:06 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-02 02:06 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-11-02 02:05 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-11-02 02:05 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-11-02 02:05 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-11-02 02:01 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-02 02:01 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-11-02 01:43 . 2012-11-02 01:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-11-02 00:49 . 2012-11-02 02:06 -------- d-----w- c:\users\Scheuer
2012-11-02 00:47 . 2012-11-02 02:21 -------- d-sh--w- c:\windows\Installer
2012-11-02 00:46 . 2012-11-02 00:46 0 ----a-w- c:\windows\ativpsrm.bin
2012-11-02 00:45 . 2012-11-02 00:45 -------- d-----w- c:\windows\system32\RTCOM
2012-11-02 00:45 . 2012-11-02 00:45 -------- d-----w- c:\program files\Realtek
2012-11-02 00:40 . 2012-11-02 02:50 -------- d-----w- c:\windows\Panther
2012-11-02 00:29 . 2012-11-02 01:52 -------- d-----w- C:\$WINDOWS.~Q
2012-11-02 00:19 . 2012-11-02 00:24 -------- d-----w- C:\$INPLACE.~TR
2012-11-01 22:22 . 2012-11-02 02:18 -------- d-----w- c:\program files\Unlocker
2012-11-01 21:14 . 2012-11-02 01:06 -------- d-----w- c:\programdata\Sophos
2012-10-31 13:50 . 2011-09-22 16:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$CRM-sqlctr10.3.5500.0.dll
2012-10-31 13:50 . 2011-09-22 16:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2012-10-31 12:48 . 2012-11-02 01:06 -------- d-----w- c:\programdata\Malwarebytes
2012-10-31 12:05 . 2012-11-02 01:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-31 12:05 . 2012-11-02 01:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-31 11:32 . 2012-11-02 01:06 -------- d-----w- c:\windows\ELAMBKUP
2012-10-31 11:23 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-25 13:56 . 2012-11-02 01:06 -------- d--h--w- c:\windows\$CrmUninstallKB2739504_Mui_1031$
2012-10-09 09:29 . 2012-10-09 09:28 716810 ----a-w- c:\windows\unins000.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-31 12:14 . 2012-07-25 13:53 25944 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-10-31 12:14 . 2012-05-25 18:38 25944 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-10-15 11:28 . 2012-03-30 07:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-15 11:28 . 2011-07-12 11:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-16 19:25 . 2012-05-10 10:49 421376 ----a-w- c:\windows\system32\W7TRunOnce.exe
2012-09-16 14:21 . 2012-09-16 14:21 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-16 14:20 . 2012-09-16 14:20 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-16 14:20 . 2012-09-16 14:20 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-16 14:20 . 2012-09-16 14:20 1306992 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-16 14:20 . 2012-09-16 14:20 400896 ----a-w- c:\windows\system32\srcore.dll
2012-09-16 14:20 . 2012-09-16 14:20 2354176 ----a-w- c:\windows\system32\win32k.sys
2012-09-16 14:19 . 2012-09-16 14:19 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-09-16 14:19 . 2012-09-16 14:19 1236480 ----a-w- c:\windows\system32\msxml3.dll
2012-09-16 14:19 . 2012-09-16 14:19 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-16 14:19 . 2012-09-16 14:19 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-16 14:19 . 2012-09-16 14:19 769024 ----a-w- c:\windows\system32\localspl.dll
2012-09-16 14:19 . 2012-09-16 14:19 41984 ----a-w- c:\windows\system32\browcli.dll
2012-09-16 14:19 . 2012-09-16 14:19 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-16 14:19 . 2012-09-16 14:19 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-09-16 14:18 . 2012-09-16 14:18 142336 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-16 14:18 . 2012-09-16 14:18 1160192 ----a-w- c:\windows\system32\crypt32.dll
2012-09-16 14:18 . 2012-09-16 14:18 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-31 13:35 . 2012-08-31 13:35 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 13:35 . 2011-11-09 09:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-23 15:51 . 2012-11-02 08:37 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2012-08-23 07:15 . 2012-07-11 07:27 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E09D951-A790-49D6-A5ED-13F634A59E6C}\mpengine.dll
2012-08-21 11:01 . 2012-09-17 11:14 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-03-31 19:32 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-13 17:24 . 2012-08-13 17:24 75096 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-08-13 15:49 . 2012-08-13 15:49 144344 ----a-w- c:\windows\system32\drivers\kneps.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-08-17 218880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"PDF3 Registry Controller"="c:\program files\ScanSoft\PDF Converter 3.0\\RegistryController.exe" [2005-04-26 106496]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2009-06-22 864768]
"RSA Card Conversion Utility"="c:\program files\Common Files\RSA Shared\RSA Card Conversion Utility\RSACardConversionUtility.exe" [2010-08-27 3499728]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder\CardLauncher.exe [2011-7-20 77824]
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2011-7-27 3520000]
In PDF-Datei mit ScanSnap Organizer konvertieren.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2011-7-20 15360]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2011-7-20 1146880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AmyuniOptionen.lnk]
backup=c:\windows\pss\AmyuniOptionen.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AmyuniOptionen.lnk
.
[HKLM\~\startupfolder\C:^Users^Scheuer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Password Safe.lnk]
backup=c:\windows\pss\Password Safe.lnk.Startup
backupExtension=.Startup
path=c:\users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
.
[HKLM\~\startupfolder\C:^Users^Scheuer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk]
backup=c:\windows\pss\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk.Startup
backupExtension=.Startup
path=c:\users\Scheuer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch + Rückwärtssuche Herbst 2011 - Schnellstarter.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISA Service Extensions]
javaw -Xmx30m -jar [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2012-07-27 20:51 1261512 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection]
2012-08-29 06:37 802448 ----a-w- f:\program files\FUJIFILM\MyFinePix Studio\dd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-26 09:57 116648 ----atw- c:\users\Scheuer\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray"]
2008-11-12 17:39 4442624 ----a-w- c:\program files\CodedColor\byngo.exe
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 ARAGHSQL;ARAGHSQL;f:\versicherungen\DB\ABACUS\fp\HsqlService.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 WinRiskXAServiceHandler;InterRisk WinRisk Dienststeuerung;f:\versicherungen\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MSSQL$CRM;SQL Server (CRM);c:\program files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\sqlservr.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRiskXAAppService;InterRisk WinRisk Anwendungsdienst;f:\versicherungen\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$CRM;SQL Server-Agent (CRM);c:\program files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [x]
S1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ApacheTomcatKLV;Apache Tomcat KLV;f:\versicherungen\WebKIS\Tomcat\bin\tomcat5.exe [x]
S2 BserverDienst;BserverDienst;f:\versic~1\KOSYMA\UPDATE\BSERVER3.EXE [x]
S2 CrmSqlStartupSvc;SQL Server (CRM) - Herunterfahren bei Bedarf;c:\program files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 MSSQL$KIS;SQL Server (KIS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 WinRiskXASoftwareUpdate;InterRisk WinRisk Softwareaktualisierung;f:\versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CDFS
*NewlyCreated* - KWLOIPOC
*Deregistered* - kwloipoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
GPSvcGroup REG_MULTI_SZ GPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:28]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 15:26]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-21 15:26]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000Core.job
- c:\users\Scheuer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 09:57]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2099175409-3244923250-3961599458-1000UA.job
- c:\users\Scheuer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-06 09:57]
.
2012-11-02 c:\windows\Tasks\sgugfj.job
- c:\windows\system32\SSShim8.dll [2012-09-03 12:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://nachrichten.t-online.de/
uInternet Settings,ProxyOverride = *.local;192.168.*.*
Trusted Zone: vhv.de\maxnet
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{253A9CB9-9CF4-4CB4-A6C9-48ED5393596E}: DhcpNameServer = 193.189.244.225 193.189.244.206
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-02 18:09:44
ComboFix-quarantined-files.txt 2012-11-02 17:09
ComboFix2.txt 2012-11-01 09:22
ComboFix3.txt 2012-11-01 08:25
.
