| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner mit 'Torpig' und/oder 'Mebroot' infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.11.2012, 16:34
| #1 |
 |  Rechner mit 'Torpig' und/oder 'Mebroot' infiziert Guten Tag. Das t-online-abuse-team hat mir mitgeteilt, dass über meinen Internetzugang ein sog. Sinkhole kontaktiert wurde und das laut Beschwerdeführer mind. einer meiner Rechner mit 'Torpig' und/oder 'Mebroot' infiziert sind. Mir wurde empfohlen mit "DE-Cleaner Rettungssystem CD" von Avira(https://www.botfrei.de/rescuecd.html) die Rechner zu überprüfen. Dies habe ich getan und auf einem Rechner wurden auch 2 "infizierte Dateien" gefunden und behoben. Nun weiß ich allerdings nicht, ob damit das von t-online beschriebene Problem behoben ist. Nun hab ich dieses Forum zu spät entdeckt. Besteht die Möglichkeit mit eurer Hilfe die Rechner zu checken, ob das System auch wirklich sauber ist? OTL vom 1. Rechner: Code:
ATTFilter OTL logfile created on: 08.11.2012 15:34:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,51% Memory free 6,68 Gb Paging File | 5,70 Gb Available in Paging File | 85,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,51 Gb Total Space | 623,89 Gb Free Space | 68,45% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 8,92 Gb Free Space | 44,63% Space Free | Partition Type: FAT32 Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.08 15:31:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe PRC - [2012.08.30 16:57:35 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.08.30 16:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.06.18 16:27:10 | 000,018,432 | ---- | M] () -- C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.0.9\ccsvchst.exe PRC - [2011.11.21 15:12:58 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.05.21 18:58:14 | 000,413,496 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.18 18:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.08 23:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.08.31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe ========== Modules (No Company Name) ========== MOD - [2008.08.27 15:32:36 | 000,619,816 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMediaLibrary.dll MOD - [2008.06.09 08:55:08 | 000,013,096 | ---- | M] () -- C:\Programme\HomeCinema\Power2Go\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2012.10.27 13:53:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.25 16:17:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.18 16:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360) SRV - [2011.11.23 16:27:36 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.21 15:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.08 23:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.08.31 10:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.10.05 19:23:26 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121030.002\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.09.13 14:48:34 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121107.035\NAVEX15.SYS -- (NAVEX15) DRV - [2012.09.13 14:48:34 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121107.035\NAVENG.SYS -- (NAVENG) DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121107.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.30 20:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.09 08:39:29 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.09 08:39:29 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.08 11:33:17 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ccsetx86.sys -- (ccSet_N360) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symefa.sys -- (SymEFA) DRV - [2011.11.16 20:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symtdiv.sys -- (SYMTDIv) DRV - [2011.11.16 20:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604000.009\ironx86.sys -- (SymIRON) DRV - [2011.08.15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604000.009\symds.sys -- (SymDS) DRV - [2010.10.24 11:28:54 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.06.02 23:57:34 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2009.03.30 16:53:56 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/04/22 16:10:50] [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.09.21 08:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=010712_6&babsrc=HP_ss&mntrId=cedae3900000000000000022438f5029 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=010712_6&babsrc=SP_ss&mntrId=cedae3900000000000000022438f5029 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.29 FF - prefs.js..extensions.enabledItems: cbsf-config@com.extensions.mattiasschlenker.de:0.0.0.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: metaswitcher@com.extensions.mattiasschlenker.de:1.0.0.25 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Philipp\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.25 08:55:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.06.08 15:47:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012.11.08 15:33:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 13:53:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 13:53:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.25 08:55:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 13:53:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 13:53:08 | 000,000,000 | ---D | M] [2009.06.05 13:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2012.10.23 19:55:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions [2010.04.27 13:42:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.21 09:15:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.05 17:17:48 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\2byzprrl.default\extensions\stats@colorzilla.com [2012.07.25 21:05:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\2byzprrl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.22 10:51:43 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\2byzprrl.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 13:53:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.27 13:53:08 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Programme\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012.10.27 13:53:07 | 000,000,000 | ---D | M] ("COMPUTER BILD Fox Config Helper") -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de [2012.10.27 13:53:07 | 000,000,000 | ---D | M] ("Metaswitcher") -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de [2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\chrome [2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\cbsf-config@com.extensions.mattiasschlenker.de\defaults [2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\chrome [2012.10.27 13:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\metaswitcher@com.extensions.mattiasschlenker.de\defaults [2012.10.27 13:53:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.13 18:16:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.05 17:17:35 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.31 15:56:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 18:16:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 18:16:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 18:16:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 18:16:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95F4925D-6FE8-4FE9-8D29-524B6FB499F4}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.06 16:04:45 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes [2012.11.06 16:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 11:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.06 11:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.10.27 13:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.14 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\FIFA 11 [2012.10.14 10:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.08 15:30:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.08 15:30:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.08 15:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.08 15:29:50 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys [2012.11.08 15:27:44 | 000,000,020 | ---- | M] () -- C:\Users\Philipp\defogger_reenable [2012.11.08 14:58:00 | 000,002,766 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml [2012.11.08 14:58:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job [2012.11.08 14:37:57 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.08 14:37:57 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.08 14:37:57 | 000,131,012 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.08 14:37:57 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.08 10:41:25 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D7FA4C01-CDB3-47C2-A3B0-A3BBE50D1513}.job [2012.11.07 18:07:12 | 000,048,128 | ---- | M] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.22 18:56:28 | 000,000,680 | ---- | M] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat [2012.10.18 09:59:47 | 021,023,381 | ---- | M] () -- C:\Users\Philipp\Desktop\Skript fuer WS 2012_13 Strafprozessrecht 14. Auflage.pdf [2012.10.16 09:04:22 | 000,010,074 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\VT20121008.022 [2012.10.16 08:03:30 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk [2012.10.16 08:03:19 | 002,661,552 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\Cat.DB [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.08 15:27:33 | 000,000,020 | ---- | C] () -- C:\Users\Philipp\defogger_reenable [2012.10.18 09:59:01 | 021,023,381 | ---- | C] () -- C:\Users\Philipp\Desktop\Skript fuer WS 2012_13 Strafprozessrecht 14. Auflage.pdf [2012.08.30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.02.06 10:12:28 | 000,000,552 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d8caps.dat [2011.08.24 17:56:52 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2011.08.24 17:56:52 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\66BCC00149.sys [2011.07.30 11:32:16 | 000,000,680 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat [2011.04.19 19:16:44 | 000,001,940 | ---- | C] () -- C:\Users\Philipp\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.15 14:11:02 | 000,000,110 | ---- | C] () -- C:\Windows\GMouse.ini [2010.03.26 14:14:09 | 000,138,056 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\PnkBstrK.sys [2009.12.17 14:46:50 | 000,000,095 | ---- | C] () -- C:\Users\Philipp\AppData\Local\fusioncache.dat [2009.07.28 12:11:17 | 000,048,128 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.18 10:01:03 | 000,017,089 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\UserTile.png [2009.06.07 11:26:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.06 10:01:26 | 000,001,514 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.21 20:10:16 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ashampoo [2012.07.05 17:17:21 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Babylon [2010.09.21 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.26 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\FarmingSimulator2008 [2009.12.17 16:10:19 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GetRightToGo [2012.07.31 08:43:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ [2011.03.21 14:15:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient [2012.05.24 21:28:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LolClient2 [2009.11.04 15:40:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\OpenOffice.org [2012.10.03 13:10:49 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Origin [2009.06.18 10:01:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PeerNetworking [2009.06.06 10:06:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Template [2012.08.22 18:40:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TS3Client [2011.12.09 13:51:00 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ts3overlay [2009.09.13 16:03:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\TuneUp Software [2009.12.17 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Turbine [2010.03.25 18:07:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.11.2012 15:34:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,51% Memory free
6,68 Gb Paging File | 5,70 Gb Available in Paging File | 85,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 623,89 Gb Free Space | 68,45% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,92 Gb Free Space | 44,63% Space Free | Partition Type: FAT32
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00313D4A-A31C-4F3B-8063-F58D492A664D}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{0B0F4999-B260-4DA4-90CC-1F9CCA595B25}" = lport=445 | protocol=6 | dir=in | app=system |
"{0DB4D885-A855-41DE-BD73-E6EC46F92B31}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E809AE4-B9F3-484A-8569-688B99FC463E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{217A1D2E-71A2-4875-B323-119B3602E6B9}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher |
"{38362F75-5D49-4FBB-81C4-29D8F6436913}" = rport=139 | protocol=6 | dir=out | app=system |
"{4012B613-8F5D-4A2C-9DF0-7EE352FCCB6E}" = rport=445 | protocol=6 | dir=out | app=system |
"{4CEE7BA2-9D15-4AB7-A91F-CCC92FC12929}" = rport=137 | protocol=17 | dir=out | app=system |
"{56696065-60CE-4100-BBC1-68EBE5C1C3B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5F206CA3-ECDF-4CC8-9F56-DC9F1F748EE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6299F731-0295-48CB-BE51-7A9DFF5105F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{7EEC4464-C985-4C8B-98B2-228886E0C5B3}" = lport=138 | protocol=17 | dir=in | app=system |
"{AEA24C82-D289-45FF-AD61-4109D7B72241}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9453387-A853-480C-BD36-E8330C143ADA}" = lport=6963 | protocol=17 | dir=in | name=league of legends launcher |
"{C3927D80-FFD0-4A87-B705-DF4EEED25D90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C56E46F8-DE34-4101-A0A5-997075773A4D}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher |
"{C75A242C-706E-4C7F-940C-0F45E3E354BF}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{EFB883A5-C560-4816-AC9C-1EF7CBE3181D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FAD490F9-1036-4116-891B-07B20746E95E}" = lport=6963 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B1A3A3-E6F9-4601-A3B3-B8CEE05BE901}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{141D22AE-068C-4488-ADD8-38046CEC4AE4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{15C02CA0-214D-4872-A752-20FB5B46A155}" = protocol=6 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe |
"{2B778E00-B653-4A06-B090-2CD5D4D0D08E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3F4FF0A3-87A8-4ED9-8811-D0BA88FC2F19}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{42A5F11C-0F7F-4B91-B2FF-18D33E8D0861}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{44E3F3DA-D2F3-46F4-954A-4CD56F505E7E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{44F7F7A0-649A-4605-878E-1D9C1562D8F3}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{49C8E992-92A9-41A1-A5CE-8154713F7487}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{4A17FAA2-A713-461B-A1D8-AA5EA80B013D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4BC113CC-1C99-43DF-9A81-3C8B2C8CFBF2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4E099E0E-65B2-4DC4-B4CD-B533355A43B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4F2E4E03-24F5-4450-BA44-D84C6EA333F0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{53802C0A-F52B-4B9A-A65F-24B4E96F9ED4}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{57B55DF4-C14B-43C9-9D17-B0D2C5C0796B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{5B46585A-C0E7-4CCB-82FE-0B402D6E2D8A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5BEEF11E-F0D3-432C-BEC1-7031520CC9B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5C5D76A8-3840-4349-97B5-C5C189D9C722}" = dir=in | app=c:\program files\homecinema\powerdvd9\powerdvd9.exe |
"{5D8BF66C-519E-4721-A46F-EF949122259C}" = protocol=17 | dir=in | app=c:\program files\origin games\fifa 13\game\fifa13.exe |
"{60B8E144-CA65-4878-B2C1-49FA22D38E29}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{60ED0DBC-A4E3-4014-8FEE-3F89B83E5748}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{6236AC29-2FB2-47D8-AAC7-FE490C1FABA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{64D710CD-27AD-4EA2-8CA3-B8186BE77751}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6A1EBC01-B4E3-404E-8BD4-19F9C7181C08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6ADF7886-0F1F-4969-A3F4-8BBD2493AF23}" = protocol=17 | dir=in | app=c:\program files\cs 1.6\hl.exe |
"{7A942084-DB05-46BC-BFBB-F5C73A997E17}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7CD4515B-B389-4834-BC17-CA549A763424}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{816A8C8C-F7DF-443D-BEB1-AFCD14082118}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{82A08553-098F-4EC2-AAF5-A1B39F41A8B5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\fcbayern1900\counter-strike\hl.exe |
"{850A4AE7-626C-49EE-A4A6-E5F397112251}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{86FE6CA0-6305-4735-84C6-D83A60406125}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{87902FE1-81EF-4551-A413-1A86FBB6BA1B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\fcbayern1900\counter-strike\hl.exe |
"{88CFCE36-70D5-45ED-AA7E-6CA3CE069D23}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{9B65CB17-D883-4A74-B2B1-1A354DE23041}" = dir=in | app=e:\setup\hpznui01.exe |
"{A169D7FA-A135-47F0-A42B-1277399D512A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AFE3B00B-EFA6-44D0-98DC-0A7634F27357}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B03493D2-8476-47E8-B5A2-82B363C979D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{BCEECAE2-6FF9-4E3E-9B13-B01891F1AC71}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BDA30BF2-C41B-43AB-98ED-F5E0CEBCFB9F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C24AAB0C-6F43-4AFB-B854-1E397918C88C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C6EB1591-5865-4589-89C2-E3915E42F284}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{CB69FA88-6961-4E3B-B580-5EAC46741F2C}" = protocol=6 | dir=in | app=c:\program files\cs 1.6\hl.exe |
"{CCA66ECC-1920-408F-92EC-4EDAC687477D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D00488E7-64B4-48A5-972E-98855AE97E06}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D1E448A1-7A69-4D7F-A83B-428839656C91}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D2777488-117C-45BE-872D-25C28BA3EB87}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D39CCA38-4918-45E0-8625-BD70CB53138B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D53CBB49-321A-4497-AE22-87B4FE1DB7B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DCC0DB3C-E3CD-4027-8A44-6CD77969B4CC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{DDC2B7A0-BEAC-48C1-9E9D-40279F6ED653}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E0484D0F-EFAC-4469-A114-BDC14A109AF1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{E8D46D19-51DC-4E80-A083-2AF3DAF464F2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{EC2B5945-222C-4647-A83F-0E51216E4A4C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{ECCBD39F-B448-42B9-A690-EF8B8DC0C958}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{ED5C47FF-30E0-4C46-8EA1-FC98833BF22B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F1834E85-CDD6-4D07-9B43-175A555C1939}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{F57CB907-F91A-4516-9272-E3C26A7F2F89}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{F8DAFB63-17E3-497C-B250-F31B28D1947A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9C167C4-AF9F-4E2C-88AB-C62D1CE62CCB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{FD9EC57D-1F02-4A46-98EB-810A8B68B2FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Guild Wars" = GUILD WARS
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 11020" = TrackMania Nations Forever
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2012 17:39:48 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.11.2012 03:54:58 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.11.2012 14:33:54 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2012 04:28:00 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2012 12:44:55 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2012 13:38:00 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2012 13:48:36 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.11.2012 05:38:51 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.11.2012 09:33:45 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.11.2012 10:31:25 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 26.04.2010 13:45:28 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description =
Error - 26.04.2010 13:45:44 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description =
Error - 27.06.2010 06:36:33 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 4
Description =
Error - 08.08.2010 15:47:37 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description =
Error - 28.10.2010 16:46:09 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description =
Error - 06.12.2010 15:13:59 | Computer Name = Philipp-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/06/2010 20:13:59
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 31.03.2011 04:32:08 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description =
Error - 03.08.2011 08:46:17 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description =
Error - 29.02.2012 17:54:45 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 3
Description =
Error - 30.10.2012 16:44:37 | Computer Name = Philipp-PC | Source = ehRecvr | ID = 4
Description =
[ System Events ]
Error - 07.11.2012 13:49:26 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 07.11.2012 13:49:26 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.11.2012 05:39:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 08.11.2012 05:39:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.11.2012 05:54:41 | Computer Name = Philipp-PC | Source = DCOM | ID = 10005
Description =
Error - 08.11.2012 09:34:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 08.11.2012 09:34:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.11.2012 09:49:40 | Computer Name = Philipp-PC | Source = DCOM | ID = 10005
Description =
Error - 08.11.2012 10:32:20 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 08.11.2012 10:32:20 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-09 16:20:15
Windows 6.0.6002 Service Pack 2
Running: mq3qktdt.exe; Driver: C:\Users\Philipp\AppData\Local\Temp\pwliyfod.sys
---- System - GMER 1.0.15 ----
SSDT 88A0E960 ZwAlertResumeThread
SSDT 88A0EA40 ZwAlertThread
SSDT 887FA538 ZwAllocateVirtualMemory
SSDT 880BDFB0 ZwAlpcConnectPort
SSDT 8829AF90 ZwAssignProcessToJobObject
SSDT 88A0E6B0 ZwCreateMutant
SSDT 8829ACB0 ZwCreateSymbolicLinkObject
SSDT 887FAA20 ZwCreateThread
SSDT 88A0E1E8 ZwDebugActiveProcess
SSDT 887FA708 ZwDuplicateObject
SSDT 887FA2F0 ZwFreeVirtualMemory
SSDT 88A0E7A0 ZwImpersonateAnonymousToken
SSDT 88A0E880 ZwImpersonateThread
SSDT 880C7638 ZwLoadDriver
SSDT 887FA1F0 ZwMapViewOfSection
SSDT 88A0E5D0 ZwOpenEvent
SSDT 887FA8E8 ZwOpenProcess
SSDT 887FA628 ZwOpenProcessToken
SSDT 88A0E410 ZwOpenSection
SSDT 887FA7F8 ZwOpenThread
SSDT 8829AEA0 ZwProtectVirtualMemory
SSDT 88A0EB20 ZwResumeThread
SSDT 88A0EDC0 ZwSetContextThread
SSDT 88A0EEA0 ZwSetInformationProcess
SSDT 88A0E2C8 ZwSetSystemInformation
SSDT 88A0E4F0 ZwSuspendProcess
SSDT 88A0EC00 ZwSuspendThread
SSDT 887FAB00 ZwTerminateProcess
SSDT 88A0ECE0 ZwTerminateThread
SSDT 88A0EF90 ZwUnmapViewOfSection
SSDT 887FA3E0 ZwWriteVirtualMemory
SSDT 8829ADA0 ZwCreateThreadEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 11D 822F57E0 8 Bytes [60, E9, A0, 88, 40, EA, A0, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 822F57F4 4 Bytes [38, A5, 7F, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 822F5800 4 Bytes [B0, DF, 0B, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 822F5854 4 Bytes [90, AF, 29, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822F58B8 4 Bytes [B0, E6, A0, 88]
.text ...