Vor Suchlauf: 16 Verzeichnis(se), 209.349.083.136 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 209.427.152.896 Bytes frei
.
- - End Of File - - F115829EB2A0B45E96DADB371546095E
|
|
02.11.2012, 18:21
| #5 |
| /// Malware-holic | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.11.2012, 19:38
| #6 |
| | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um Hier nun der gewünschte Logauszug von TDSS Code:
ATTFilter 19:34:16.0086 4564 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:34:16.0102 4564 ============================================================
19:34:16.0102 4564 Current date / time: 2012/11/02 19:34:16.0102
19:34:16.0102 4564 SystemInfo:
19:34:16.0102 4564
19:34:16.0102 4564 OS Version: 6.1.7601 ServicePack: 1.0
19:34:16.0102 4564 Product type: Workstation
19:34:16.0102 4564 ComputerName: HAUPT-PC
19:34:16.0102 4564 UserName: Scheuer
19:34:16.0102 4564 Windows directory: C:\Windows
19:34:16.0102 4564 System windows directory: C:\Windows
19:34:16.0102 4564 Processor architecture: Intel x86
19:34:16.0102 4564 Number of processors: 4
19:34:16.0102 4564 Page size: 0x1000
19:34:16.0102 4564 Boot type: Normal boot
19:34:16.0102 4564 ============================================================
19:34:17.0116 4564 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:34:17.0131 4564 Drive \Device\Harddisk5\DR5 - Size: 0x3C3FFE00 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:34:17.0131 4564 ============================================================
19:34:17.0131 4564 \Device\Harddisk0\DR0:
19:34:17.0131 4564 MBR partitions:
19:34:17.0131 4564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x249F0000
19:34:17.0131 4564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x15995000
19:34:17.0131 4564 \Device\Harddisk5\DR5:
19:34:17.0131 4564 MBR partitions:
19:34:17.0131 4564 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E1FC0
19:34:17.0131 4564 ============================================================
19:34:17.0131 4564 C: <-> \Device\Harddisk0\DR0\Partition1
19:34:17.0162 4564 F: <-> \Device\Harddisk0\DR0\Partition2
19:34:17.0162 4564 ============================================================
19:34:17.0162 4564 Initialize success
19:34:17.0162 4564 ============================================================
19:34:35.0274 5540 ============================================================
19:34:35.0274 5540 Scan started
19:34:35.0274 5540 Mode: Manual; SigCheck; TDLFS;
19:34:35.0274 5540 ============================================================
19:34:35.0711 5540 ================ Scan system memory ========================
19:34:35.0711 5540 System memory - ok
19:34:35.0711 5540 ================ Scan services =============================
19:34:35.0851 5540 [ 7620228D6EAB9051DB6ABE642102CDE9 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:34:35.0945 5540 1394ohci - ok
19:34:35.0960 5540 [ D5F452175080B23CAAAF9C9ED5AF8FA2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:34:35.0992 5540 ACPI - ok
19:34:36.0007 5540 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:34:36.0038 5540 AcpiPmi - ok
19:34:36.0132 5540 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:34:36.0148 5540 AdobeARMservice - ok
19:34:36.0210 5540 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:34:36.0210 5540 AdobeFlashPlayerUpdateSvc - ok
19:34:36.0241 5540 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:34:36.0257 5540 adp94xx - ok
19:34:36.0288 5540 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:34:36.0319 5540 adpahci - ok
19:34:36.0319 5540 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:34:36.0335 5540 adpu320 - ok
19:34:36.0366 5540 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:34:36.0428 5540 AeLookupSvc - ok
19:34:36.0444 5540 [ 0D65AA891AAB268C5705ED0618B0BF3B ] AFD C:\Windows\system32\drivers\afd.sys
19:34:36.0506 5540 AFD - ok
19:34:36.0506 5540 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:34:36.0522 5540 agp440 - ok
19:34:36.0553 5540 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:34:36.0569 5540 aic78xx - ok
19:34:36.0600 5540 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:34:36.0616 5540 ALG - ok
19:34:36.0647 5540 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:34:36.0662 5540 aliide - ok
19:34:36.0678 5540 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:34:36.0709 5540 AMD External Events Utility - ok
19:34:36.0740 5540 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:34:36.0756 5540 amdagp - ok
19:34:36.0756 5540 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:34:36.0772 5540 amdide - ok
19:34:36.0787 5540 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:34:36.0818 5540 AmdK8 - ok
19:34:36.0818 5540 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:34:36.0865 5540 AmdPPM - ok
19:34:36.0865 5540 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:34:36.0881 5540 amdsata - ok
19:34:36.0881 5540 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:34:36.0896 5540 amdsbs - ok
19:34:36.0912 5540 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:34:36.0928 5540 amdxata - ok
19:34:37.0006 5540 ApacheTomcatKLV - ok
19:34:37.0037 5540 [ 980896CA52F356FDAB84B2A2E3765036 ] AppID C:\Windows\system32\drivers\appid.sys
19:34:37.0084 5540 AppID - ok
19:34:37.0115 5540 [ D9C145E24EDA42885461F6DA3191318B ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:34:37.0146 5540 AppIDSvc - ok
19:34:37.0162 5540 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:34:37.0193 5540 Appinfo - ok
19:34:37.0271 5540 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:34:37.0286 5540 Apple Mobile Device - ok
19:34:37.0333 5540 [ E40EB79789C91987CB73287205F0944E ] AppMgmt C:\Windows\System32\appmgmts.dll
19:34:37.0364 5540 AppMgmt - ok
19:34:37.0427 5540 [ C3075617DB699CDC9184A02AFD4D7928 ] ARAGHSQL F:\Versicherungen\DB\ABACUS\fp\HsqlService.exe
19:34:37.0458 5540 ARAGHSQL ( UnsignedFile.Multi.Generic ) - warning
19:34:37.0458 5540 ARAGHSQL - detected UnsignedFile.Multi.Generic (1)
19:34:37.0489 5540 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
19:34:37.0505 5540 arc - ok
19:34:37.0520 5540 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:34:37.0536 5540 arcsas - ok
19:34:37.0630 5540 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:34:37.0645 5540 aspnet_state - ok
19:34:37.0661 5540 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:37.0708 5540 AsyncMac - ok
19:34:37.0739 5540 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:34:37.0739 5540 atapi - ok
19:34:37.0848 5540 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:34:37.0988 5540 atikmdag - ok
19:34:38.0020 5540 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:34:38.0066 5540 AudioEndpointBuilder - ok
19:34:38.0082 5540 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:34:38.0098 5540 Audiosrv - ok
19:34:38.0144 5540 AVP - ok
19:34:38.0160 5540 [ 06C6E8F88E79E01C883043E25B99DB43 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:34:38.0191 5540 AxInstSV - ok
19:34:38.0223 5540 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
19:34:38.0285 5540 b06bdrv - ok
19:34:38.0301 5540 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:34:38.0316 5540 b57nd60x - ok
19:34:38.0363 5540 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:34:38.0394 5540 BDESVC - ok
19:34:38.0425 5540 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:34:38.0472 5540 Beep - ok
19:34:38.0503 5540 [ 6344F74CC26745D8FDABAF14ED368F98 ] BFE C:\Windows\System32\bfe.dll
19:34:38.0550 5540 BFE - ok
19:34:38.0581 5540 [ 12E5FDCF55D50A194CF462E462A609B7 ] BITS C:\Windows\system32\qmgr.dll
19:34:38.0628 5540 BITS - ok
19:34:38.0644 5540 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:34:38.0659 5540 blbdrive - ok
19:34:38.0706 5540 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:34:38.0722 5540 Bonjour Service - ok
19:34:38.0737 5540 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:34:38.0769 5540 bowser - ok
19:34:38.0784 5540 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:34:38.0815 5540 BrFiltLo - ok
19:34:38.0815 5540 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:34:38.0847 5540 BrFiltUp - ok
19:34:38.0893 5540 [ DF0EDEB9A131E0310FB97F46EF3ED887 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:34:38.0909 5540 BridgeMP - ok
19:34:38.0956 5540 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:34:38.0987 5540 Browser - ok
19:34:39.0003 5540 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:34:39.0081 5540 Brserid - ok
19:34:39.0096 5540 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:34:39.0159 5540 BrSerWdm - ok
19:34:39.0174 5540 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:34:39.0205 5540 BrUsbMdm - ok
19:34:39.0205 5540 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:34:39.0268 5540 BrUsbSer - ok
19:34:39.0330 5540 [ 9FB9523B87C4B671D16E24A736E7E491 ] BserverDienst F:\VERSIC~1\KOSYMA\UPDATE\BSERVER3.EXE
19:34:39.0361 5540 BserverDienst ( UnsignedFile.Multi.Generic ) - warning
19:34:39.0361 5540 BserverDienst - detected UnsignedFile.Multi.Generic (1)
19:34:39.0377 5540 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:34:39.0408 5540 BTHMODEM - ok
19:34:39.0455 5540 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:34:39.0502 5540 bthserv - ok
19:34:39.0580 5540 [ 8059475F9CA375BC8191F8FB72D329A6 ] c2wts C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
19:34:39.0595 5540 c2wts - ok
19:34:39.0689 5540 catchme - ok
19:34:39.0705 5540 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:34:39.0767 5540 cdfs - ok
19:34:39.0798 5540 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:34:39.0814 5540 cdrom - ok
19:34:39.0861 5540 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:34:39.0892 5540 CertPropSvc - ok
19:34:39.0907 5540 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
19:34:39.0954 5540 circlass - ok
19:34:39.0970 5540 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:34:40.0001 5540 CLFS - ok
19:34:40.0048 5540 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:34:40.0063 5540 clr_optimization_v2.0.50727_32 - ok
19:34:40.0079 5540 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:34:40.0095 5540 clr_optimization_v4.0.30319_32 - ok
19:34:40.0110 5540 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:34:40.0141 5540 CmBatt - ok
19:34:40.0141 5540 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:34:40.0157 5540 cmdide - ok
19:34:40.0188 5540 [ 905C054B3F2048585F2BC0F1428F7CC1 ] CNG C:\Windows\system32\Drivers\cng.sys
19:34:40.0204 5540 CNG - ok
19:34:40.0219 5540 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:34:40.0235 5540 Compbatt - ok
19:34:40.0251 5540 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:34:40.0266 5540 CompositeBus - ok
19:34:40.0297 5540 COMSysApp - ok
19:34:40.0297 5540 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:34:40.0313 5540 crcdisk - ok
19:34:40.0360 5540 [ 02769C8EFF729AFEA7DB14AE04394741 ] CrmSqlStartupSvc C:\Program Files\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
19:34:40.0375 5540 CrmSqlStartupSvc - ok
19:34:40.0407 5540 [ 063DD65889D21035311463337BD268E7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:34:40.0438 5540 CryptSvc - ok
19:34:40.0485 5540 [ A940BDC503EC07D1EE38974ECE317848 ] CSC C:\Windows\system32\drivers\csc.sys
19:34:40.0516 5540 CSC - ok
19:34:40.0531 5540 [ BE704B0D4868DC74EED29B31E4654D62 ] CscService C:\Windows\System32\cscsvc.dll
19:34:40.0594 5540 CscService - ok
19:34:40.0641 5540 [ 27968DD510E8957FFACC607EFF55E710 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:34:40.0672 5540 DcomLaunch - ok
19:34:40.0719 5540 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:34:40.0750 5540 defragsvc - ok
19:34:40.0765 5540 [ 46E2CC1725A7AC07E4328143150A09CD ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:34:40.0781 5540 DfsC - ok
19:34:40.0812 5540 [ 82FE16FF11F679BF3DEB3C4422553CC1 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:34:40.0843 5540 Dhcp - ok
19:34:40.0890 5540 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:34:40.0937 5540 discache - ok
19:34:40.0968 5540 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
19:34:40.0984 5540 Disk - ok
19:34:41.0015 5540 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:34:41.0062 5540 dmvsc - ok
19:34:41.0093 5540 [ C941FD3429EA406D14266F671EC5B4A7 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:34:41.0109 5540 Dnscache - ok
19:34:41.0124 5540 [ DCAD2BDC526AE53BEED47BEAD703D144 ] dot3svc C:\Windows\System32\dot3svc.dll
19:34:41.0155 5540 dot3svc - ok
19:34:41.0155 5540 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:34:41.0202 5540 DPS - ok
19:34:41.0233 5540 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:34:41.0265 5540 drmkaud - ok
19:34:41.0296 5540 [ FFA118F8CB32B2A11CE1D174A036A84E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:34:41.0327 5540 DXGKrnl - ok
19:34:41.0327 5540 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:34:41.0389 5540 EapHost - ok
19:34:41.0452 5540 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
19:34:41.0545 5540 ebdrv - ok
19:34:41.0561 5540 [ 7ABC23F3D86880AD62ACEDC7479608F8 ] EFS C:\Windows\System32\lsass.exe
19:34:41.0608 5540 EFS - ok
19:34:41.0655 5540 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:34:41.0686 5540 ehRecvr - ok
19:34:41.0686 5540 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:34:41.0701 5540 ehSched - ok
19:34:41.0733 5540 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:34:41.0764 5540 elxstor - ok
19:34:41.0764 5540 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:34:41.0795 5540 ErrDev - ok
19:34:41.0826 5540 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:34:41.0873 5540 EventSystem - ok
19:34:41.0873 5540 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:34:41.0904 5540 exfat - ok
19:34:41.0935 5540 Fabs - ok
19:34:41.0951 5540 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:34:41.0967 5540 fastfat - ok
19:34:41.0998 5540 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:34:42.0029 5540 Fax - ok
19:34:42.0060 5540 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
19:34:42.0076 5540 fdc - ok
19:34:42.0107 5540 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:34:42.0123 5540 fdPHost - ok
19:34:42.0138 5540 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:34:42.0185 5540 FDResPub - ok
19:34:42.0185 5540 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:34:42.0201 5540 FileInfo - ok
19:34:42.0216 5540 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:34:42.0232 5540 Filetrace - ok
19:34:42.0279 5540 FirebirdGuardianDefaultInstance - ok
19:34:42.0294 5540 FirebirdServerDefaultInstance - ok
19:34:42.0357 5540 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:34:42.0466 5540 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:34:42.0466 5540 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:34:42.0481 5540 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:34:42.0528 5540 flpydisk - ok
19:34:42.0544 5540 [ 03ED8FA583B4C1F59B04F10DC83DDC7B ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:34:42.0559 5540 FltMgr - ok
19:34:42.0591 5540 [ 9ABCE4FA55985CB4093C54D57C644CB6 ] FontCache C:\Windows\system32\FntCache.dll
19:34:42.0622 5540 FontCache - ok
19:34:42.0700 5540 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:34:42.0715 5540 FontCache3.0.0.0 - ok
19:34:42.0715 5540 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:34:42.0731 5540 FsDepends - ok
19:34:42.0762 5540 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:34:42.0778 5540 fssfltr - ok
19:34:42.0871 5540 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:34:42.0918 5540 fsssvc - ok
19:34:42.0934 5540 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:34:42.0949 5540 Fs_Rec - ok
19:34:42.0965 5540 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:34:42.0981 5540 fvevol - ok
19:34:42.0996 5540 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:34:43.0012 5540 gagp30kx - ok
19:34:43.0027 5540 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:34:43.0043 5540 GEARAspiWDM - ok
19:34:43.0074 5540 [ 2A1920E7C5FFF62E91CE4F2243DB7AC8 ] gpsvc C:\Windows\System32\gpsvc.dll
19:34:43.0105 5540 gpsvc - ok
19:34:43.0152 5540 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:34:43.0168 5540 gupdate - ok
19:34:43.0183 5540 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:34:43.0199 5540 gupdatem - ok
19:34:43.0215 5540 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:34:43.0246 5540 hcw85cir - ok