.text C:\Program Files\HomeCinema\PowerDVD9\000.fcl section is writeable [0xA9DCC000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\HomeCinema\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA9DEF050]
|
|
09.11.2012, 18:39
| #2 |
| /// Malware-holic   | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert hi
__________________was hat denn avira gefunden, das wäre noch günstig zu wissen.
__________________ |
|
09.11.2012, 21:07
| #3 |
| | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert Ja das wüsste ich auch gern, kann ich aber nicht mehr sagen.
__________________Die beiden Dateien wurden auf dem Rechner von meinem Bruder gefunden und der hat leider kein Logfile gemacht. Er sagt nur, dass die Dateien umbenannt wurden (".vir") und in einem Unterordner von C:/User/Name/.../..low/... sind/waren. Können wir die i-wie finden, um dir die Info mitzuteilen? Wobei das aber auch ein anderer Rechner ist, als der von dem die geposteten Sachen sind. Aber schon mal vielen Dank für deine Hilfe. |
|
09.11.2012, 21:26
| #4 |
| /// Malware-holic | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert poste erst mal otl logs vom infiziertem pc, mit dem sollten wir anfangen :-) gehe dann mal auf den desktop, drücke dann die taste: f3 da geht das fenster, suchen, auf dort tippe: *.vir wenn ein fund gemacht wird, rechtsklick, eignschaften, da siehst du dann die pfadangabe
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.11.2012, 21:55
| #5 |
| | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert OTL vom 2. Rechner Code:
ATTFilter OTL logfile created on: 09.11.2012 21:38:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Felix Jung\Desktop\Trojaner 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,40% Memory free 7,96 Gb Paging File | 5,83 Gb Available in Paging File | 73,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1811,92 Gb Total Space | 1738,16 Gb Free Space | 95,93% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 25,53 Gb Free Space | 51,07% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.09 21:36:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Trojaner\OTL.exe PRC - [2012.11.09 20:33:26 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.11.09 20:33:26 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.17 20:18:44 | 000,232,616 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.30 08:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe PRC - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.10 18:58:36 | 000,082,944 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe PRC - [2010.11.03 19:31:44 | 000,558,592 | ---- | M] (Hauppauge Computer Works) -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2009.05.21 19:58:14 | 000,413,496 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe PRC - [2004.10.08 11:24:42 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Video\LogiTray.exe ========== Modules (No Company Name) ========== MOD - [2012.11.09 20:33:26 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.11.09 20:33:26 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012.11.09 20:33:26 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2012.06.15 14:27:46 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8036b60a803443f3c61c48b4959f722d\IAStorUtil.ni.dll MOD - [2012.06.15 04:16:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 04:16:08 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.10 15:04:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll MOD - [2012.05.10 14:03:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 14:02:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.10 14:02:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 14:02:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 14:02:20 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 14:02:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.05.16 15:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.10 18:58:26 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.11.21 15:10:10 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.11.09 20:33:26 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012.11.08 17:10:51 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2012.10.29 14:42:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.24 15:37:45 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.09 08:37:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.30 09:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.11.21 15:12:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.21 15:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2010.11.03 19:31:44 | 000,558,592 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer) SRV - [2010.10.22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.10.21 17:15:34 | 000,376,832 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe -- (DFSVC) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.09 20:33:26 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.03 16:28:54 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2011.12.25 11:17:45 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2011.06.02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.05.17 06:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS) DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA) DRV:64bit: - [2011.03.11 13:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS) DRV:64bit: - [2010.11.25 14:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.16 02:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON) DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.01.27 18:57:08 | 000,067,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw17bda.sys -- (hcw17bda) DRV:64bit: - [2009.10.15 17:14:38 | 000,028,192 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SipIMNDI64.sys -- (SipIMNDI) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 00:58:24 | 000,507,392 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2012.10.05 19:23:26 | 001,385,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.09.13 11:32:56 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\ex64.sys -- (NAVEX15) DRV - [2012.09.13 11:32:54 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121108.019\eng64.sys -- (NAVENG) DRV - [2012.09.01 01:27:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121108.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.09 14:43:43 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2010.02.25 11:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.10.15 17:14:38 | 000,017,952 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS -- (DFSYS) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={FEA2BABA-6249-4DFA-A079-05AC23FBB14F}&mid=914b326185a147d0a7d053eb48581c81-018354677d5828c8928ca0aa2ce148cd8a2bb2bf&lang=en&ds=qw011&pr=sa&d=2012-05-21 15:33:49&v=12.2.5.32&sap=hp IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0CDB7BD3-B6F7-47F3-B142-28EEFA0E7E4E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=2012052113D946F9A928784390B956AC&q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={FEA2BABA-6249-4DFA-A079-05AC23FBB14F}&mid=914b326185a147d0a7d053eb48581c81-018354677d5828c8928ca0aa2ce148cd8a2bb2bf&lang=en&ds=qw011&pr=sa&d=2012-05-21 15:33:49&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: {00f12770-e60e-4dc6-9105-425bface7c73}:1.0 FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 FF - prefs.js..keyword.URL: "hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.11 10:19:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012.11.09 21:35:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 14:48:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.09 20:33:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.04 15:22:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.29 14:42:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.23 13:40:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 14:48:21 | 000,000,000 | ---D | M] [2011.12.24 20:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Extensions [2012.11.06 16:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions [2012.05.21 15:41:29 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73} [2012.06.17 18:59:09 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.05.21 15:41:23 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Felix Jung\AppData\Roaming\mozilla\Firefox\Profiles\zaxue1zp.default\extensions\plugin@yontoo.com [2012.11.04 15:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.01 15:06:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.09 20:33:27 | 000,003,574 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.05.21 15:41:32 | 000,002,127 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media) O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll () O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll () O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files (x86)\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files (x86)\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe () O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files (x86)\T-Home\Dialerschutz-Software\Defender64.exe (T-Systems International GmbH) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Felix Jung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files (x86)\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.4.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.09 21:37:21 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\Desktop\Trojaner [2012.11.08 17:13:05 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.11.08 17:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.11.08 17:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.11.08 17:06:58 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.11.08 17:06:56 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2012.11.08 17:06:56 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2012.11.08 17:06:56 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.11.08 17:06:55 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.11.08 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities [2012.11.08 17:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010 [2012.11.06 16:16:07 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Roaming\Malwarebytes [2012.11.06 16:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.05 18:05:36 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Local\{2738AE06-63AA-45DB-833B-927FB99D36CC} [2012.10.29 14:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.29 14:39:23 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Local\{91251A86-AA02-4DBB-8B9E-8F47BF972BBB} [2012.10.27 16:39:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2012.10.26 14:31:05 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.10.26 14:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.10.25 20:22:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.10.19 19:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.10.15 21:24:39 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\AppData\Local\{53C66986-C46C-45C0-B929-9FEEFB15A906} [2012.10.14 09:41:10 | 000,000,000 | ---D | C] -- C:\Users\Felix Jung\Documents\FIFA 11 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.09 21:41:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 21:41:28 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 21:37:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.09 21:33:56 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.09 21:33:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.09 21:32:56 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys [2012.11.09 21:04:19 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2012.11.09 20:33:26 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.11.09 16:51:01 | 000,002,780 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml [2012.11.09 16:51:01 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job [2012.11.09 16:32:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.08 17:27:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.11.08 17:10:51 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.08 17:10:51 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.11.06 21:13:00 | 745,488,731 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.04 15:21:02 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.01 17:43:56 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.01 17:43:56 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.01 17:43:56 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.01 17:43:56 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.01 17:43:56 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.10.26 13:27:15 | 000,398,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.25 20:22:58 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.10.19 19:29:18 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 21:04:19 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2012.11.08 17:13:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.11.08 17:06:47 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.08 17:06:47 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.11.08 17:06:33 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk [2012.10.25 20:22:58 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.10.19 19:29:18 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.10.19 19:27:00 | 000,001,118 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.19 19:26:59 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.08.25 17:32:13 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2012.08.13 19:48:31 | 001,526,612 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.02 12:09:05 | 000,000,840 | ---- | C] () -- C:\Windows\_delis32.ini [2012.02.27 16:43:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.02.27 16:43:08 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.27 16:42:59 | 000,037,639 | ---- | C] () -- C:\Windows\Irremote.ini [2012.02.27 16:42:56 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe [2012.02.27 16:42:41 | 000,006,026 | ---- | C] () -- C:\Windows\HCWPNP.INI [2012.02.23 15:38:55 | 000,002,528 | ---- | C] () -- C:\Users\Felix Jung\AppData\Roaming\$_hpcst$.hpc [2012.02.04 16:03:12 | 000,006,144 | ---- | C] () -- C:\Users\Felix Jung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.16 15:55:43 | 000,000,367 | ---- | C] () -- C:\Users\Felix Jung\Heimnetzgruppe - Verknüpfung.lnk [2011.12.28 13:31:03 | 000,219,939 | ---- | C] () -- C:\Windows\hpoins40.dat [2011.12.25 13:56:10 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI [2011.12.25 13:43:20 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.06 20:03:16 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\.minecraft [2012.09.08 21:47:51 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Aeria Games & Entertainment [2012.05.21 14:34:01 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\AnvSoft [2012.06.25 15:57:40 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\FotoWire [2012.08.26 14:23:28 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\MotioninJoy [2012.03.09 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\MTE [2011.12.25 11:11:48 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Mugle [2012.10.26 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Notepad++ [2011.12.25 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\OpenOffice.org [2012.08.24 15:19:52 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Origin [2012.02.23 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Samsung [2012.11.05 17:20:19 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\SoftGrid Client [2012.07.23 13:40:13 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Thunderbird [2012.08.13 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\TP [2012.05.06 17:49:51 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\TS3Client [2012.05.06 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\ts3overlay [2012.08.13 13:58:14 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\TuneUp Software [2012.04.16 18:12:22 | 000,000,000 | ---D | M] -- C:\Users\Felix Jung\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.11.2012 21:38:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Felix Jung\Desktop\Trojaner
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,40% Memory free
7,96 Gb Paging File | 5,83 Gb Available in Paging File | 73,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1738,16 Gb Free Space | 95,93% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,53 Gb Free Space | 51,07% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF057B0-567E-43E6-8CDA-D651B0CEAE3A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10F035F0-1721-41C2-9BE5-CCEF94D599A3}" = rport=137 | protocol=17 | dir=out | app=system |
"{18C906EB-8ECE-4038-9748-07A0F22F7C56}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E5C09A6-DBE8-4791-9363-183A2D7EC44B}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A57145D-6FBD-4ED7-AE2B-620F73AAD1CE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C0CA4C8-302E-4722-8B44-CFB7509611C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3048AAB6-7C70-4C7B-9C14-455BAD025A9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AC3EFCE-6F20-44D8-9E0D-BEC125A6FF74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5C6CAE6E-399E-482A-B65D-A297A4AEA07A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6FF4ECFA-71A0-4E7E-9ECC-4D697BBE9961}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{761E2CD0-0CF1-41F4-8D66-5B7DB36805E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D51F82C-443D-4152-BE0E-01FDE7C036EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90428F6A-595C-4021-B65F-8F606198130E}" = lport=139 | protocol=6 | dir=in | app=system |
"{957C524B-FE64-44F8-A3C1-C4044F10AB3A}" = lport=137 | protocol=17 | dir=in | app=system |
"{A85EFDAC-DB9C-4D66-8C17-AF3C177B8E63}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE97F569-96EF-4ABB-8BFE-79899E25E4E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF0A86B1-AA5F-43D9-BB44-E29CE71CBABD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC5A3F8C-C7DE-4044-A5D8-2330FB5E694F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{CB2A2321-91F3-4793-B10F-CE8DCC37E446}" = lport=445 | protocol=6 | dir=in | app=system |
"{CDF97E4F-991B-440C-AC82-5DE6577C08C6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE26BE9C-E974-4CAA-AB68-231981F95F19}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DFAF9E16-58DB-47C3-A1BB-08167CE2990C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F7AD66-AC44-45B6-BF79-40260A542DBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{063548DD-CA9D-4568-B84F-9F012A4BC4BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E355AA2-9F94-49C8-98FE-708CE2E755D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{135160E9-7A08-4460-83C6-10FC9C0DC252}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{174A52D4-C78F-45A4-83E8-D33D48AA1A60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{197DD9D7-592A-4DDE-B411-8C055901B2A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{1E929A50-6218-48CF-B90D-78316684A607}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{23343B39-C5B3-40DF-A2C8-CEDA12556A1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23E02308-85B7-4B8C-9BC4-70F77FA0052F}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{26710F5C-8820-4E83-91CD-2DD5920E3912}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2AD328F0-5136-4B4F-8751-FDE923F487E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{2E96069F-A694-433A-8C3D-CB547AD20D1F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"{2EA771E0-EA06-4F2C-809B-65267904DACF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34FDB031-CF3C-4AD5-AFC1-0A1D7F50C50A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38125A45-8E9B-43E6-9E5F-A632DBC161AC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{39E2CA14-2F37-46EB-AAFC-22CEDC3AA94B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{4FBA8A34-EDE0-4EDD-9422-BF181DA28109}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{56DEB0DA-1F0B-4C2F-B44D-E50513DA4CCF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{610E0489-FCAA-43F0-8CB5-1C55280178EF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{71306A53-6A56-44B3-AB66-8428B96A2851}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{788F7898-9DC2-4066-B3A3-CC8C84AC3C1D}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{79A2E97D-A9DB-42AD-A1CB-A6F9DDFDE1B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80D88350-B222-464E-A9AF-DD236EE2304D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83C5A50D-C4CF-41E8-8C4E-B23923D66320}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8C8A7463-10B4-4C6C-8C86-3A70DCAC0872}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FBABA01-E824-4306-8962-57E61DBCF7CE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{952E8FA9-7D5D-401C-9C38-2AE4E015F890}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{995D3540-8062-421F-97D0-2A61EECDD0FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9AE5C5A4-72DA-464E-AF84-70FB94AB74EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A236DCE9-69ED-4FB3-B255-477FD9946DC6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A52D4590-54D4-4153-8A79-3AC732F4D1DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{AA9224BB-6613-4F21-B3C0-3729CA166EB0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{B0B59326-816D-4A8E-ABD1-F9523688F536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B59EE47E-0216-4B91-BFD8-9EE698E4E0AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{B64325A5-48B2-4CF1-A8CD-CB4126543F44}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"{B691F0E1-4613-4A45-958F-32FADA5705FA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B9F4B172-3E32-46A2-8A0B-D11C5AC65BC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BB62F3EE-A330-4D66-AB2D-CB47C77DC027}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{BF8D2355-DA3A-49E4-BC00-47AF84E59F5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C22E068D-D871-488E-B827-96507A94045B}" = dir=in | app=e:\setup\hpznui40.exe |
"{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CCFD4CA6-01D1-4E7B-B673-3C8261812FEB}" = protocol=6 | dir=out | app=system |
"{DE7FB8A0-34C0-4F9E-8394-60FA3B1C5CEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E88654D1-1684-4E4F-92B8-95E5EF3826CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB10D7E7-5E93-49AD-B7AF-35C4321EB5D6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EC83D0CE-1651-4268-8B70-72492FE9BBE7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7B76BB4-8E92-4B66-9251-9191FB5A2CA6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{FAC5C1BB-46AF-4540-8E03-E0DCB35E2764}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE3E548B-DA98-4241-95E3-7130088663BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{FF9CE6B6-EF72-4399-A942-E2138FC4B2C1}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{13B804CF-C6D6-46A3-856A-8B7B220D7251}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4866DD44-FD88-4511-B9EB-F9F8DFFEFDA1}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
"TCP Query User{58768DE9-F2E1-4EE3-BF51-B29370DCAF8C}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{64EA0BAC-AB0E-4946-AAB2-A683D200E32B}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{6D5BBC54-E710-4FDE-8664-76556F4194BE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{AC984A6D-D723-4BF9-9489-1D7BE3B47BB3}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{E7DF1DC0-BC8C-4373-AA7E-D389C60E5BE0}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe |
"UDP Query User{185E7834-9B35-47B3-91E9-103CEB31869E}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1AC601DF-B9EE-4694-AB38-CA0FD2D13663}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |
"UDP Query User{1CB94536-FA4D-44BD-AD59-90512C958B28}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{5DACFDEE-BCEB-43BF-9505-F76FA77624E1}C:\users\felix jung\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\felix jung\appdata\local\akamai\netsession_win.exe |
"UDP Query User{693828D3-8901-41E7-92E0-713B49C754FE}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{92C9B387-D1AC-4E92-B283-B252C9696A28}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{E2ACCF07-ACE9-4018-A6C5-1C9BD27A5BB7}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"GIMP-2_is1" = GIMP 2.8.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"AVG Secure Search" = AVG Security Toolbar
"blekkotb" = Spam Free Search Bar
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Logitech Print Service" = Logitech Print Service
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myMugle3.0.0.0" = myMugle
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TuneUp Utilities" = TuneUp Utilities
"WinLiveSuite" = Windows Liven asennustyökalu
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.11.2012 13:53:15 | Computer Name = *** | Source = Application Error | ID = 1000
Error - 08.11.2012 13:57:00 | Computer Name = *** | Source = CVHSVC | ID =
100
Description = Nur zur Information.
Too many failures while downloading ranges: 2
Error - 08.11.2012 13:59:31 | Computer Name = *** | Source = CVHSVC | ID =
100
Description = Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error - 09.11.2012 10:23:04 | Computer Name = *** | Source = Application Error
| ID = 1000
Error - 09.11.2012 10:29:56 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 09.11.2012 10:33:17 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 09.11.2012 15:32:54 | Computer Name = *** | Source = Application Error | ID = 1000
Error - 09.11.2012 16:05:43 | Computer Name = *** | Source = Application Error
| ID = 1000
Error - 09.11.2012 16:12:32 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information. Too many failures while downloading ranges: 2
Error - 09.11.2012 16:15:48 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Stream product id=0x0066): Streaming Failed
Error - 09.11.2012 16:34:09 | Computer Name =*** | Source = Application Error | ID = 1000
Error - 09.11.2012 16:39:05 | Computer Name = FelixJung | Source = CVHSVC | ID =
100
Description = Nur zur Information.
Too many failures while downloading ranges: 2
Error - 09.11.2012 16:40:38 | Computer Name = *** | Source = CVHSVC | ID =
100
Description = Nur zur Information.
(Stream product id=0x0066): Streaming Failed
Error encountered while reading event logs.
< End of report >
1: 2d405637-70a31286.vir Code:
ATTFilter C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55
Code:
ATTFilter C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48
Geändert von Pille Palle (09.11.2012 um 21:59 Uhr) Grund: +++ |
|
09.11.2012, 23:54
| #6 | |
| /// Malware-holic | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert ok, das ist nichts weiter. bei beiden pcs, aber bitte mit pc1 beschriften, bzw pc2, wobei pc1 der pc ist, von dem du die otl logs zu erst gepostet hattest: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Rechner mit 'Torpig' und/oder 'Mebroot' infiziert |
|
10.11.2012, 10:49
| #7 |
| | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert Combofix vom rechner 1: Code:
ATTFilter ComboFix 12-11-09.02 - Philipp 10.11.2012 8:19.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2083 [GMT 1:00]
ausgeführt von:: c:\users\Philipp\Desktop\Trojaner Board\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih_de.exe
c:\windows\PFRO.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-10 bis 2012-11-10 ))))))))))))))))))))))))))))))
.
.
2012-11-10 07:28 . 2012-11-10 07:29 -------- d-----w- c:\users\Philipp\AppData\Local\temp
2012-11-10 07:28 . 2012-11-10 07:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-10 07:28 . 2012-11-10 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 15:04 . 2012-11-06 15:04 -------- d-----w- c:\users\Philipp\AppData\Roaming\Malwarebytes
2012-11-06 10:34 . 2012-11-06 10:34 -------- d-----w- c:\program files\Common Files\Java
2012-11-06 10:34 . 2012-11-06 10:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-06 10:33 . 2012-11-06 10:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-06 10:33 . 2012-11-06 10:33 -------- d-----w- c:\program files\Java
2012-10-14 09:15 . 2012-10-14 09:15 -------- d-----w- c:\program files\Common Files\SWF Studio
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 10:33 . 2010-04-26 12:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 11:28 . 2010-03-26 13:36 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-09-24 11:28 . 2010-03-26 13:13 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-09-13 13:28 . 2012-10-10 08:09 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-30 19:13 . 2012-09-14 14:55 6109032 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-30 19:13 . 2012-09-14 14:55 12465512 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-08-30 19:13 . 2012-09-14 14:55 10790760 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:13 . 2012-09-14 14:55 7626088 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:13 . 2012-09-14 14:55 19828584 ----a-w- c:\windows\system32\nvoglv32.dll
2012-08-30 19:13 . 2012-09-14 14:55 2573672 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:13 . 2012-09-14 14:55 1866088 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:13 . 2012-09-14 14:55 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:13 . 2012-08-30 11:01 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-08-30 19:13 . 2012-08-22 14:45 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-08-30 19:13 . 2009-03-27 20:33 2422120 ----a-w- c:\windows\system32\nvapi.dll
2012-08-30 19:13 . 2009-03-27 20:33 15291752 ----a-w- c:\windows\system32\nvd3dum.dll
2012-08-30 15:57 . 2009-03-27 20:33 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 15:57 . 2012-08-22 14:53 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 15:57 . 2009-03-27 20:33 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 15:57 . 2009-03-27 20:33 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 15:57 . 2009-03-27 20:33 3963240 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 15:57 . 2009-03-27 20:33 2836840 ----a-w- c:\windows\system32\nvsvc.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\system32\nvStreaming.exe
2012-08-29 11:27 . 2012-10-10 08:09 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 08:09 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 08:09 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:53 . 2012-09-23 09:50 834048 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 14:07 . 2012-09-23 09:50 389632 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:41 . 2012-09-23 09:50 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-27 12:53 . 2012-10-27 12:53 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59F7FE53-2860-44B1-968A-E54E3E949A07}]
2012-06-18 15:27 269824 ----a-w- c:\users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 20:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\DMEPeriodicTask.job
- c:\program files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 06:17]
.
2012-11-09 c:\windows\Tasks\User_Feed_Synchronization-{D7FA4C01-CDB3-47C2-A3B0-A3BBE50D1513}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=109958&tt=010712_6&babsrc=HP_ss&mntrId=cedae3900000000000000022438f5029
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\2byzprrl.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: !HIDDEN! 2009-06-24 13:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-07-09 14:45; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\program files\Mozilla Firefox\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - ExtSQL: !HIDDEN! 2010-09-25 09:55; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=010712_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - cedae3900000000000000022438f5029
FF - user.js: extensions.BabylonToolbar_i.hardId - cedae3900000000000000022438f5029
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-10 08:29
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\HomeCinema\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-341534412-2317861164-3823495887-1000\Software\SecuROM\License information*]
"datasecu"=hex:9f,92,9b,90,1f,fa,ea,fc,76,44,13,b5,0b,3f,b9,3b,13,17,43,62,8f,
3e,15,d4,cd,36,2c,e5,f9,79,4f,3a,4c,10,ff,52,9f,5a,54,b3,c9,43,fb,a1,ef,34,\
"rkeysecu"=hex:4b,47,de,23,27,d4,10,46,d9,ad,f5,81,a2,21,75,b1
.
Zeit der Fertigstellung: 2012-11-10 08:35:24
ComboFix-quarantined-files.txt 2012-11-10 07:35
.
Vor Suchlauf: 11 Verzeichnis(se), 668.587.327.488 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 668.519.837.696 Bytes frei
.
- - End Of File - - 01D3BA876EE19BA6E1484B0D8F98598B
Code:
ATTFilter ComboFix 12-11-09.02 - Felix Jung 10.11.2012 11:05:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.1930 [GMT 1:00]
ausgeführt von:: c:\users\Felix Jung\Desktop\Trojaner\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-10 bis 2012-11-10 ))))))))))))))))))))))))))))))
.
.