19:34:43.0293 5540 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:34:43.0324 5540 HdAudAddService - ok
19:34:43.0355 5540 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:34:43.0371 5540 HDAudBus - ok
19:34:43.0386 5540 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:34:43.0417 5540 HidBatt - ok
19:34:43.0417 5540 [ 72B8842C548A9584329690867FCA8B0E ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:34:43.0433 5540 HidBth - ok
19:34:43.0464 5540 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:34:43.0495 5540 HidIr - ok
19:34:43.0527 5540 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:34:43.0573 5540 hidserv - ok
19:34:43.0589 5540 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:34:43.0620 5540 HidUsb - ok
19:34:43.0651 5540 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:34:43.0683 5540 hkmsvc - ok
19:34:43.0714 5540 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:34:43.0745 5540 HomeGroupListener - ok
19:34:43.0776 5540 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:34:43.0807 5540 HomeGroupProvider - ok
19:34:43.0807 5540 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:34:43.0823 5540 HpSAMD - ok
19:34:43.0839 5540 [ DFD092DC681FBA85FC682F2D2E56160E ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:34:43.0870 5540 HTTP - ok
19:34:43.0901 5540 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:34:43.0917 5540 hwpolicy - ok
19:34:43.0948 5540 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:34:43.0995 5540 i8042prt - ok
19:34:43.0995 5540 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:34:44.0026 5540 iaStorV - ok
19:34:44.0073 5540 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:34:44.0104 5540 idsvc - ok
19:34:44.0119 5540 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:34:44.0135 5540 iirsp - ok
19:34:44.0213 5540 [ E3E1031E97C839B1870EF9534CFEB437 ] IKEEXT C:\Windows\System32\ikeext.dll
19:34:44.0275 5540 IKEEXT - ok
19:34:44.0353 5540 [ 3914EA9111DBEFFAF1C68200817768AD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:34:44.0400 5540 IntcAzAudAddService - ok
19:34:44.0416 5540 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:34:44.0431 5540 intelide - ok
19:34:44.0447 5540 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:34:44.0478 5540 intelppm - ok
19:34:44.0494 5540 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:34:44.0525 5540 IPBusEnum - ok
19:34:44.0541 5540 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:34:44.0572 5540 IpFilterDriver - ok
19:34:44.0587 5540 [ 64C0A43DD93DDC4AAF43E5FAE750C933 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:34:44.0650 5540 iphlpsvc - ok
19:34:44.0650 5540 [ EB4072E6A7A48195DC0169B810B9F33A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:34:44.0665 5540 IPMIDRV - ok
19:34:44.0681 5540 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:34:44.0712 5540 IPNAT - ok
19:34:44.0759 5540 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:34:44.0775 5540 iPod Service - ok
19:34:44.0806 5540 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:34:44.0837 5540 IRENUM - ok
19:34:44.0837 5540 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:34:44.0853 5540 isapnp - ok
19:34:44.0884 5540 [ 50D75CC08023FA6EDE9CFCBD634625FE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:34:44.0899 5540 iScsiPrt - ok
19:34:44.0899 5540 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:34:44.0915 5540 kbdclass - ok
19:34:44.0931 5540 [ B14B8FCC1921AF53A10F06F93AB618B1 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:34:44.0962 5540 kbdhid - ok
19:34:44.0977 5540 [ 7ABC23F3D86880AD62ACEDC7479608F8 ] KeyIso C:\Windows\system32\lsass.exe
19:34:44.0993 5540 KeyIso - ok
19:34:45.0040 5540 [ EA26CB00F83686856F2C79673C00C686 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:34:45.0055 5540 KL1 - ok
19:34:45.0087 5540 [ 654BDF113971B6DFAEA21D5554EBF5F6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:34:45.0102 5540 KLIF - ok
19:34:45.0118 5540 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:34:45.0133 5540 KLIM6 - ok
19:34:45.0149 5540 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
19:34:45.0165 5540 klkbdflt - ok
19:34:45.0165 5540 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:34:45.0180 5540 klmouflt - ok
19:34:45.0196 5540 [ B20DB17BC4E54B78EAB16D15B058E75B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
19:34:45.0211 5540 kltdi - ok
19:34:45.0227 5540 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
19:34:45.0243 5540 kneps - ok
19:34:45.0258 5540 [ 4B39E0E306D64BA64FFBB5AB956486E9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:34:45.0274 5540 KSecDD - ok
19:34:45.0289 5540 [ 05D11BAA7B4650045967BE9F426B5531 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:34:45.0305 5540 KSecPkg - ok
19:34:45.0352 5540 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:34:45.0383 5540 KtmRm - ok
19:34:45.0414 5540 [ C3C8CB3F570A109B732858A96C40D1CD ] LanmanServer C:\Windows\System32\srvsvc.dll
19:34:45.0430 5540 LanmanServer - ok
19:34:45.0461 5540 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:34:45.0492 5540 LanmanWorkstation - ok
19:34:45.0523 5540 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:34:45.0555 5540 lltdio - ok
19:34:45.0586 5540 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:34:45.0617 5540 lltdsvc - ok
19:34:45.0648 5540 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:34:45.0679 5540 lmhosts - ok
19:34:45.0711 5540 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:34:45.0711 5540 LSI_FC - ok
19:34:45.0726 5540 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:34:45.0742 5540 LSI_SAS - ok
19:34:45.0742 5540 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:34:45.0757 5540 LSI_SAS2 - ok
19:34:45.0757 5540 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:34:45.0773 5540 LSI_SCSI - ok
19:34:45.0789 5540 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:34:45.0820 5540 luafv - ok
19:34:45.0851 5540 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:34:45.0867 5540 Mcx2Svc - ok
19:34:45.0929 5540 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:34:45.0960 5540 MDM ( UnsignedFile.Multi.Generic ) - warning
19:34:45.0960 5540 MDM - detected UnsignedFile.Multi.Generic (1)
19:34:45.0960 5540 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
19:34:45.0976 5540 megasas - ok
19:34:45.0976 5540 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:34:45.0991 5540 MegaSR - ok
19:34:46.0023 5540 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:34:46.0069 5540 MMCSS - ok
19:34:46.0085 5540 [ C6A81F138F297CC7E653EFC059CCA033 ] Modem C:\Windows\system32\drivers\modem.sys
19:34:46.0101 5540 Modem - ok
19:34:46.0116 5540 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:34:46.0147 5540 monitor - ok
19:34:46.0210 5540 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
19:34:46.0225 5540 MotoHelper - ok
19:34:46.0225 5540 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:34:46.0241 5540 mouclass - ok
19:34:46.0241 5540 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:34:46.0288 5540 mouhid - ok
19:34:46.0288 5540 [ 3B0F90FD9FD067B20E8D3BFDBB6FF912 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:34:46.0303 5540 mountmgr - ok
19:34:46.0303 5540 [ C14576C87486D5BA3ADCF3ECA2E80DB1 ] mpio C:\Windows\system32\drivers\mpio.sys
19:34:46.0319 5540 mpio - ok
19:34:46.0335 5540 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:34:46.0366 5540 mpsdrv - ok
19:34:46.0397 5540 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:34:46.0444 5540 MpsSvc - ok
19:34:46.0459 5540 [ 77D010F1A510C8E4E9914A86B4C68458 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:34:46.0475 5540 MRxDAV - ok
19:34:46.0475 5540 [ DBD8F643222A629395783B6A3EFD4EAE ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:34:46.0506 5540 mrxsmb - ok
19:34:46.0522 5540 [ 3F7B802290BFD3CDAF7E4B0A18AA008B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:34:46.0537 5540 mrxsmb10 - ok
19:34:46.0537 5540 [ 9DCB1966A6D7E3AD749D0537A3184B14 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:34:46.0569 5540 mrxsmb20 - ok
19:34:46.0569 5540 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:34:46.0584 5540 msahci - ok
19:34:46.0615 5540 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:34:46.0647 5540 MSCamSvc - ok