2012-11-10 10:08 . 2012-11-10 10:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-10 10:08 . 2012-11-10 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-08 16:13 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-08 16:12 . 2012-11-08 17:51 -------- d-----w- c:\programdata\AVAST Software
2012-11-08 16:12 . 2012-11-08 16:12 -------- d-----w- c:\program files\AVAST Software
2012-11-08 16:06 . 2011-11-21 14:13 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-11-08 16:06 . 2011-11-21 14:10 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-11-08 16:06 . 2011-11-21 14:10 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2012-11-08 16:06 . 2011-11-21 14:10 30016 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-11-08 16:06 . 2011-11-21 14:10 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-11-08 16:06 . 2012-11-08 16:10 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2010
2012-11-06 15:16 . 2012-11-06 15:16 -------- d-----w- c:\users\Felix Jung\AppData\Roaming\Malwarebytes
2012-11-06 15:16 . 2012-11-06 15:16 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 19:33 . 2012-08-29 13:11 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-14 08:31 . 2011-12-25 09:25 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-10-14 08:30 . 2011-12-25 09:25 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-10-14 08:30 . 2011-12-25 09:25 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-10 17:46 . 2011-07-18 20:31 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 07:37 . 2012-03-31 09:42 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 07:37 . 2011-08-10 19:09 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 12:40 . 2012-01-01 16:21 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 12:40 . 2012-01-01 16:21 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-14 19:19 . 2012-10-10 16:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 16:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 16:33 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 19:14 . 2012-09-14 13:28 9066344 ----a-w- c:\windows\system32\nvcuda.dll
2012-08-30 19:14 . 2012-09-14 13:28 7397736 ----a-w- c:\windows\system32\nvopencl.dll
2012-08-30 19:14 . 2012-09-14 13:28 2745192 ----a-w- c:\windows\system32\nvcuvid.dll
2012-08-30 19:14 . 2012-09-14 13:28 2216808 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-14 13:28 19828584 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-08-30 19:14 . 2012-09-14 13:28 1866088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-08-30 19:14 . 2012-09-14 13:28 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-08-30 19:14 . 2012-09-14 13:28 830312 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-08-30 19:14 . 2012-09-14 13:28 7626088 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-08-30 19:14 . 2012-09-14 13:28 6109032 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-08-30 19:14 . 2012-09-14 13:28 26228072 ----a-w- c:\windows\system32\nvoglv64.dll
2012-08-30 19:14 . 2012-09-14 13:28 2573672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-08-30 19:14 . 2012-09-14 13:28 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-08-30 19:14 . 2012-09-14 13:28 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-08-30 19:14 . 2012-09-14 13:28 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-08-30 19:14 . 2012-09-14 13:28 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-08-30 19:14 . 2012-09-14 13:28 18229096 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-08-30 19:14 . 2012-09-14 13:28 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-08-30 19:14 . 2012-09-14 13:28 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-08-30 19:14 . 2012-09-14 13:28 13391720 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-08-30 19:14 . 2011-09-05 22:23 2725224 ----a-w- c:\windows\system32\nvapi64.dll
2012-08-30 19:14 . 2011-09-05 22:23 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-08-30 19:14 . 2011-09-05 22:23 15291752 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-08-30 19:14 . 2011-09-05 22:23 14879080 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-08-30 19:14 . 2011-09-05 22:23 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-08-30 18:03 . 2012-10-10 16:33 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 16:33 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 16:33 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 16:18 . 2011-09-05 22:23 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-08-30 16:18 . 2011-09-05 22:23 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-08-30 16:18 . 2011-09-05 22:23 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-08-30 16:18 . 2011-09-05 22:23 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-08-30 16:18 . 2011-08-11 21:24 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
2012-08-30 16:18 . 2011-09-05 22:23 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-08-30 16:17 . 2011-09-05 22:23 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-08-24 18:05 . 2012-10-10 16:32 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 16:32 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 09:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 09:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 09:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 09:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 09:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 09:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 09:00 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 09:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 09:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 09:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 09:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 09:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 09:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 09:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 09:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 09:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 09:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 09:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 09:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 09:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 09:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 12:32 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 12:32 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 12:32 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 12:32 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 13:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 16:32 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 16:32 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 16:32 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 16:32 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 16:32 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 16:32 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 16:32 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 16:32 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 16:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files (x86)\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files (x86)\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 19:33 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files (x86)\blekkotb\blekkoDx.dll" [2012-01-17 86696]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Akamai NetSession Interface"="c:\users\Felix Jung\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"LogitechSoftwareUpdate"="c:\program files (x86)\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"T-Home Dialerschutz-Software"="c:\program files (x86)\T-Home\Dialerschutz-Software\Defender64.exe" [2010-03-29 1974408]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"LogitechVideoRepair"="c:\program files (x86)\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"LogitechVideoTray"="c:\program files (x86)\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2012-2-27 117344]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-12-24 300416]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2012-2-27 82944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2010-01-27 67456]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-12 1255736]
R3 wolf;wolf;c:\aeriagames\Wolfteam\avital\wolf64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys [2012-10-05 1385632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DFSVC;T-Home Dialerschutz Dienst;c:\program files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe [2009-10-21 376832]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-11-21 1403200]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-06-02 401896]
S3 DFSYS;T-Home Dialerschutz Hooking Treiber;c:\program files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS [2009-10-15 17952]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI64.sys [2009-10-15 28192]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - DFInjDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:37]
.
2012-11-10 c:\windows\Tasks\DMEPeriodicTask.job
- c:\program files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16 07:17]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 18:26]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-19 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={FEA2BABA-6249-4DFA-A079-05AC23FBB14F}&mid=914b326185a147d0a7d053eb48581c81-018354677d5828c8928ca0aa2ce148cd8a2bb2bf&lang=en&ds=qw011&pr=sa&d=2012-05-21 15:33&v=12.2.5.32&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;<local>
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Felix Jung\AppData\Roaming\Mozilla\Firefox\Profiles\zaxue1zp.default\
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - ExtSQL: !HIDDEN! 2011-12-28 14:48; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - 8aa069a5-ab72-4b00-af14-92c0924943e4
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-10 11:09:43
ComboFix-quarantined-files.txt 2012-11-10 10:09
ComboFix2.txt 2012-11-10 10:00
.
Vor Suchlauf: 14 Verzeichnis(se), 1.865.589.686.272 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 1.865.528.631.296 Bytes frei
.
- - End Of File - - 775D0F5AD72AC24BC1BE689B9F9B8A3B
|
|
10.11.2012, 15:43
| #8 |
| /// Malware-holic | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert kannst du bei beiden, mal in den verlauf von norton gucken, ob es fundmeldungen gab, wenn ja, welche, meldungen bitte als text
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2012, 15:58
| #9 |
| | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert Rechner 1: Code:
ATTFilter Kategorie:Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
06.11.2012 10:02:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.11.2012 17:27:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.10.2012 18:52:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.09.2012 09:44:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.08.2012 17:22:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.08.2012 10:58:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.07.2012 17:21:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.06.2012 19:22:28,Mittel,Adware.Mediafinder erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,
05.06.2012 18:19:34,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.06.2012 12:00:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.05.2012 21:03:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.05.2012 14:22:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.05.2012 20:20:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.04.2012 21:42:55,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.04.2012 16:30:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.04.2012 16:44:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2012 21:42:32,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.04.2012 15:19:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.03.2012 17:57:44,Mittel,strafrecht_fortgeschrittene_ss_12_uni_kiel.pdf.exe (Adware.Mediafinder) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\philipp\downloads\strafrecht_fortgeschrittene_ss_12_uni_kiel.pdf.exe
27.03.2012 22:14:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.03.2012 16:32:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.03.2012 16:57:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.03.2012 18:22:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
12.03.2012 14:49:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
03.03.2012 17:56:20,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.02.2012 21:44:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.02.2012 11:45:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.02.2012 19:04:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.02.2012 21:04:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.01.2012 16:13:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.01.2012 10:03:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.01.2012 11:35:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.01.2012 17:57:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.01.2012 19:07:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.01.2012 21:48:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.12.2011 13:38:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.12.2011 10:36:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.12.2011 21:45:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.12.2011 19:44:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.12.2011 20:43:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.12.2011 20:54:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.12.2011 16:17:15,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.11.2011 17:27:34,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.11.2011 16:21:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.11.2011 20:56:00,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
13.11.2011 20:55:16,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.11.2011 12:38:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.10.2011 10:06:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.10.2011 16:02:20,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.10.2011 15:16:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.10.2011 21:58:13,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
13.10.2011 18:58:30,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2011 13:58:22,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2011 09:50:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.10.2011 11:14:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.09.2011 18:59:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.09.2011 11:32:11,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.09.2011 21:24:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
03.09.2011 10:56:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
02.09.2011 09:32:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.09.2011 11:56:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.08.2011 21:35:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.08.2011 15:10:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
27.08.2011 11:36:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.08.2011 21:50:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.08.2011 20:49:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.08.2011 17:37:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.07.2011 17:39:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.07.2011 11:10:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.07.2011 19:46:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.07.2011 12:59:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.07.2011 21:53:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.06.2011 17:33:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.06.2011 13:24:23,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.06.2011 22:15:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.06.2011 21:01:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.05.2011 20:55:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.05.2011 19:24:16,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.05.2011 21:45:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.05.2011 21:55:14,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.04.2011 18:38:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.04.2011 16:45:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.04.2011 21:33:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.04.2011 19:29:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2011 16:27:15,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.04.2011 18:10:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.04.2011 14:23:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.04.2011 19:22:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.03.2011 13:54:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.03.2011 09:51:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.03.2011 18:02:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.03.2011 11:15:20,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.03.2011 09:25:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.03.2011 19:15:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.03.2011 16:25:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.03.2011 09:31:56,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.03.2011 21:48:10,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.03.2011 10:44:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.03.2011 19:22:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.03.2011 11:22:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.03.2011 17:59:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.03.2011 16:02:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.03.2011 22:44:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.03.2011 21:48:09,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.03.2011 18:56:10,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.03.2011 11:22:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 18:04:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 16:56:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 16:07:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.03.2011 12:11:22,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.02.2011 20:37:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.02.2011 18:25:00,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.02.2011 20:33:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.02.2011 17:33:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.02.2011 13:59:39,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.02.2011 17:19:05,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.02.2011 14:24:34,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.02.2011 21:05:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.02.2011 11:52:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.02.2011 18:20:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.02.2011 11:06:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.02.2011 14:02:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.02.2011 11:29:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.02.2011 16:59:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.02.2011 13:55:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
02.02.2011 19:10:14,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.02.2011 18:59:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.01.2011 14:00:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.01.2011 12:07:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.01.2011 18:23:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.01.2011 12:51:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.01.2011 21:46:56,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.01.2011 14:03:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.01.2011 21:25:40,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.01.2011 18:33:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.01.2011 14:31:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
19.01.2011 21:29:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.01.2011 18:46:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.01.2011 21:31:39,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.01.2011 14:11:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 17:50:41,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 16:16:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 15:21:38,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.12.2010 12:48:11,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.12.2010 22:26:04,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.12.2010 21:55:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.12.2010 20:31:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.12.2010 07:47:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.12.2010 17:36:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
12.12.2010 12:17:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.12.2010 18:29:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
11.12.2010 12:02:43,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.12.2010 11:20:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.12.2010 18:59:55,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.12.2010 16:34:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.12.2010 09:17:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.11.2010 23:03:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
29.11.2010 08:06:41,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.11.2010 17:44:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.11.2010 20:44:04,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.11.2010 18:35:33,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.11.2010 20:51:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.11.2010 09:44:56,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.11.2010 16:40:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.11.2010 20:41:40,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.11.2010 18:40:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.11.2010 20:41:30,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.10.2010 20:54:21,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.10.2010 16:29:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.10.2010 17:58:57,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.10.2010 09:31:48,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.10.2010 18:59:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.10.2010 13:48:17,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
22.10.2010 22:46:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
14.10.2010 21:38:13,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.10.2010 20:20:46,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.10.2010 09:36:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.10.2010 06:46:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2010 15:35:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.10.2010 10:07:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
|
|
10.11.2012, 16:03
| #10 |
| /// Malware-holic | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert gibts solch ein log auch für rechner 2?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2012, 16:06
| #11 |
| | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert Rechner 2: Code:
ATTFilter Kategorie:Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
08.11.2012 18:19,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Entfernt,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
08.11.2012 16:23,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.11.2012 16:05,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
06.11.2012 10:08,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.11.2012 20:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.10.2012 13:48,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
27.10.2012 09:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
18.10.2012 11:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.10.2012 10:50,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.09.2012 15:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
26.09.2012 20:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.09.2012 20:49,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.09.2012 10:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
07.09.2012 22:04,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.08.2012 16:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
20.08.2012 20:13,Hoch,setup(1).exe (Trojan.ADH.2) erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(1).exe
20.08.2012 15:58,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.08.2012 21:04,Hoch,setup.exe (Trojan.ADH.2) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup.exe
16.08.2012 20:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.08.2012 19:56,Hoch,Trojan.Gen.2 erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\locallow\sun\java\deployment\cache\6.0\55\2d405637-70a31286
08.08.2012 19:56,Hoch,Trojan.Gen.2 erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\locallow\sun\java\deployment\cache\6.0\48\56ee73f0-1a32f2e6
08.08.2012 16:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
03.08.2012 10:55,Hoch,{16190012-5679-3456-9101-468901346788}.exe (Trojan Horse) erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\temp\{16190012-5679-3456-9101-468901346788}.exe
24.07.2012 22:16,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
30.06.2012 21:22,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.06.2012 14:55,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
25.06.2012 14:55,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
25.06.2012 14:55,Mittel,setup(4).exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\setup(4).exe
23.06.2012 13:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.06.2012 19:28,Mittel,fut 12 generator.exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\fut 12 generator.exe
21.06.2012 19:26,Mittel,fifa_12_player_generator_2012.exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\fifa_12_player_generator_2012.exe
21.06.2012 16:29,Mittel,fifa_12_player_generator_2012.exe (WS.Reputation.1) erkannt von Downloadinfo,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\downloads\fifa_12_player_generator_2012.exe
16.06.2012 10:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
15.06.2012 19:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.06.2012 18:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.06.2012 17:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
25.05.2012 15:38,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.05.2012 20:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.05.2012 20:41,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.05.2012 18:59,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
10.05.2012 16:02,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.05.2012 20:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.05.2012 16:45,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.05.2012 18:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.04.2012 16:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
23.04.2012 18:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2012 16:27,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.04.2012 15:19,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
31.03.2012 14:41,Hoch,Trojan.Malscript!JS erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\mozilla\firefox\profiles\zaxue1zp.default\cache\8\a6\73e5cd01
31.03.2012 14:41,Hoch,Trojan.Malscript!JS erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\mozilla\firefox\profiles\zaxue1zp.default\cache\7\d9\768acd01
31.03.2012 14:40,Hoch,Trojan.Malscript!JS erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\felix jung\appdata\local\mozilla\firefox\profiles\zaxue1zp.default\cache\0\5f\32048d01
31.03.2012 13:37,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
24.03.2012 10:55,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.03.2012 21:44,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
09.03.2012 20:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.03.2012 19:07,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
21.02.2012 19:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
12.02.2012 19:29,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
05.02.2012 12:42,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
04.02.2012 17:43,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
28.01.2012 15:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
17.01.2012 15:26,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
16.01.2012 20:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
08.01.2012 18:53,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
01.01.2012 17:31,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich,
|
|
10.11.2012, 20:58
| #12 |
| /// Malware-holic | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert sieht auch ok aus. auf beiden pcs: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2012, 22:33
| #13 |
| | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert Rechner 1: Code:
ATTFilter 22:29:27.0247 3148 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:29:27.0653 3148 ============================================================
22:29:27.0653 3148 Current date / time: 2012/11/10 22:29:27.0653
22:29:27.0653 3148 SystemInfo:
22:29:27.0653 3148
22:29:27.0653 3148 OS Version: 6.0.6002 ServicePack: 2.0
22:29:27.0653 3148 Product type: Workstation
22:29:27.0653 3148 ComputerName: PHILIPP-PC
22:29:27.0653 3148 UserName: Philipp
22:29:27.0653 3148 Windows directory: C:\Windows
22:29:27.0653 3148 System windows directory: C:\Windows
22:29:27.0653 3148 Processor architecture: Intel x86
22:29:27.0653 3148 Number of processors: 4
22:29:27.0653 3148 Page size: 0x1000
22:29:27.0653 3148 Boot type: Normal boot
22:29:27.0653 3148 ============================================================
22:29:28.0214 3148 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:29:28.0214 3148 ============================================================
22:29:28.0214 3148 \Device\Harddisk0\DR0:
22:29:28.0214 3148 MBR partitions:
22:29:28.0214 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x71F04000
22:29:28.0245 3148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x71F0483F, BlocksNum 0x2801182
22:29:28.0245 3148 ============================================================
22:29:28.0308 3148 C: <-> \Device\Harddisk0\DR0\Partition1
22:29:28.0339 3148 D: <-> \Device\Harddisk0\DR0\Partition2
22:29:28.0339 3148 ============================================================
22:29:28.0339 3148 Initialize success
22:29:28.0339 3148 ============================================================
22:30:27.0869 4448 ============================================================
22:30:27.0869 4448 Scan started
22:30:27.0869 4448 Mode: Manual; SigCheck; TDLFS;
22:30:27.0869 4448 ============================================================
22:30:28.0196 4448 ================ Scan system memory ========================
22:30:28.0196 4448 System memory - ok
22:30:28.0196 4448 ================ Scan services =============================
22:30:28.0290 4448 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:30:28.0399 4448 ACPI - ok
22:30:28.0477 4448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:30:28.0477 4448 AdobeARMservice - ok
22:30:28.0539 4448 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:30:28.0555 4448 AdobeFlashPlayerUpdateSvc - ok
22:30:28.0571 4448 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:30:28.0602 4448 adp94xx - ok
22:30:28.0617 4448 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:30:28.0633 4448 adpahci - ok
22:30:28.0649 4448 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:30:28.0664 4448 adpu160m - ok
22:30:28.0680 4448 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:30:28.0695 4448 adpu320 - ok
22:30:28.0711 4448 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:30:28.0805 4448 AeLookupSvc - ok
22:30:28.0820 4448 [ E3F08935158038D385AD382442F4BB2D ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
22:30:28.0867 4448 AF15BDA - ok
22:30:28.0898 4448 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
22:30:28.0929 4448 AFD - ok
22:30:28.0945 4448 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:30:28.0961 4448 agp440 - ok
22:30:28.0976 4448 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:30:28.0992 4448 aic78xx - ok
22:30:28.0992 4448 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:30:29.0054 4448 ALG - ok
22:30:29.0085 4448 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:30:29.0085 4448 aliide - ok
22:30:29.0117 4448 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:30:29.0117 4448 amdagp - ok
22:30:29.0132 4448 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:30:29.0132 4448 amdide - ok
22:30:29.0148 4448 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:30:29.0179 4448 AmdK7 - ok
22:30:29.0195 4448 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:30:29.0226 4448 AmdK8 - ok
22:30:29.0241 4448 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:30:29.0273 4448 Appinfo - ok
22:30:29.0319 4448 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:30:29.0319 4448 arc - ok
22:30:29.0351 4448 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:30:29.0351 4448 arcsas - ok
22:30:29.0413 4448 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:30:29.0413 4448 aspnet_state - ok
22:30:29.0429 4448 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:30:29.0460 4448 AsyncMac - ok
22:30:29.0491 4448 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
22:30:29.0491 4448 atapi - ok
22:30:29.0522 4448 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:30:29.0553 4448 AudioEndpointBuilder - ok
22:30:29.0553 4448 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:30:29.0585 4448 Audiosrv - ok
22:30:29.0616 4448 [ 7C813EB232C7AEFA627A12A104DDA221 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
22:30:29.0631 4448 Automatic LiveUpdate Scheduler - ok
22:30:29.0647 4448 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:30:29.0678 4448 Beep - ok
22:30:29.0709 4448 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
22:30:29.0741 4448 BFE - ok
22:30:29.0850 4448 [ 684B12018A54ADC1F856372EC5762B48 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121030.002\BHDrvx86.sys
22:30:29.0912 4448 BHDrvx86 - ok
22:30:29.0943 4448 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
22:30:29.0990 4448 BITS - ok
22:30:30.0021 4448 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:30:30.0053 4448 blbdrive - ok
22:30:30.0068 4448 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:30:30.0099 4448 bowser - ok
22:30:30.0115 4448 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:30:30.0146 4448 BrFiltLo - ok
22:30:30.0162 4448 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:30:30.0193 4448 BrFiltUp - ok
22:30:30.0209 4448 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:30:30.0240 4448 Browser - ok
22:30:30.0255 4448 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:30:30.0365 4448 Brserid - ok
22:30:30.0380 4448 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:30:30.0427 4448 BrSerWdm - ok
22:30:30.0458 4448 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:30:30.0505 4448 BrUsbMdm - ok
22:30:30.0505 4448 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:30:30.0552 4448 BrUsbSer - ok
22:30:30.0567 4448 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:30:30.0614 4448 BTHMODEM - ok
22:30:30.0692 4448 catchme - ok
22:30:30.0755 4448 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_N360 C:\Windows\system32\drivers\N360\0604000.009\ccSetx86.sys
22:30:30.0755 4448 ccSet_N360 - ok
22:30:30.0770 4448 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:30:30.0801 4448 cdfs - ok
22:30:30.0817 4448 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:30:30.0848 4448 cdrom - ok
22:30:30.0864 4448 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:30:30.0895 4448 CertPropSvc - ok
22:30:30.0911 4448 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
22:30:30.0942 4448 circlass - ok
22:30:30.0957 4448 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
22:30:30.0973 4448 CLFS - ok
22:30:30.0989 4448 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:30:31.0004 4448 clr_optimization_v2.0.50727_32 - ok
22:30:31.0051 4448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:30:31.0067 4448 clr_optimization_v4.0.30319_32 - ok
22:30:31.0082 4448 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:30:31.0082 4448 cmdide - ok
22:30:31.0129 4448 [ 091A2D76A1FFFA523CD453CBABC4078D ] ColorZillaStatsUpdater C:\Users\Philipp\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
22:30:31.0129 4448 ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - warning
22:30:31.0129 4448 ColorZillaStatsUpdater - detected UnsignedFile.Multi.Generic (1)
22:30:31.0145 4448 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:30:31.0160 4448 Compbatt - ok
22:30:31.0160 4448 COMSysApp - ok
22:30:31.0176 4448 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:30:31.0191 4448 crcdisk - ok
22:30:31.0207 4448 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:30:31.0238 4448 Crusoe - ok
22:30:31.0269 4448 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:30:31.0301 4448 CryptSvc - ok
22:30:31.0332 4448 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:30:31.0410 4448 DcomLaunch - ok
22:30:31.0441 4448 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:30:31.0472 4448 DfsC - ok
22:30:31.0535 4448 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
22:30:31.0613 4448 DFSR - ok
22:30:31.0628 4448 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:30:31.0644 4448 Dhcp - ok
22:30:31.0675 4448 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
22:30:31.0691 4448 disk - ok
22:30:31.0706 4448 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:30:31.0737 4448 Dnscache - ok
22:30:31.0753 4448 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:30:31.0784 4448 dot3svc - ok
22:30:31.0800 4448 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:30:31.0847 4448 Dot4 - ok
22:30:31.0847 4448 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:30:31.0878 4448 Dot4Print - ok
22:30:31.0893 4448 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:30:31.0909 4448 dot4usb - ok
22:30:31.0940 4448 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:30:31.0987 4448 DPS - ok
22:30:32.0003 4448 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:30:32.0018 4448 drmkaud - ok
22:30:32.0049 4448 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:30:32.0081 4448 DXGKrnl - ok
22:30:32.0096 4448 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
22:30:32.0112 4448 e1express - ok
22:30:32.0143 4448 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:30:32.0174 4448 E1G60 - ok
22:30:32.0205 4448 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:30:32.0221 4448 EapHost - ok
22:30:32.0252 4448 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:30:32.0252 4448 Ecache - ok
22:30:32.0299 4448 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:30:32.0315 4448 eeCtrl - ok
22:30:32.0346 4448 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:30:32.0377 4448 ehRecvr - ok
22:30:32.0393 4448 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
22:30:32.0408 4448 ehSched - ok
22:30:32.0424 4448 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
22:30:32.0439 4448 ehstart - ok
22:30:32.0471 4448 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:30:32.0502 4448 elxstor - ok
22:30:32.0549 4448 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:30:32.0642 4448 EMDMgmt - ok
22:30:32.0673 4448 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:30:32.0689 4448 EraserUtilRebootDrv - ok
22:30:32.0705 4448 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:30:32.0736 4448 ErrDev - ok
22:30:32.0783 4448 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
22:30:32.0845 4448 EventSystem - ok
22:30:32.0861 4448 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
22:30:32.0907 4448 exfat - ok
22:30:32.0923 4448 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:30:32.0939 4448 fastfat - ok
22:30:32.0970 4448 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:30:32.0985 4448 fdc - ok
22:30:33.0017 4448 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:30:33.0032 4448 fdPHost - ok
22:30:33.0032 4448 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:30:33.0079 4448 FDResPub - ok