19:34:46.0647 5540 [ 60B7B332BB86C4F313C7D4CF8D3A830C ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:34:46.0662 5540 msdsm - ok
19:34:46.0678 5540 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:34:46.0709 5540 MSDTC - ok
19:34:46.0725 5540 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:34:46.0787 5540 Msfs - ok
19:34:46.0803 5540 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:34:46.0849 5540 mshidkmdf - ok
19:34:46.0849 5540 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:34:46.0865 5540 msisadrv - ok
19:34:46.0912 5540 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:34:46.0959 5540 MSiSCSI - ok
19:34:46.0959 5540 msiserver - ok
19:34:46.0974 5540 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:34:47.0021 5540 MSKSSRV - ok
19:34:47.0146 5540 [ 49AAB9D55319DB55A7D36167656D412A ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
19:34:47.0208 5540 msoidsvc - ok
19:34:47.0224 5540 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:34:47.0286 5540 MSPCLOCK - ok
19:34:47.0302 5540 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:34:47.0364 5540 MSPQM - ok
19:34:47.0364 5540 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:34:47.0380 5540 MsRPC - ok
19:34:47.0395 5540 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:34:47.0411 5540 mssmbios - ok
19:34:47.0458 5540 MSSQL$CRM - ok
19:34:47.0489 5540 MSSQL$KIS - ok
19:34:47.0505 5540 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:34:47.0536 5540 MSSQLServerADHelper - ok
19:34:47.0567 5540 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:34:47.0583 5540 MSSQLServerADHelper100 - ok
19:34:47.0614 5540 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:34:47.0645 5540 MSTEE - ok
19:34:47.0661 5540 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:34:47.0676 5540 MTConfig - ok
19:34:47.0676 5540 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:34:47.0692 5540 Mup - ok
19:34:47.0739 5540 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:34:47.0801 5540 napagent - ok
19:34:47.0817 5540 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:34:47.0863 5540 NativeWifiP - ok
19:34:47.0895 5540 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:34:47.0926 5540 NDIS - ok
19:34:47.0926 5540 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:34:47.0988 5540 NdisCap - ok
19:34:47.0988 5540 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:34:48.0019 5540 NdisTapi - ok
19:34:48.0035 5540 [ DD00ADE51669B76AC8354C46DC6DC64F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:34:48.0051 5540 Ndisuio - ok
19:34:48.0051 5540 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:34:48.0082 5540 NdisWan - ok
19:34:48.0097 5540 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:34:48.0113 5540 NDProxy - ok
19:34:48.0129 5540 [ FD11D0337C976512D15CD10E409976D6 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:34:48.0144 5540 NetBIOS - ok
19:34:48.0144 5540 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:34:48.0175 5540 NetBT - ok
19:34:48.0191 5540 [ 7ABC23F3D86880AD62ACEDC7479608F8 ] Netlogon C:\Windows\system32\lsass.exe
19:34:48.0207 5540 Netlogon - ok
19:34:48.0253 5540 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:34:48.0285 5540 Netman - ok
19:34:48.0300 5540 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0316 5540 NetMsmqActivator - ok
19:34:48.0316 5540 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0331 5540 NetPipeActivator - ok
19:34:48.0347 5540 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:34:48.0394 5540 netprofm - ok
19:34:48.0409 5540 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0425 5540 NetTcpActivator - ok
19:34:48.0425 5540 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:34:48.0441 5540 NetTcpPortSharing - ok
19:34:48.0456 5540 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:34:48.0472 5540 nfrd960 - ok
19:34:48.0487 5540 [ BA635034BD496B0993253528F54BE3AF ] NlaSvc C:\Windows\System32\nlasvc.dll
19:34:48.0519 5540 NlaSvc - ok
19:34:48.0519 5540 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:34:48.0550 5540 Npfs - ok
19:34:48.0565 5540 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:34:48.0597 5540 nsi - ok
19:34:48.0597 5540 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:34:48.0628 5540 nsiproxy - ok
19:34:48.0690 5540 [ E6C295C6F8E639957235FEE1D95077F4 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:34:48.0737 5540 Ntfs - ok
19:34:48.0753 5540 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:34:48.0784 5540 Null - ok
19:34:48.0784 5540 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:34:48.0799 5540 nvraid - ok
19:34:48.0815 5540 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:34:48.0831 5540 nvstor - ok
19:34:48.0831 5540 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:34:48.0846 5540 nv_agp - ok
19:34:48.0893 5540 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:34:48.0924 5540 odserv - ok
19:34:48.0924 5540 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:34:48.0955 5540 ohci1394 - ok
19:34:48.0987 5540 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:34:49.0002 5540 ose - ok
19:34:49.0033 5540 [ 38BEA463EF49BC314C1167E5246E48A9 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:34:49.0049 5540 p2pimsvc - ok
19:34:49.0080 5540 [ A664AFCAC636466AFBE7C16F9841A4BA ] p2psvc C:\Windows\system32\p2psvc.dll
19:34:49.0096 5540 p2psvc - ok
19:34:49.0127 5540 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
19:34:49.0158 5540 Parport - ok
19:34:49.0158 5540 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:34:49.0174 5540 partmgr - ok
19:34:49.0174 5540 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:34:49.0189 5540 Parvdm - ok
19:34:49.0205 5540 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:34:49.0221 5540 PcaSvc - ok
19:34:49.0221 5540 [ DA44648628669E69433DB1D8D56FDAD0 ] pci C:\Windows\system32\drivers\pci.sys
19:34:49.0236 5540 pci - ok
19:34:49.0252 5540 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:34:49.0252 5540 pciide - ok
19:34:49.0267 5540 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:34:49.0283 5540 pcmcia - ok
19:34:49.0283 5540 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:34:49.0299 5540 pcw - ok
19:34:49.0314 5540 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:34:49.0392 5540 PEAUTH - ok
19:34:49.0423 5540 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:34:49.0470 5540 PeerDistSvc - ok
19:34:49.0533 5540 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:34:49.0611 5540 pla - ok
19:34:49.0657 5540 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:34:49.0673 5540 PlugPlay - ok
19:34:49.0720 5540 [ 75CF9DE0A67AF916ED591743DFB69694 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:34:49.0735 5540 Pml Driver HPZ12 - ok
19:34:49.0735 5540 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:34:49.0782 5540 PNRPAutoReg - ok
19:34:49.0782 5540 [ 38BEA463EF49BC314C1167E5246E48A9 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:34:49.0798 5540 PNRPsvc - ok
19:34:49.0845 5540 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:34:49.0891 5540 PolicyAgent - ok
19:34:49.0891 5540 [ C388D42C7DBC680E1431A7723FC1475A ] Power C:\Windows\system32\umpo.dll
19:34:49.0907 5540 Power - ok
19:34:49.0954 5540 [ 114878150AE786B29F89E861D99CF2DF ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:34:49.0985 5540 PptpMiniport - ok
19:34:50.0032 5540 [ 0264B15F628C8C7DBF439FD7AB4108F5 ] Printer Control C:\Windows\system32\PrintCtrl.exe
19:34:50.0047 5540 Printer Control ( UnsignedFile.Multi.Generic ) - warning
19:34:50.0047 5540 Printer Control - detected UnsignedFile.Multi.Generic (1)
19:34:50.0079 5540 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
19:34:50.0094 5540 Processor - ok
19:34:50.0125 5540 [ F74950D2C7297B23D925D90E936DA17F ] ProfSvc C:\Windows\system32\profsvc.dll
19:34:50.0141 5540 ProfSvc - ok
19:34:50.0172 5540 [ 7ABC23F3D86880AD62ACEDC7479608F8 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:34:50.0188 5540 ProtectedStorage - ok
19:34:50.0203 5540 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:34:50.0266 5540 Psched - ok
19:34:50.0297 5540 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:34:50.0344 5540 ql2300 - ok