22:30:33.0095 4448 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:30:33.0110 4448 FileInfo - ok
22:30:33.0110 4448 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:30:33.0141 4448 Filetrace - ok
22:30:33.0141 4448 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:30:33.0173 4448 flpydisk - ok
22:30:33.0188 4448 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:30:33.0204 4448 FltMgr - ok
22:30:33.0235 4448 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
22:30:33.0266 4448 FontCache - ok
22:30:33.0329 4448 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:30:33.0329 4448 FontCache3.0.0.0 - ok
22:30:33.0360 4448 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:30:33.0391 4448 Fs_Rec - ok
22:30:33.0407 4448 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:30:33.0422 4448 gagp30kx - ok
22:30:33.0438 4448 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:30:33.0469 4448 gpsvc - ok
22:30:33.0485 4448 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:30:33.0500 4448 hamachi - ok
22:30:33.0531 4448 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:30:33.0563 4448 HdAudAddService - ok
22:30:33.0594 4448 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:30:33.0625 4448 HDAudBus - ok
22:30:33.0641 4448 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:30:33.0687 4448 HidBth - ok
22:30:33.0703 4448 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
22:30:33.0734 4448 HidIr - ok
22:30:33.0750 4448 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
22:30:33.0781 4448 hidserv - ok
22:30:33.0797 4448 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:30:33.0828 4448 HidUsb - ok
22:30:33.0859 4448 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:30:33.0890 4448 hkmsvc - ok
22:30:33.0906 4448 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:30:33.0921 4448 HpCISSs - ok
22:30:33.0984 4448 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:30:33.0999 4448 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:30:33.0999 4448 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:30:34.0015 4448 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:30:34.0031 4448 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:30:34.0031 4448 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:30:34.0046 4448 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:30:34.0093 4448 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:30:34.0093 4448 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:30:34.0140 4448 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:30:34.0187 4448 HTTP - ok
22:30:34.0218 4448 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:30:34.0218 4448 i2omp - ok
22:30:34.0249 4448 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:30:34.0280 4448 i8042prt - ok
22:30:34.0311 4448 [ 9BCF5972C941B4B5CB60DED03CB9E300 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:30:34.0343 4448 IAANTMON - ok
22:30:34.0374 4448 [ 28AAE599496B4930B3F19026F2083BC4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:30:34.0389 4448 iaStor - ok
22:30:34.0421 4448 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:30:34.0436 4448 iaStorV - ok
22:30:34.0483 4448 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:30:34.0530 4448 idsvc - ok
22:30:34.0608 4448 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121109.001\IDSvix86.sys
22:30:34.0623 4448 IDSVix86 - ok
22:30:34.0639 4448 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:30:34.0655 4448 iirsp - ok
22:30:34.0686 4448 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:30:34.0764 4448 IKEEXT - ok
22:30:34.0826 4448 [ 2790CC09422B6BEDAE9825AE289E9BB7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:30:34.0998 4448 IntcAzAudAddService - ok
22:30:35.0029 4448 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
22:30:35.0045 4448 intelide - ok
22:30:35.0060 4448 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:30:35.0107 4448 intelppm - ok
22:30:35.0123 4448 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:30:35.0154 4448 IPBusEnum - ok
22:30:35.0169 4448 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:30:35.0201 4448 IpFilterDriver - ok
22:30:35.0216 4448 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:30:35.0263 4448 iphlpsvc - ok
22:30:35.0263 4448 IpInIp - ok
22:30:35.0279 4448 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:30:35.0310 4448 IPMIDRV - ok
22:30:35.0310 4448 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:30:35.0341 4448 IPNAT - ok
22:30:35.0357 4448 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:30:35.0388 4448 IRENUM - ok
22:30:35.0388 4448 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:30:35.0403 4448 isapnp - ok
22:30:35.0435 4448 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:30:35.0450 4448 iScsiPrt - ok
22:30:35.0466 4448 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:30:35.0466 4448 iteatapi - ok
22:30:35.0481 4448 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:30:35.0497 4448 iteraid - ok
22:30:35.0497 4448 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:30:35.0513 4448 kbdclass - ok
22:30:35.0528 4448 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:30:35.0559 4448 kbdhid - ok
22:30:35.0575 4448 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
22:30:35.0606 4448 KeyIso - ok
22:30:35.0622 4448 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:30:35.0653 4448 KSecDD - ok
22:30:35.0684 4448 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:30:35.0731 4448 KtmRm - ok
22:30:35.0762 4448 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
22:30:35.0793 4448 LanmanServer - ok
22:30:35.0825 4448 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:30:35.0856 4448 LanmanWorkstation - ok
22:30:35.0887 4448 [ 9188D073CD14F886790D6037D1986063 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:30:35.0887 4448 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:30:35.0887 4448 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:30:35.0903 4448 LiveUpdate - ok
22:30:35.0903 4448 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:30:35.0934 4448 lltdio - ok
22:30:35.0965 4448 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:30:35.0996 4448 lltdsvc - ok
22:30:36.0012 4448 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:30:36.0043 4448 lmhosts - ok
22:30:36.0059 4448 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:30:36.0074 4448 LSI_FC - ok
22:30:36.0090 4448 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:30:36.0105 4448 LSI_SAS - ok
22:30:36.0105 4448 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:30:36.0121 4448 LSI_SCSI - ok
22:30:36.0137 4448 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:30:36.0168 4448 luafv - ok
22:30:36.0168 4448 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:30:36.0199 4448 Mcx2Svc - ok
22:30:36.0199 4448 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:30:36.0215 4448 megasas - ok
22:30:36.0230 4448 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:30:36.0261 4448 MegaSR - ok
22:30:36.0308 4448 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:30:36.0324 4448 MMCSS - ok
22:30:36.0371 4448 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:30:36.0402 4448 Modem - ok
22:30:36.0417 4448 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:30:36.0449 4448 monitor - ok
22:30:36.0464 4448 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:30:36.0480 4448 mouclass - ok
22:30:36.0480 4448 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:30:36.0511 4448 mouhid - ok
22:30:36.0527 4448 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:30:36.0542 4448 MountMgr - ok
22:30:36.0573 4448 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:30:36.0589 4448 MozillaMaintenance - ok
22:30:36.0605 4448 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:30:36.0605 4448 mpio - ok
22:30:36.0620 4448 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:30:36.0651 4448 mpsdrv - ok
22:30:36.0683 4448 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
22:30:36.0714 4448 MpsSvc - ok
22:30:36.0729 4448 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:30:36.0776 4448 Mraid35x - ok
22:30:36.0792 4448 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:30:36.0823 4448 MRxDAV - ok
22:30:36.0839 4448 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:30:36.0854 4448 mrxsmb - ok
22:30:36.0885 4448 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:30:36.0901 4448 mrxsmb10 - ok
22:30:36.0917 4448 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:30:36.0932 4448 mrxsmb20 - ok
22:30:36.0948 4448 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
22:30:36.0963 4448 msahci - ok
22:30:36.0995 4448 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:30:37.0010 4448 msdsm - ok
22:30:37.0010 4448 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:30:37.0041 4448 MSDTC - ok
22:30:37.0057 4448 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:30:37.0088 4448 Msfs - ok
22:30:37.0104 4448 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:30:37.0104 4448 msisadrv - ok
22:30:37.0135 4448 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:30:37.0151 4448 MSiSCSI - ok
22:30:37.0166 4448 msiserver - ok
22:30:37.0166 4448 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:30:37.0213 4448 MSKSSRV - ok
22:30:37.0213 4448 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:30:37.0244 4448 MSPCLOCK - ok
22:30:37.0260 4448 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:30:37.0291 4448 MSPQM - ok
22:30:37.0307 4448 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:30:37.0322 4448 MsRPC - ok
22:30:37.0338 4448 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:30:37.0353 4448 mssmbios - ok
22:30:37.0353 4448 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:30:37.0369 4448 MSTEE - ok
22:30:37.0385 4448 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
22:30:37.0400 4448 Mup - ok
22:30:37.0447 4448 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
22:30:37.0447 4448 N360 - ok
22:30:37.0494 4448 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
22:30:37.0509 4448 napagent - ok
22:30:37.0541 4448 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:30:37.0556 4448 NativeWifiP - ok
22:30:37.0603 4448 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121109.020\NAVENG.SYS
22:30:37.0619 4448 NAVENG - ok
22:30:37.0712 4448 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121109.020\NAVEX15.SYS
22:30:37.0759 4448 NAVEX15 - ok
22:30:37.0790 4448 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:30:37.0837 4448 NDIS - ok
22:30:37.0884 4448 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:30:37.0899 4448 NdisTapi - ok
22:30:37.0931 4448 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:30:37.0946 4448 Ndisuio - ok
22:30:37.0993 4448 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:30:38.0040 4448 NdisWan - ok
22:30:38.0040 4448 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:30:38.0055 4448 NDProxy - ok
22:30:38.0087 4448 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:30:38.0102 4448 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:30:38.0102 4448 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:30:38.0118 4448 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:30:38.0149 4448 NetBIOS - ok
22:30:38.0180 4448 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:30:38.0211 4448 netbt - ok
22:30:38.0227 4448 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
22:30:38.0243 4448 Netlogon - ok
22:30:38.0258 4448 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:30:38.0289 4448 Netman - ok
22:30:38.0305 4448 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:30:38.0336 4448 netprofm - ok
22:30:38.0367 4448 [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
22:30:38.0430 4448 netr28u - ok
22:30:38.0445 4448 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:30:38.0461 4448 NetTcpPortSharing - ok
22:30:38.0477 4448 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:30:38.0492 4448 nfrd960 - ok
22:30:38.0508 4448 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:30:38.0539 4448 NlaSvc - ok
22:30:38.0539 4448 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:30:38.0570 4448 Npfs - ok
22:30:38.0586 4448 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:30:38.0617 4448 nsi - ok
22:30:38.0633 4448 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:30:38.0664 4448 nsiproxy - ok
22:30:38.0711 4448 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:30:38.0742 4448 Ntfs - ok
22:30:38.0773 4448 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:30:38.0804 4448 ntrigdigi - ok
22:30:38.0820 4448 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:30:38.0851 4448 Null - ok
22:30:39.0319 4448 [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:30:39.0615 4448 nvlddmkm - ok
22:30:39.0662 4448 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:30:39.0678 4448 nvraid - ok
22:30:39.0678 4448 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:30:39.0693 4448 nvstor - ok
22:30:39.0725 4448 [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc C:\Windows\system32\nvvsvc.exe
22:30:39.0756 4448 nvsvc - ok
22:30:40.0005 4448 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:30:40.0052 4448 nvUpdatusService - ok
22:30:40.0083 4448 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:30:40.0099 4448 nv_agp - ok
22:30:40.0099 4448 NwlnkFlt - ok
22:30:40.0115 4448 NwlnkFwd - ok
22:30:40.0130 4448 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:30:40.0161 4448 ohci1394 - ok
22:30:40.0193 4448 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:30:40.0302 4448 p2pimsvc - ok
22:30:40.0317 4448 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:30:40.0333 4448 p2psvc - ok
22:30:40.0395 4448 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:30:40.0442 4448 Parport - ok
22:30:40.0458 4448 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:30:40.0473 4448 partmgr - ok
22:30:40.0489 4448 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:30:40.0536 4448 Parvdm - ok
22:30:40.0567 4448 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:30:40.0598 4448 PcaSvc - ok
22:30:40.0614 4448 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
22:30:40.0629 4448 pci - ok
22:30:40.0645 4448 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
22:30:40.0661 4448 pciide - ok
22:30:40.0661 4448 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:30:40.0676 4448 pcmcia - ok
22:30:40.0707 4448 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:30:40.0770 4448 PEAUTH - ok
22:30:40.0879 4448 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:30:40.0941 4448 pla - ok
22:30:40.0957 4448 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:30:40.0988 4448 PlugPlay - ok
22:30:41.0004 4448 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:30:41.0019 4448 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:30:41.0019 4448 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:30:41.0051 4448 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
22:30:41.0051 4448 PnkBstrA - ok
22:30:41.0082 4448 [ 9A386EC60A166DF66205343CA12C6B86 ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
22:30:41.0097 4448 PnkBstrB - ok
22:30:41.0113 4448 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:30:41.0144 4448 PNRPAutoReg - ok
22:30:41.0144 4448 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:30:41.0175 4448 PNRPsvc - ok
22:30:41.0191 4448 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:30:41.0238 4448 PolicyAgent - ok
22:30:41.0269 4448 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:30:41.0300 4448 PptpMiniport - ok
22:30:41.0316 4448 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
22:30:41.0331 4448 Processor - ok
22:30:41.0347 4448 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:30:41.0378 4448 ProfSvc - ok
22:30:41.0394 4448 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:30:41.0409 4448 ProtectedStorage - ok
22:30:41.0425 4448 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
22:30:41.0441 4448 ProtexisLicensing - ok
22:30:41.0472 4448 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:30:41.0503 4448 PSched - ok
22:30:41.0534 4448 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:30:41.0565 4448 ql2300 - ok
22:30:41.0581 4448 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:30:41.0597 4448 ql40xx - ok
22:30:41.0612 4448 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:30:41.0628 4448 QWAVE - ok
22:30:41.0643 4448 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:30:41.0659 4448 QWAVEdrv - ok
22:30:41.0675 4448 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:30:41.0690 4448 RasAcd - ok
22:30:41.0706 4448 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:30:41.0737 4448 RasAuto - ok
22:30:41.0753 4448 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:30:41.0768 4448 Rasl2tp - ok
22:30:41.0784 4448 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
22:30:41.0831 4448 RasMan - ok
22:30:41.0846 4448 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:30:41.0862 4448 RasPppoe - ok
22:30:41.0862 4448 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:30:41.0877 4448 RasSstp - ok
22:30:41.0893 4448 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:30:41.0924 4448 rdbss - ok
22:30:41.0940 4448 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:30:41.0971 4448 RDPCDD - ok
22:30:41.0987 4448 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:30:42.0018 4448 rdpdr - ok
22:30:42.0018 4448 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:30:42.0049 4448 RDPENCDD - ok
22:30:42.0049 4448 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:30:42.0080 4448 RDPWD - ok
22:30:42.0111 4448 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:30:42.0127 4448 RemoteAccess - ok
22:30:42.0158 4448 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:30:42.0189 4448 RemoteRegistry - ok
22:30:42.0221 4448 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
22:30:42.0236 4448 RichVideo - ok
22:30:42.0252 4448 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:30:42.0267 4448 RpcLocator - ok
22:30:42.0283 4448 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
22:30:42.0314 4448 RpcSs - ok
22:30:42.0330 4448 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:30:42.0361 4448 rspndr - ok
22:30:42.0377 4448 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
22:30:42.0392 4448 SamSs - ok
22:30:42.0408 4448 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:30:42.0423 4448 sbp2port - ok
22:30:42.0439 4448 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:30:42.0455 4448 SCardSvr - ok
22:30:42.0501 4448 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
22:30:42.0579 4448 Schedule - ok
22:30:42.0611 4448 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:30:42.0626 4448 SCPolicySvc - ok
22:30:42.0689 4448 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:30:42.0735 4448 SDRSVC - ok
22:30:42.0751 4448 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:30:42.0798 4448 secdrv - ok
22:30:42.0813 4448 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:30:42.0829 4448 seclogon - ok
22:30:42.0845 4448 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
22:30:42.0876 4448 SENS - ok
22:30:42.0891 4448 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:30:42.0907 4448 Serenum - ok
22:30:42.0923 4448 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:30:42.0954 4448 Serial - ok
22:30:42.0969 4448 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:30:43.0001 4448 sermouse - ok
22:30:43.0032 4448 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:30:43.0047 4448 SessionEnv - ok
22:30:43.0063 4448 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:30:43.0079 4448 sffdisk - ok
22:30:43.0094 4448 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:30:43.0125 4448 sffp_mmc - ok
22:30:43.0125 4448 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:30:43.0157 4448 sffp_sd - ok
22:30:43.0172 4448 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:30:43.0219 4448 sfloppy - ok
22:30:43.0235 4448 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:30:43.0250 4448 SharedAccess - ok
22:30:43.0281 4448 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:30:43.0313 4448 ShellHWDetection - ok
22:30:43.0344 4448 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:30:43.0359 4448 sisagp - ok
22:30:43.0375 4448 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:30:43.0375 4448 SiSRaid2 - ok