19:34:50.0359 5540 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:34:50.0375 5540 ql40xx - ok
19:34:50.0406 5540 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:34:50.0437 5540 QWAVE - ok
19:34:50.0437 5540 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:34:50.0453 5540 QWAVEdrv - ok
19:34:50.0469 5540 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:34:50.0500 5540 RasAcd - ok
19:34:50.0531 5540 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:34:50.0562 5540 RasAgileVpn - ok
19:34:50.0562 5540 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:34:50.0609 5540 RasAuto - ok
19:34:50.0609 5540 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:34:50.0640 5540 Rasl2tp - ok
19:34:50.0671 5540 [ 836151267FDDA2F251B8E897E6A82B6C ] RasMan C:\Windows\System32\rasmans.dll
19:34:50.0703 5540 RasMan - ok
19:34:50.0718 5540 [ C4AACCECA39AF598DCDB3D9304067569 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:34:50.0781 5540 RasPppoe - ok
19:34:50.0796 5540 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:34:50.0812 5540 RasSstp - ok
19:34:50.0827 5540 [ 70067A39615441AB248CEBDDA9894F14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:34:50.0843 5540 rdbss - ok
19:34:50.0859 5540 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:34:50.0874 5540 rdpbus - ok
19:34:50.0874 5540 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:34:50.0905 5540 RDPCDD - ok
19:34:50.0937 5540 [ 7F881C6D3781CAB9C0E15595BB8696BE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:34:50.0952 5540 RDPDR - ok
19:34:50.0968 5540 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:34:51.0015 5540 RDPENCDD - ok
19:34:51.0015 5540 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:34:51.0061 5540 RDPREFMP - ok
19:34:51.0093 5540 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:34:51.0124 5540 RdpVideoMiniport - ok
19:34:51.0124 5540 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:34:51.0155 5540 RDPWD - ok
19:34:51.0186 5540 [ B39424595C95C3A0AA6B5913EB207276 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:34:51.0202 5540 rdyboost - ok
19:34:51.0217 5540 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:34:51.0233 5540 RemoteAccess - ok
19:34:51.0264 5540 [ 2C4D75089532F9E95A4C9A549901DA03 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:34:51.0280 5540 RemoteRegistry - ok
19:34:51.0295 5540 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:34:51.0342 5540 RpcEptMapper - ok
19:34:51.0358 5540 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:34:51.0405 5540 RpcLocator - ok
19:34:51.0420 5540 [ 27968DD510E8957FFACC607EFF55E710 ] RpcSs C:\Windows\system32\rpcss.dll
19:34:51.0436 5540 RpcSs - ok
19:34:51.0467 5540 [ 6A7360E36CBD636972AEEF0DD292A946 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
19:34:51.0483 5540 RsFx0105 - ok
19:34:51.0514 5540 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:34:51.0561 5540 rspndr - ok
19:34:51.0576 5540 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:34:51.0623 5540 RTL8167 - ok
19:34:51.0639 5540 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:34:51.0670 5540 s3cap - ok
19:34:51.0717 5540 [ 7ABC23F3D86880AD62ACEDC7479608F8 ] SamSs C:\Windows\system32\lsass.exe
19:34:51.0748 5540 SamSs - ok
19:34:51.0763 5540 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:34:51.0779 5540 sbp2port - ok
19:34:51.0795 5540 [ 4E9B73E60D128E2703EC6E7EA066BB32 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:34:51.0841 5540 SCardSvr - ok
19:34:51.0841 5540 [ 12784CF1B1E9C3540CC7C83324965277 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:34:51.0857 5540 scfilter - ok
19:34:51.0888 5540 [ 245FAD6606F86739A30056F65124CC0F ] Schedule C:\Windows\system32\schedsvc.dll
19:34:51.0935 5540 Schedule - ok
19:34:51.0966 5540 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:34:51.0982 5540 SCPolicySvc - ok
19:34:51.0982 5540 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:34:52.0029 5540 SDRSVC - ok
19:34:52.0044 5540 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:34:52.0075 5540 secdrv - ok
19:34:52.0107 5540 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:34:52.0153 5540 seclogon - ok
19:34:52.0169 5540 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:34:52.0200 5540 SENS - ok
19:34:52.0231 5540 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:34:52.0263 5540 SensrSvc - ok
19:34:52.0263 5540 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:34:52.0278 5540 Serenum - ok
19:34:52.0294 5540 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
19:34:52.0309 5540 Serial - ok
19:34:52.0325 5540 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:34:52.0356 5540 sermouse - ok
19:34:52.0372 5540 [ 53A7E48B21399EBE73E199298DC7A435 ] SessionEnv C:\Windows\system32\sessenv.dll
19:34:52.0403 5540 SessionEnv - ok
19:34:52.0403 5540 [ 443DF3806153CBC2D130AEF3D957E65D ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:34:52.0434 5540 sffdisk - ok
19:34:52.0434 5540 [ 9833AC87D04B23A01E00F5FD34F95DC6 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:34:52.0450 5540 sffp_mmc - ok
19:34:52.0450 5540 [ 23F738EE587C23F54AB03992281C66C4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:34:52.0465 5540 sffp_sd - ok
19:34:52.0481 5540 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:34:52.0497 5540 sfloppy - ok
19:34:52.0528 5540 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:34:52.0575 5540 SharedAccess - ok
19:34:52.0606 5540 [ C99E91D09029514F07586307A75A95A6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:34:52.0637 5540 ShellHWDetection - ok
19:34:52.0653 5540 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:34:52.0653 5540 sisagp - ok
19:34:52.0684 5540 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:34:52.0699 5540 SiSRaid2 - ok
19:34:52.0699 5540 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:34:52.0715 5540 SiSRaid4 - ok
19:34:52.0746 5540 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:34:52.0762 5540 SkypeUpdate - ok
19:34:52.0762 5540 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:34:52.0809 5540 Smb - ok
19:34:52.0855 5540 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:34:52.0871 5540 SNMPTRAP - ok
19:34:52.0887 5540 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:34:52.0887 5540 spldr - ok
19:34:52.0918 5540 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:34:52.0949 5540 Spooler - ok
19:34:53.0011 5540 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:34:53.0105 5540 sppsvc - ok
19:34:53.0105 5540 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:34:53.0136 5540 sppuinotify - ok
19:34:53.0167 5540 [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$CRM C:\Program Files\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\SQLAGENT.EXE
19:34:53.0183 5540 SQLAgent$CRM - ok
19:34:53.0214 5540 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:34:53.0230 5540 SQLBrowser - ok
19:34:53.0230 5540 [ 135CDCCC167EF0C250125BBD3ABE18D5 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:34:53.0245 5540 SQLWriter - ok
19:34:53.0277 5540 [ 4680DAC0AC358FB578112074DE80107D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:34:53.0308 5540 srv - ok
19:34:53.0323 5540 [ E2664B16EB05353AA98DD9566AD3038F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:34:53.0339 5540 srv2 - ok
19:34:53.0355 5540 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:34:53.0370 5540 srvnet - ok
19:34:53.0386 5540 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:34:53.0417 5540 SSDPSRV - ok
19:34:53.0464 5540 [ B9E31F2A3640403B0EA3A867BB73B9F4 ] SSHDRV86 C:\Windows\system32\drivers\SSHDRV86.sys
19:34:53.0479 5540 SSHDRV86 ( UnsignedFile.Multi.Generic ) - warning
19:34:53.0479 5540 SSHDRV86 - detected UnsignedFile.Multi.Generic (1)
19:34:53.0495 5540 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:34:53.0526 5540 SstpSvc - ok
19:34:53.0542 5540 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:34:53.0542 5540 stexstor - ok
19:34:53.0573 5540 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:34:53.0620 5540 StiSvc - ok
19:34:53.0651 5540 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:34:53.0667 5540 storflt - ok
19:34:53.0682 5540 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:34:53.0698 5540 storvsc - ok