22:30:43.0391 4448 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:30:43.0406 4448 SiSRaid4 - ok
22:30:43.0437 4448 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:30:43.0453 4448 SkypeUpdate - ok
22:30:43.0515 4448 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
22:30:43.0609 4448 slsvc - ok
22:30:43.0671 4448 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:30:43.0703 4448 SLUINotify - ok
22:30:43.0718 4448 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:30:43.0749 4448 Smb - ok
22:30:43.0765 4448 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:30:43.0796 4448 SNMPTRAP - ok
22:30:43.0812 4448 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:30:43.0812 4448 spldr - ok
22:30:43.0843 4448 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
22:30:43.0874 4448 Spooler - ok
22:30:43.0921 4448 [ 73205BD9A388639C210636793FE3FD61 ] sptd C:\Windows\System32\Drivers\sptd.sys
22:30:43.0952 4448 sptd - ok
22:30:44.0046 4448 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\N360\0604000.009\SRTSP.SYS
22:30:44.0077 4448 SRTSP - ok
22:30:44.0093 4448 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\N360\0604000.009\SRTSPX.SYS
22:30:44.0108 4448 SRTSPX - ok
22:30:44.0139 4448 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:30:44.0171 4448 srv - ok
22:30:44.0186 4448 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:30:44.0202 4448 srv2 - ok
22:30:44.0217 4448 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:30:44.0233 4448 srvnet - ok
22:30:44.0264 4448 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:30:44.0295 4448 SSDPSRV - ok
22:30:44.0295 4448 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:30:44.0311 4448 SstpSvc - ok
22:30:44.0405 4448 [ AB2B9349ADA4AC5EC74B622B8303FE23 ] StarWindService C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
22:30:44.0420 4448 StarWindService ( UnsignedFile.Multi.Generic ) - warning
22:30:44.0420 4448 StarWindService - detected UnsignedFile.Multi.Generic (1)
22:30:44.0420 4448 Steam Client Service - ok
22:30:44.0483 4448 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:30:44.0514 4448 Stereo Service - ok
22:30:44.0545 4448 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:30:44.0576 4448 StillCam - ok
22:30:44.0639 4448 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
22:30:44.0685 4448 stisvc - ok
22:30:44.0717 4448 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:30:44.0732 4448 swenum - ok
22:30:44.0763 4448 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
22:30:44.0826 4448 swprv - ok
22:30:44.0826 4448 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:30:44.0841 4448 Symc8xx - ok
22:30:44.0857 4448 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\N360\0604000.009\SYMDS.SYS
22:30:44.0873 4448 SymDS - ok
22:30:44.0904 4448 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\N360\0604000.009\SYMEFA.SYS
22:30:44.0966 4448 SymEFA - ok
22:30:44.0997 4448 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
22:30:45.0013 4448 SymEvent - ok
22:30:45.0013 4448 SymIMMP - ok
22:30:45.0044 4448 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\N360\0604000.009\Ironx86.SYS
22:30:45.0044 4448 SymIRON - ok
22:30:45.0075 4448 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\N360\0604000.009\SYMTDIV.SYS
22:30:45.0091 4448 SYMTDIv - ok
22:30:45.0107 4448 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:30:45.0122 4448 Sym_hi - ok
22:30:45.0138 4448 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:30:45.0138 4448 Sym_u3 - ok
22:30:45.0169 4448 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
22:30:45.0216 4448 SysMain - ok
22:30:45.0231 4448 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:30:45.0247 4448 TabletInputService - ok
22:30:45.0278 4448 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:30:45.0325 4448 TapiSrv - ok
22:30:45.0356 4448 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:30:45.0387 4448 TBS - ok
22:30:45.0434 4448 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:30:45.0481 4448 Tcpip - ok
22:30:45.0497 4448 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:30:45.0559 4448 Tcpip6 - ok
22:30:45.0590 4448 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:30:45.0621 4448 tcpipreg - ok
22:30:45.0668 4448 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:30:45.0715 4448 TDPIPE - ok
22:30:45.0731 4448 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:30:45.0762 4448 TDTCP - ok
22:30:45.0777 4448 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:30:45.0809 4448 tdx - ok
22:30:45.0824 4448 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:30:45.0824 4448 TermDD - ok
22:30:45.0840 4448 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
22:30:45.0871 4448 TermService - ok
22:30:45.0887 4448 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
22:30:45.0902 4448 Themes - ok
22:30:45.0902 4448 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:30:45.0933 4448 THREADORDER - ok
22:30:45.0949 4448 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:30:45.0996 4448 TrkWks - ok
22:30:46.0043 4448 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:30:46.0058 4448 TrustedInstaller - ok
22:30:46.0074 4448 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:30:46.0105 4448 tssecsrv - ok
22:30:46.0152 4448 [ C1A64414DB4E49D41D9DF9359ED9369B ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
22:30:46.0183 4448 TuneUp.Defrag - ok
22:30:46.0214 4448 [ DC653CF2D70827C4EBC2B157DA25CF57 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
22:30:46.0245 4448 TuneUp.UtilitiesSvc - ok
22:30:46.0261 4448 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
22:30:46.0277 4448 TuneUpUtilitiesDrv - ok
22:30:46.0292 4448 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:30:46.0323 4448 tunmp - ok
22:30:46.0339 4448 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:30:46.0355 4448 tunnel - ok
22:30:46.0370 4448 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:30:46.0370 4448 uagp35 - ok
22:30:46.0386 4448 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:30:46.0417 4448 udfs - ok
22:30:46.0433 4448 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:30:46.0464 4448 UI0Detect - ok
22:30:46.0479 4448 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:30:46.0495 4448 uliagpkx - ok
22:30:46.0511 4448 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:30:46.0526 4448 uliahci - ok
22:30:46.0526 4448 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:30:46.0542 4448 UlSata - ok
22:30:46.0542 4448 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:30:46.0557 4448 ulsata2 - ok
22:30:46.0573 4448 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:30:46.0589 4448 umbus - ok
22:30:46.0604 4448 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:30:46.0635 4448 upnphost - ok
22:30:46.0667 4448 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:30:46.0682 4448 usbaudio - ok
22:30:46.0698 4448 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:30:46.0713 4448 usbccgp - ok
22:30:46.0729 4448 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:30:46.0776 4448 usbcir - ok
22:30:46.0791 4448 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:30:46.0807 4448 usbehci - ok
22:30:46.0823 4448 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:30:46.0838 4448 usbhub - ok
22:30:46.0854 4448 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:30:46.0885 4448 usbohci - ok
22:30:46.0901 4448 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:30:46.0932 4448 usbprint - ok
22:30:46.0947 4448 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:30:46.0963 4448 usbscan - ok
22:30:46.0979 4448 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:30:47.0010 4448 USBSTOR - ok
22:30:47.0025 4448 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:30:47.0057 4448 usbuhci - ok
22:30:47.0072 4448 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
22:30:47.0088 4448 UxSms - ok
22:30:47.0103 4448 [ DC2172ACCB384C6A3D59342050422102 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
22:30:47.0119 4448 UxTuneUp - ok
22:30:47.0135 4448 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
22:30:47.0181 4448 vds - ok
22:30:47.0228 4448 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:30:47.0259 4448 vga - ok
22:30:47.0275 4448 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:30:47.0291 4448 VgaSave - ok
22:30:47.0322 4448 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:30:47.0322 4448 viaagp - ok
22:30:47.0337 4448 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:30:47.0353 4448 ViaC7 - ok
22:30:47.0384 4448 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:30:47.0400 4448 viaide - ok
22:30:47.0415 4448 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:30:47.0431 4448 volmgr - ok
22:30:47.0462 4448 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:30:47.0478 4448 volmgrx - ok
22:30:47.0493 4448 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:30:47.0509 4448 volsnap - ok
22:30:47.0525 4448 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:30:47.0540 4448 vsmraid - ok
22:30:47.0556 4448 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
22:30:47.0634 4448 VSS - ok
22:30:47.0681 4448 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
22:30:47.0712 4448 W32Time - ok
22:30:47.0727 4448 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:30:47.0774 4448 WacomPen - ok
22:30:47.0774 4448 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:30:47.0805 4448 Wanarp - ok
22:30:47.0805 4448 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:30:47.0821 4448 Wanarpv6 - ok
22:30:47.0852 4448 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:30:47.0883 4448 wcncsvc - ok
22:30:47.0915 4448 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:30:47.0930 4448 WcsPlugInService - ok
22:30:47.0946 4448 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:30:47.0961 4448 Wd - ok
22:30:47.0977 4448 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:30:48.0024 4448 Wdf01000 - ok
22:30:48.0055 4448 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:30:48.0086 4448 WdiServiceHost - ok
22:30:48.0086 4448 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:30:48.0102 4448 WdiSystemHost - ok
22:30:48.0149 4448 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
22:30:48.0164 4448 WebClient - ok
22:30:48.0180 4448 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:30:48.0211 4448 Wecsvc - ok
22:30:48.0242 4448 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:30:48.0273 4448 wercplsupport - ok
22:30:48.0289 4448 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:30:48.0305 4448 WerSvc - ok
22:30:48.0336 4448 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:30:48.0351 4448 WinDefend - ok
22:30:48.0367 4448 WinHttpAutoProxySvc - ok
22:30:48.0398 4448 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:30:48.0414 4448 Winmgmt - ok
22:30:48.0461 4448 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:30:48.0539 4448 WinRM - ok
22:30:48.0601 4448 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:30:48.0663 4448 Wlansvc - ok
22:30:48.0695 4448 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:30:48.0710 4448 WmiAcpi - ok
22:30:48.0726 4448 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:30:48.0757 4448 wmiApSrv - ok
22:30:48.0788 4448 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:30:48.0882 4448 WMPNetworkSvc - ok
22:30:48.0897 4448 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:30:48.0975 4448 WPCSvc - ok
22:30:48.0991 4448 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:30:49.0007 4448 WPDBusEnum - ok
22:30:49.0038 4448 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:30:49.0053 4448 WpdUsb - ok
22:30:49.0085 4448 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:30:49.0116 4448 WPFFontCache_v0400 - ok
22:30:49.0147 4448 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:30:49.0163 4448 ws2ifsl - ok
22:30:49.0178 4448 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
22:30:49.0209 4448 wscsvc - ok
22:30:49.0209 4448 WSearch - ok
22:30:49.0350 4448 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:30:49.0412 4448 wuauserv - ok
22:30:49.0443 4448 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:30:49.0475 4448 WUDFRd - ok
22:30:49.0490 4448 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:30:49.0521 4448 wudfsvc - ok
22:30:49.0568 4448 [ 556B5CFE8D21B256ADD7F87D7F4B4123 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files\HomeCinema\PowerDVD9\000.fcl
22:30:49.0584 4448 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
22:30:49.0584 4448 ================ Scan global ===============================
22:30:49.0631 4448 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:30:49.0646 4448 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:30:49.0662 4448 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:30:49.0677 4448 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:30:49.0677 4448 [Global] - ok
22:30:49.0677 4448 ================ Scan MBR ==================================
22:30:49.0693 4448 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:30:50.0520 4448 \Device\Harddisk0\DR0 - ok
22:30:50.0520 4448 ================ Scan VBR ==================================
22:30:50.0551 4448 [ AB3E16EE174C667656F7EE64C93D7D5B ] \Device\Harddisk0\DR0\Partition1
22:30:50.0551 4448 \Device\Harddisk0\DR0\Partition1 - ok
22:30:50.0567 4448 [ 68BCB801FBBA89978B72A6524480AB30 ] \Device\Harddisk0\DR0\Partition2
22:30:50.0567 4448 \Device\Harddisk0\DR0\Partition2 - ok
22:30:50.0567 4448 ============================================================
22:30:50.0567 4448 Scan finished
22:30:50.0567 4448 ============================================================
22:30:50.0567 5860 Detected object count: 8
22:30:50.0567 5860 Actual detected object count: 8
22:31:15.0573 5860 ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0573 5860 ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:15.0573 5860 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0573 5860 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:15.0589 5860 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:15.0589 5860 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:15.0589 5860 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:15.0589 5860 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:15.0589 5860 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:31:15.0589 5860 StarWindService ( UnsignedFile.Multi.Generic ) - skipped by user
22:31:15.0589 5860 StarWindService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.11.2012, 22:37
| #14 |
| | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert Rechner 2: Code:
ATTFilter 22:39:24.0713 7120 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:39:24.0953 7120 ============================================================
22:39:24.0953 7120 Current date / time: 2012/11/10 22:39:24.0953
22:39:24.0953 7120 SystemInfo:
22:39:24.0953 7120
22:39:24.0953 7120 OS Version: 6.1.7601 ServicePack: 1.0
22:39:24.0953 7120 Product type: Workstation
22:39:24.0953 7120 ComputerName: FELIXJUNG
22:39:24.0953 7120 UserName: Felix Jung
22:39:24.0953 7120 Windows directory: C:\Windows
22:39:24.0953 7120 System windows directory: C:\Windows
22:39:24.0953 7120 Running under WOW64
22:39:24.0953 7120 Processor architecture: Intel x64
22:39:24.0953 7120 Number of processors: 4
22:39:24.0953 7120 Page size: 0x1000
22:39:24.0953 7120 Boot type: Normal boot
22:39:24.0953 7120 ============================================================
22:39:25.0483 7120 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:25.0503 7120 ============================================================
22:39:25.0503 7120 \Device\Harddisk0\DR0:
22:39:25.0503 7120 MBR partitions:
22:39:25.0503 7120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:39:25.0503 7120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE27D5800
22:39:25.0503 7120 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE2808000, BlocksNum 0x6400000
22:39:25.0503 7120 ============================================================
22:39:25.0523 7120 C: <-> \Device\Harddisk0\DR0\Partition2
22:39:25.0643 7120 D: <-> \Device\Harddisk0\DR0\Partition3
22:39:25.0643 7120 ============================================================
22:39:25.0643 7120 Initialize success
22:39:25.0643 7120 ============================================================
22:39:32.0846 5352 ============================================================
22:39:32.0846 5352 Scan started
22:39:32.0846 5352 Mode: Manual; SigCheck; TDLFS;
22:39:32.0846 5352 ============================================================
22:39:33.0454 5352 ================ Scan system memory ========================
22:39:33.0454 5352 System memory - ok
22:39:33.0454 5352 ================ Scan services =============================
22:39:34.0000 5352 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:39:34.0078 5352 1394ohci - ok
22:39:34.0110 5352 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:39:34.0125 5352 ACPI - ok
22:39:34.0141 5352 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:39:34.0203 5352 AcpiPmi - ok
22:39:34.0328 5352 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:34.0344 5352 AdobeARMservice - ok
22:39:34.0437 5352 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:34.0453 5352 AdobeFlashPlayerUpdateSvc - ok
22:39:34.0484 5352 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:39:34.0515 5352 adp94xx - ok
22:39:34.0531 5352 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:39:34.0562 5352 adpahci - ok
22:39:34.0578 5352 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:39:34.0593 5352 adpu320 - ok
22:39:34.0624 5352 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:39:34.0765 5352 AeLookupSvc - ok
22:39:34.0796 5352 [ 0517E1670A58213E3F206066CD209273 ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
22:39:34.0827 5352 AF15BDA - ok
22:39:34.0890 5352 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:39:34.0952 5352 AFD - ok
22:39:34.0968 5352 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:39:34.0983 5352 agp440 - ok
22:39:34.0999 5352 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:39:35.0046 5352 ALG - ok
22:39:35.0061 5352 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:39:35.0077 5352 aliide - ok
22:39:35.0108 5352 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:39:35.0124 5352 amdide - ok
22:39:35.0139 5352 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:39:35.0186 5352 AmdK8 - ok
22:39:35.0202 5352 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:39:35.0248 5352 AmdPPM - ok
22:39:35.0280 5352 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:39:35.0295 5352 amdsata - ok
22:39:35.0326 5352 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:39:35.0342 5352 amdsbs - ok
22:39:35.0358 5352 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:39:35.0373 5352 amdxata - ok
22:39:35.0389 5352 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:39:35.0529 5352 AppID - ok
22:39:35.0545 5352 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:39:35.0607 5352 AppIDSvc - ok
22:39:35.0638 5352 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:39:35.0701 5352 Appinfo - ok
22:39:35.0779 5352 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:39:35.0794 5352 arc - ok
22:39:35.0810 5352 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:39:35.0826 5352 arcsas - ok
22:39:35.0857 5352 [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
22:39:35.0904 5352 asmthub3 - ok
22:39:35.0935 5352 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
22:39:35.0982 5352 asmtxhci - ok
22:39:36.0013 5352 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:36.0075 5352 AsyncMac - ok
22:39:36.0122 5352 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:39:36.0138 5352 atapi - ok
22:39:36.0169 5352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:39:36.0231 5352 AudioEndpointBuilder - ok
22:39:36.0231 5352 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:39:36.0262 5352 AudioSrv - ok
22:39:36.0309 5352 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
22:39:36.0309 5352 avgtp - ok
22:39:36.0372 5352 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:39:36.0434 5352 AxInstSV - ok
22:39:36.0465 5352 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:39:36.0512 5352 b06bdrv - ok