19:34:53.0698 5540 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:34:53.0713 5540 swenum - ok
19:34:53.0729 5540 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:34:53.0791 5540 swprv - ok
19:34:53.0823 5540 [ 16E7642DA4BACCCD7696B326CAA84870 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
19:34:53.0838 5540 Synth3dVsc - ok
19:34:53.0854 5540 [ ED3177B14DB39CD26CF7EE7E077BB6A2 ] SysMain C:\Windows\system32\sysmain.dll
19:34:53.0916 5540 SysMain - ok
19:34:53.0916 5540 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:34:53.0947 5540 TabletInputService - ok
19:34:53.0947 5540 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:34:53.0994 5540 TapiSrv - ok
19:34:54.0010 5540 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:34:54.0057 5540 TBS - ok
19:34:54.0088 5540 [ 23790A44D9A6B67F8690C34D4F516446 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:34:54.0150 5540 Tcpip - ok
19:34:54.0181 5540 [ 23790A44D9A6B67F8690C34D4F516446 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:34:54.0213 5540 TCPIP6 - ok
19:34:54.0213 5540 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:34:54.0275 5540 tcpipreg - ok
19:34:54.0275 5540 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:34:54.0322 5540 TDPIPE - ok
19:34:54.0322 5540 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:34:54.0337 5540 TDTCP - ok
19:34:54.0353 5540 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:34:54.0369 5540 tdx - ok
19:34:54.0462 5540 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:34:54.0509 5540 TeamViewer7 - ok
19:34:54.0509 5540 [ F876F2E430A131C560EFB54868780F76 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:34:54.0525 5540 TermDD - ok
19:34:54.0556 5540 [ E951866BAC5A23403F62A349EDBB6EEB ] terminpt C:\Windows\system32\drivers\terminpt.sys
19:34:54.0587 5540 terminpt - ok
19:34:54.0618 5540 [ 5EA32D4B3F9D6FE6D8C6F2D64F6F63A2 ] TermService C:\Windows\System32\termsrv.dll
19:34:54.0649 5540 TermService - ok
19:34:54.0649 5540 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:34:54.0696 5540 Themes - ok
19:34:54.0727 5540 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:34:54.0759 5540 THREADORDER - ok
19:34:54.0774 5540 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:34:54.0805 5540 TrkWks - ok
19:34:54.0852 5540 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:34:54.0915 5540 TrustedInstaller - ok
19:34:54.0946 5540 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:34:55.0008 5540 tssecsrv - ok
19:34:55.0024 5540 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:34:55.0039 5540 TsUsbFlt - ok
19:34:55.0055 5540 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:34:55.0071 5540 TsUsbGD - ok
19:34:55.0102 5540 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
19:34:55.0117 5540 tsusbhub - ok
19:34:55.0117 5540 [ 76EC22B5A725EFE8EFF52AE73C432F2D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:34:55.0133 5540 tunnel - ok
19:34:55.0149 5540 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:34:55.0164 5540 uagp35 - ok
19:34:55.0164 5540 [ AD2BD1109F007E77E27EE687DBBA5FF9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:34:55.0180 5540 udfs - ok
19:34:55.0211 5540 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:34:55.0242 5540 UI0Detect - ok
19:34:55.0273 5540 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:34:55.0273 5540 uliagpkx - ok
19:34:55.0289 5540 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:34:55.0320 5540 umbus - ok
19:34:55.0320 5540 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
19:34:55.0351 5540 UmPass - ok
19:34:55.0383 5540 [ 975E7C6239E6A832CB1CD08146FD5FD0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:34:55.0429 5540 UmRdpService - ok
19:34:55.0476 5540 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:34:55.0523 5540 upnphost - ok
19:34:55.0554 5540 [ 23AA81848A0A9C57D7303C2B71C6A2A9 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
19:34:55.0585 5540 usbccgp - ok
19:34:55.0601 5540 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:34:55.0617 5540 usbcir - ok
19:34:55.0617 5540 [ 1CBB8701CEEE0BA8AC90608763733050 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:34:55.0648 5540 usbehci - ok
19:34:55.0679 5540 [ A770F00F52FA097595C4EBEC664D71EB ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:34:55.0710 5540 usbhub - ok
19:34:55.0710 5540 [ 19DFE9AF0C11CF1077DE112133F3ED20 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:34:55.0726 5540 usbohci - ok
19:34:55.0726 5540 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:34:55.0757 5540 usbprint - ok
19:34:55.0757 5540 [ 24F536FBDDEB63454D4136060AA148FE ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:34:55.0788 5540 USBSTOR - ok
19:34:55.0788 5540 [ 016AA313748044D0FF75D80AAA6A7A45 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:34:55.0804 5540 usbuhci - ok
19:34:55.0835 5540 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:34:55.0882 5540 UxSms - ok
19:34:55.0897 5540 [ 7ABC23F3D86880AD62ACEDC7479608F8 ] VaultSvc C:\Windows\system32\lsass.exe
19:34:55.0913 5540 VaultSvc - ok
19:34:55.0929 5540 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:34:55.0944 5540 vdrvroot - ok
19:34:55.0991 5540 [ BBBC319CFA02DC814EC424F6428AA22C ] vds C:\Windows\System32\vds.exe
19:34:56.0053 5540 vds - ok
19:34:56.0100 5540 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:34:56.0116 5540 vga - ok
19:34:56.0131 5540 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:34:56.0163 5540 VgaSave - ok
19:34:56.0163 5540 VGPU - ok
19:34:56.0163 5540 [ 83E0DF11DA7628BA6625B7F92E6E0EDA ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:34:56.0178 5540 vhdmp - ok
19:34:56.0194 5540 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:34:56.0209 5540 viaagp - ok
19:34:56.0225 5540 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:34:56.0256 5540 ViaC7 - ok
19:34:56.0256 5540 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:34:56.0272 5540 viaide - ok
19:34:56.0303 5540 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:34:56.0319 5540 vmbus - ok
19:34:56.0334 5540 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:34:56.0350 5540 VMBusHID - ok
19:34:56.0350 5540 [ A8FBC5016A0D4894ED3D403C8879B150 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:34:56.0365 5540 volmgr - ok
19:34:56.0365 5540 [ 670B6D02548BC93F54CDE5979560A7B8 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:34:56.0381 5540 volmgrx - ok
19:34:56.0397 5540 [ 4B93EBB74FBAA2A6C16A7E65ABCF1F16 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:34:56.0412 5540 volsnap - ok
19:34:56.0412 5540 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:34:56.0428 5540 vsmraid - ok
19:34:56.0475 5540 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:34:56.0521 5540 VSS - ok
19:34:56.0521 5540 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:34:56.0537 5540 vwifibus - ok
19:34:56.0553 5540 [ C5A527C40AD0E5CFE52EAEDDD46ED23F ] W32Time C:\Windows\system32\w32time.dll
19:34:56.0568 5540 W32Time - ok
19:34:56.0599 5540 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:34:56.0615 5540 WacomPen - ok
19:34:56.0646 5540 [ 1FFE8CA5F775E1C4DA3629F215A322B5 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:34:56.0662 5540 WANARP - ok
19:34:56.0677 5540 [ 1FFE8CA5F775E1C4DA3629F215A322B5 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:34:56.0693 5540 Wanarpv6 - ok
19:34:56.0771 5540 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:34:56.0833 5540 WatAdminSvc - ok
19:34:56.0880 5540 [ E7DA95E73F04EF2D7155171C50C7EA74 ] wbengine C:\Windows\system32\wbengine.exe
19:34:56.0943 5540 wbengine - ok
19:34:56.0943 5540 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:34:56.0974 5540 WbioSrvc - ok
19:34:56.0974 5540 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:34:57.0005 5540 wcncsvc - ok
19:34:57.0021 5540 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:34:57.0052 5540 WcsPlugInService - ok
19:34:57.0083 5540 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
19:34:57.0099 5540 Wd - ok
19:34:57.0114 5540 [ F6806CC28F33C31204EBF9044A90A385 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:34:57.0130 5540 Wdf01000 - ok
19:34:57.0145 5540 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:34:57.0161 5540 WdiServiceHost - ok
19:34:57.0161 5540 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:34:57.0177 5540 WdiSystemHost - ok
19:34:57.0192 5540 [ 462FDC06F120247232BC15243F0A007B ] WebClient C:\Windows\System32\webclnt.dll
19:34:57.0223 5540 WebClient - ok
19:34:57.0239 5540 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:34:57.0270 5540 Wecsvc - ok
19:34:57.0286 5540 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:34:57.0317 5540 wercplsupport - ok
19:34:57.0333 5540 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:34:57.0379 5540 WerSvc - ok
19:34:57.0411 5540 [ E8FC2B7A768EDBA47103D7EFD05F60D7 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:34:57.0426 5540 WfpLwf - ok
19:34:57.0442 5540 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:34:57.0457 5540 WIMMount - ok
19:34:57.0520 5540 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:34:57.0567 5540 WinDefend - ok
19:34:57.0582 5540 WinHttpAutoProxySvc - ok
19:34:57.0738 5540 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:34:57.0785 5540 Winmgmt - ok
19:34:57.0879 5540 [ D49D64D819784229A415DB8DD36C5B53 ] WinRiskXAAppService F:\Versicherungen\InterRisk\WinRiskXA\server\bin\WinRiskXAServer.exe
19:34:57.0879 5540 WinRiskXAAppService ( UnsignedFile.Multi.Generic ) - warning
19:34:57.0879 5540 WinRiskXAAppService - detected UnsignedFile.Multi.Generic (1)
19:34:57.0910 5540 [ 26662A858EA04215BB80FEFBA6BCED5C ] WinRiskXAServiceHandler F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWServiceHandler.exe
19:34:57.0910 5540 WinRiskXAServiceHandler ( UnsignedFile.Multi.Generic ) - warning
19:34:57.0910 5540 WinRiskXAServiceHandler - detected UnsignedFile.Multi.Generic (1)
19:34:57.0925 5540 [ E694974965E268F8224CC37FABB67596 ] WinRiskXASoftwareUpdate F:\Versicherungen\InterRisk\WinRiskXA\client\bin\BWUpdater.exe
19:34:57.0925 5540 WinRiskXASoftwareUpdate ( UnsignedFile.Multi.Generic ) - warning
19:34:57.0925 5540 WinRiskXASoftwareUpdate - detected UnsignedFile.Multi.Generic (1)
19:34:57.0988 5540 [ 9A028581B3B025B4DFC1F9C4F54FF166 ] WinRM C:\Windows\system32\WsmSvc.dll
19:34:58.0035 5540 WinRM - ok
19:34:58.0081 5540 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:34:58.0128 5540 Wlansvc - ok
19:34:58.0191 5540 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:34:58.0206 5540 wlcrasvc - ok
19:34:58.0284 5540 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:34:58.0331 5540 wlidsvc - ok
19:34:58.0362 5540 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:34:58.0378 5540 WmiAcpi - ok
19:34:58.0409 5540 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:34:58.0440 5540 wmiApSrv - ok
19:34:58.0518 5540 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:34:58.0565 5540 WMPNetworkSvc - ok
19:34:58.0596 5540 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:34:58.0627 5540 WPCSvc - ok
19:34:58.0627 5540 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:34:58.0659 5540 WPDBusEnum - ok
19:34:58.0674 5540 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:34:58.0721 5540 ws2ifsl - ok
19:34:58.0737 5540 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:34:58.0768 5540 wscsvc - ok
19:34:58.0768 5540 WSearch - ok
19:34:58.0815 5540 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:34:58.0877 5540 wuauserv - ok
19:34:58.0893 5540 [ A272A137AB6C730CBD670ECA147BDF0A ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:34:58.0908 5540 WudfPf - ok
19:34:58.0939 5540 [ 5DD9729B4FF060632685F47E55234061 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:34:58.0971 5540 WUDFRd - ok
19:34:59.0002 5540 [ 1F7B335577800462B8A4A1BEC1EA6AA4 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:34:59.0033 5540 wudfsvc - ok
19:34:59.0064 5540 [ A4001E153F8DC234A4C6395E61C84DFE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:34:59.0095 5540 WwanSvc - ok
19:34:59.0095 5540 ================ Scan global ===============================
19:34:59.0127 5540 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:34:59.0142 5540 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:34:59.0158 5540 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:34:59.0189 5540 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:34:59.0220 5540 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:34:59.0220 5540 [Global] - ok
19:34:59.0220 5540 ================ Scan MBR ==================================
19:34:59.0236 5540 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:34:59.0641 5540 \Device\Harddisk0\DR0 - ok
19:34:59.0657 5540 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5
19:35:02.0200 5540 \Device\Harddisk5\DR5 - ok
19:35:02.0200 5540 ================ Scan VBR ==================================
19:35:02.0200 5540 [ 40416E8DF6D044EDEF901C5F3047D177 ] \Device\Harddisk0\DR0\Partition1
19:35:02.0200 5540 \Device\Harddisk0\DR0\Partition1 - ok
19:35:02.0231 5540 [ 8AC4358FA53749A57DAAB8B4D7A88F54 ] \Device\Harddisk0\DR0\Partition2
19:35:02.0231 5540 \Device\Harddisk0\DR0\Partition2 - ok
19:35:02.0231 5540 [ CE734FB8587C9027B62E2D7F51BCF0C6 ] \Device\Harddisk5\DR5\Partition1
19:35:02.0231 5540 \Device\Harddisk5\DR5\Partition1 - ok
19:35:02.0231 5540 ============================================================
19:35:02.0231 5540 Scan finished
19:35:02.0231 5540 ============================================================
19:35:02.0262 6024 Detected object count: 9
19:35:02.0262 6024 Actual detected object count: 9
19:35:17.0238 6024 ARAGHSQL ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 ARAGHSQL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0238 6024 BserverDienst ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 BserverDienst ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0238 6024 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0238 6024 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0238 6024 Printer Control ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 Printer Control ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0238 6024 SSHDRV86 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 SSHDRV86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0238 6024 WinRiskXAAppService ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 WinRiskXAAppService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0238 6024 WinRiskXAServiceHandler ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0238 6024 WinRiskXAServiceHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:17.0254 6024 WinRiskXASoftwareUpdate ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:17.0254 6024 WinRiskXASoftwareUpdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.11.2012, 19:51
| #7 |
| /// Malware-holic | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.11.2012, 08:27
| #8 |
| | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um Leider Null Erfolg Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.02.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Scheuer :: HAUPT-PC [Administrator] Schutz: Aktiviert 02.11.2012 22:41:07 mbam-log-2012-11-02 (22-41-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 510066 Laufzeit: 1 Stunde(n), 37 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.11.2012, 22:08
| #9 |
| | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um GELÖST!!!! Es war in der OTL Datei die Zeile: Code:
ATTFilter [2012.09.03 13:10:18 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\SSShim8.dll
Ergebnis: Agent/Gen-Graftor eben in diese SSshim8.dll Ich möchte mich trotzdem ganz dolle bei markusg bedanken der mir doch sehr iel Geholfen hatte.  |
|
05.11.2012, 19:49
| #10 |
| /// Malware-holic | Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um dazu wollte ich im nächsten schritt kommen, aber ich hab auch nen wochenende. öffne mal super antispyware und poste fund logs.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Google Suchergebnisse - leitet beim Klick auf das Suchergebnis um |
| ad-aware, avp.exe, bho, defender, emsisoft, error, excel, firefox, flash player, google, home, homepage, iexplore.exe, install.exe, karte, kaspersky, nodrives, office 2007, plug-in, problem, registry, rundll, security, server, software, starten, storm, svchost.exe, symantec, taskhost.exe, tastatur, udp, windows |
Linear-Darstellung