22:39:36.0543 5352 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:39:36.0590 5352 b57nd60a - ok
22:39:36.0621 5352 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:39:36.0652 5352 BDESVC - ok
22:39:36.0652 5352 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:39:36.0684 5352 Beep - ok
22:39:36.0746 5352 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:39:36.0808 5352 BFE - ok
22:39:36.0964 5352 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121030.002\BHDrvx64.sys
22:39:36.0996 5352 BHDrvx64 - ok
22:39:37.0058 5352 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:39:37.0120 5352 BITS - ok
22:39:37.0152 5352 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:39:37.0183 5352 blbdrive - ok
22:39:37.0230 5352 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:39:37.0276 5352 bowser - ok
22:39:37.0308 5352 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:39:37.0323 5352 BrFiltLo - ok
22:39:37.0354 5352 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:39:37.0401 5352 BrFiltUp - ok
22:39:37.0448 5352 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:39:37.0495 5352 BridgeMP - ok
22:39:37.0573 5352 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:39:37.0620 5352 Browser - ok
22:39:37.0635 5352 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:39:37.0666 5352 Brserid - ok
22:39:37.0698 5352 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:37.0729 5352 BrSerWdm - ok
22:39:37.0744 5352 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:37.0776 5352 BrUsbMdm - ok
22:39:37.0791 5352 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:37.0822 5352 BrUsbSer - ok
22:39:37.0838 5352 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:39:37.0885 5352 BTHMODEM - ok
22:39:37.0916 5352 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:39:37.0978 5352 bthserv - ok
22:39:38.0041 5352 catchme - ok
22:39:38.0056 5352 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:39:38.0119 5352 cdfs - ok
22:39:38.0134 5352 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:39:38.0134 5352 cdrom - ok
22:39:38.0197 5352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:39:38.0244 5352 CertPropSvc - ok
22:39:38.0275 5352 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:39:38.0306 5352 circlass - ok
22:39:38.0337 5352 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:39:38.0353 5352 CLFS - ok
22:39:38.0384 5352 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:38.0415 5352 clr_optimization_v2.0.50727_32 - ok
22:39:38.0431 5352 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:38.0462 5352 clr_optimization_v2.0.50727_64 - ok
22:39:38.0540 5352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:38.0571 5352 clr_optimization_v4.0.30319_32 - ok
22:39:38.0602 5352 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:38.0618 5352 clr_optimization_v4.0.30319_64 - ok
22:39:38.0618 5352 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:39:38.0649 5352 CmBatt - ok
22:39:38.0680 5352 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:39:38.0696 5352 cmdide - ok
22:39:38.0743 5352 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:39:38.0805 5352 CNG - ok
22:39:38.0821 5352 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:39:38.0836 5352 Compbatt - ok
22:39:38.0868 5352 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:39:38.0914 5352 CompositeBus - ok
22:39:38.0930 5352 COMSysApp - ok
22:39:38.0946 5352 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:39:38.0961 5352 crcdisk - ok
22:39:38.0992 5352 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:39:39.0039 5352 CryptSvc - ok
22:39:39.0086 5352 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:39:39.0117 5352 cvhsvc - ok
22:39:39.0148 5352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:39:39.0195 5352 DcomLaunch - ok
22:39:39.0242 5352 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:39:39.0304 5352 defragsvc - ok
22:39:39.0304 5352 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:39:39.0351 5352 DfsC - ok
22:39:39.0429 5352 [ 2609FC634FF93EC2BD081ABFECEEF997 ] DFSVC C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe
22:39:39.0460 5352 DFSVC ( UnsignedFile.Multi.Generic ) - warning
22:39:39.0460 5352 DFSVC - detected UnsignedFile.Multi.Generic (1)
22:39:39.0492 5352 [ 245244B2740975F74F56559105093A2D ] DFSYS C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS
22:39:39.0507 5352 DFSYS - ok
22:39:39.0523 5352 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:39:39.0585 5352 Dhcp - ok
22:39:39.0648 5352 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:39:39.0710 5352 discache - ok
22:39:39.0741 5352 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:39:39.0757 5352 Disk - ok
22:39:39.0788 5352 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:39:39.0819 5352 Dnscache - ok
22:39:39.0819 5352 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:39:39.0897 5352 dot3svc - ok
22:39:39.0897 5352 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:39:39.0960 5352 DPS - ok
22:39:39.0991 5352 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:39:40.0006 5352 drmkaud - ok
22:39:40.0038 5352 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:39:40.0053 5352 DXGKrnl - ok
22:39:40.0053 5352 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:39:40.0084 5352 EapHost - ok
22:39:40.0147 5352 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:39:40.0240 5352 ebdrv - ok
22:39:40.0287 5352 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:39:40.0303 5352 eeCtrl - ok
22:39:40.0334 5352 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:39:40.0365 5352 EFS - ok
22:39:40.0428 5352 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:39:40.0474 5352 ehRecvr - ok
22:39:40.0490 5352 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:39:40.0537 5352 ehSched - ok
22:39:40.0568 5352 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:39:40.0599 5352 elxstor - ok
22:39:40.0693 5352 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:39:40.0708 5352 EraserUtilRebootDrv - ok
22:39:40.0724 5352 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:39:40.0771 5352 ErrDev - ok
22:39:40.0818 5352 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:39:40.0864 5352 EventSystem - ok
22:39:40.0911 5352 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:39:40.0974 5352 exfat - ok
22:39:40.0989 5352 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:39:41.0020 5352 fastfat - ok
22:39:41.0052 5352 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:39:41.0114 5352 Fax - ok
22:39:41.0145 5352 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:39:41.0176 5352 fdc - ok
22:39:41.0208 5352 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:39:41.0270 5352 fdPHost - ok
22:39:41.0286 5352 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:39:41.0332 5352 FDResPub - ok
22:39:41.0348 5352 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:39:41.0364 5352 FileInfo - ok
22:39:41.0379 5352 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:39:41.0426 5352 Filetrace - ok
22:39:41.0442 5352 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:39:41.0457 5352 flpydisk - ok
22:39:41.0473 5352 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:39:41.0504 5352 FltMgr - ok
22:39:41.0535 5352 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:39:41.0582 5352 FontCache - ok
22:39:41.0598 5352 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:41.0613 5352 FontCache3.0.0.0 - ok
22:39:41.0629 5352 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:39:41.0629 5352 FsDepends - ok
22:39:41.0660 5352 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:39:41.0676 5352 Fs_Rec - ok
22:39:41.0676 5352 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:39:41.0707 5352 fvevol - ok
22:39:41.0722 5352 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:39:41.0738 5352 gagp30kx - ok
22:39:41.0785 5352 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:39:41.0800 5352 GEARAspiWDM - ok
22:39:41.0816 5352 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:39:41.0878 5352 gpsvc - ok
22:39:41.0972 5352 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:41.0988 5352 gupdate - ok
22:39:42.0003 5352 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:42.0019 5352 gupdatem - ok
22:39:42.0034 5352 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:39:42.0050 5352 hamachi - ok
22:39:42.0081 5352 [ FFFF099F1DA0A4B7E765642A5A4D1399 ] HauppaugeTVServer C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE
22:39:42.0128 5352 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0128 5352 HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
22:39:42.0144 5352 [ FFE2B6DA03F47DB339A538679D2DC600 ] hcw17bda C:\Windows\system32\drivers\hcw17bda.sys
22:39:42.0175 5352 hcw17bda - ok
22:39:42.0206 5352 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:39:42.0222 5352 hcw85cir - ok
22:39:42.0253 5352 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:39:42.0300 5352 HdAudAddService - ok
22:39:42.0315 5352 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:39:42.0346 5352 HDAudBus - ok
22:39:42.0378 5352 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:39:42.0393 5352 HidBatt - ok
22:39:42.0409 5352 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:39:42.0456 5352 HidBth - ok
22:39:42.0471 5352 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:39:42.0487 5352 HidIr - ok
22:39:42.0502 5352 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:39:42.0534 5352 hidserv - ok
22:39:42.0549 5352 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:39:42.0565 5352 HidUsb - ok
22:39:42.0580 5352 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:39:42.0627 5352 hkmsvc - ok
22:39:42.0643 5352 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:39:42.0658 5352 HomeGroupListener - ok
22:39:42.0690 5352 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:39:42.0705 5352 HomeGroupProvider - ok
22:39:42.0783 5352 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:39:42.0799 5352 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0799 5352 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:39:42.0814 5352 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:39:42.0846 5352 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0846 5352 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:39:42.0861 5352 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:39:42.0877 5352 HpSAMD - ok
22:39:42.0924 5352 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:39:42.0955 5352 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:39:42.0955 5352 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:39:42.0986 5352 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:39:43.0033 5352 HTTP - ok
22:39:43.0048 5352 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:39:43.0048 5352 hwpolicy - ok
22:39:43.0080 5352 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:39:43.0095 5352 i8042prt - ok
22:39:43.0126 5352 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:39:43.0142 5352 iaStor - ok
22:39:43.0189 5352 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:39:43.0220 5352 IAStorDataMgrSvc - ok
22:39:43.0251 5352 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:39:43.0282 5352 iaStorV - ok
22:39:43.0298 5352 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:43.0345 5352 idsvc - ok
22:39:43.0407 5352 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121109.001\IDSvia64.sys
22:39:43.0423 5352 IDSVia64 - ok
22:39:43.0548 5352 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:39:43.0688 5352 igfx - ok
22:39:43.0704 5352 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:39:43.0704 5352 iirsp - ok
22:39:43.0735 5352 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:39:43.0782 5352 IKEEXT - ok
22:39:43.0875 5352 [ 8F6ED52134EBB4CE2953EC37C9275497 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:39:43.0922 5352 IntcAzAudAddService - ok
22:39:43.0953 5352 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:39:43.0969 5352 intelide - ok
22:39:44.0000 5352 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:39:44.0031 5352 intelppm - ok
22:39:44.0047 5352 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:39:44.0125 5352 IPBusEnum - ok
22:39:44.0140 5352 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:44.0187 5352 IpFilterDriver - ok
22:39:44.0218 5352 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:39:44.0281 5352 iphlpsvc - ok
22:39:44.0312 5352 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:39:44.0328 5352 IPMIDRV - ok
22:39:44.0343 5352 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:39:44.0390 5352 IPNAT - ok
22:39:44.0406 5352 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:39:44.0437 5352 IRENUM - ok
22:39:44.0452 5352 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:39:44.0468 5352 isapnp - ok
22:39:44.0484 5352 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:39:44.0499 5352 iScsiPrt - ok
22:39:44.0530 5352 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:44.0530 5352 kbdclass - ok
22:39:44.0562 5352 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:44.0577 5352 kbdhid - ok
22:39:44.0608 5352 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:39:44.0624 5352 KeyIso - ok
22:39:44.0640 5352 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:39:44.0655 5352 KSecDD - ok
22:39:44.0671 5352 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:39:44.0686 5352 KSecPkg - ok
22:39:44.0702 5352 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:39:44.0749 5352 ksthunk - ok
22:39:44.0749 5352 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:39:44.0811 5352 KtmRm - ok
22:39:44.0827 5352 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:39:44.0858 5352 LanmanServer - ok
22:39:44.0874 5352 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:39:44.0936 5352 LanmanWorkstation - ok
22:39:44.0967 5352 libusbd - ok
22:39:44.0998 5352 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:39:45.0045 5352 lltdio - ok
22:39:45.0061 5352 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:39:45.0108 5352 lltdsvc - ok
22:39:45.0123 5352 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:39:45.0170 5352 lmhosts - ok
22:39:45.0201 5352 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:39:45.0217 5352 LMS - ok
22:39:45.0248 5352 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:39:45.0248 5352 LSI_FC - ok
22:39:45.0295 5352 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:39:45.0310 5352 LSI_SAS - ok
22:39:45.0357 5352 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:39:45.0373 5352 LSI_SAS2 - ok
22:39:45.0420 5352 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:39:45.0435 5352 LSI_SCSI - ok
22:39:45.0435 5352 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:39:45.0498 5352 luafv - ok
22:39:45.0529 5352 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:39:45.0560 5352 Mcx2Svc - ok
22:39:45.0576 5352 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:39:45.0591 5352 megasas - ok
22:39:45.0638 5352 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:39:45.0654 5352 MegaSR - ok
22:39:45.0685 5352 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
22:39:45.0700 5352 MEIx64 - ok
22:39:45.0716 5352 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:39:45.0778 5352 MMCSS - ok
22:39:45.0794 5352 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:39:45.0841 5352 Modem - ok
22:39:45.0872 5352 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:39:45.0903 5352 monitor - ok
22:39:45.0934 5352 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:39:45.0950 5352 mouclass - ok
22:39:45.0981 5352 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:39:45.0997 5352 mouhid - ok
22:39:46.0028 5352 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:39:46.0044 5352 mountmgr - ok
22:39:46.0122 5352 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:39:46.0168 5352 MozillaMaintenance - ok
22:39:46.0184 5352 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:39:46.0200 5352 mpio - ok
22:39:46.0215 5352 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:39:46.0231 5352 mpsdrv - ok
22:39:46.0278 5352 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:39:46.0309 5352 MpsSvc - ok
22:39:46.0324 5352 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:39:46.0356 5352 MRxDAV - ok
22:39:46.0371 5352 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:46.0418 5352 mrxsmb - ok
22:39:46.0434 5352 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:46.0480 5352 mrxsmb10 - ok
22:39:46.0480 5352 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:46.0512 5352 mrxsmb20 - ok
22:39:46.0543 5352 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:39:46.0543 5352 msahci - ok
22:39:46.0574 5352 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:39:46.0590 5352 msdsm - ok
22:39:46.0605 5352 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:39:46.0636 5352 MSDTC - ok
22:39:46.0652 5352 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:39:46.0714 5352 Msfs - ok
22:39:46.0730 5352 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:39:46.0761 5352 mshidkmdf - ok
22:39:46.0777 5352 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:39:46.0777 5352 msisadrv - ok
22:39:46.0792 5352 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:39:46.0855 5352 MSiSCSI - ok
22:39:46.0855 5352 msiserver - ok
22:39:46.0870 5352 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:39:46.0902 5352 MSKSSRV - ok
22:39:46.0917 5352 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:46.0948 5352 MSPCLOCK - ok
22:39:46.0964 5352 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:39:46.0995 5352 MSPQM - ok
22:39:47.0011 5352 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:39:47.0026 5352 MsRPC - ok
22:39:47.0042 5352 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:39:47.0042 5352 mssmbios - ok
22:39:47.0058 5352 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:39:47.0089 5352 MSTEE - ok
22:39:47.0120 5352 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:39:47.0151 5352 MTConfig - ok
22:39:47.0167 5352 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:39:47.0182 5352 Mup - ok
22:39:47.0214 5352 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
22:39:47.0229 5352 N360 - ok
22:39:47.0245 5352 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:39:47.0292 5352 napagent - ok
22:39:47.0307 5352 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:39:47.0354 5352 NativeWifiP - ok
22:39:47.0401 5352 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121109.020\ENG64.SYS
22:39:47.0416 5352 NAVENG - ok
22:39:47.0463 5352 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121109.020\EX64.SYS
22:39:47.0494 5352 NAVEX15 - ok
22:39:47.0526 5352 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:39:47.0572 5352 NDIS - ok
22:39:47.0572 5352 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:47.0619 5352 NdisCap - ok
22:39:47.0635 5352 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:47.0666 5352 NdisTapi - ok
22:39:47.0682 5352 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:47.0728 5352 Ndisuio - ok
22:39:47.0744 5352 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:47.0775 5352 NdisWan - ok
22:39:47.0806 5352 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:39:47.0884 5352 NDProxy - ok
22:39:47.0931 5352 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:39:47.0947 5352 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:39:47.0947 5352 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:39:47.0947 5352 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:39:47.0994 5352 NetBIOS - ok
22:39:48.0009 5352 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:39:48.0040 5352 NetBT - ok
22:39:48.0072 5352 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:39:48.0072 5352 Netlogon - ok
22:39:48.0118 5352 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:39:48.0196 5352 Netman - ok
22:39:48.0212 5352 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:39:48.0259 5352 netprofm - ok
22:39:48.0259 5352 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:39:48.0274 5352 NetTcpPortSharing - ok
22:39:48.0306 5352 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:39:48.0306 5352 nfrd960 - ok
22:39:48.0337 5352 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:39:48.0384 5352 NlaSvc - ok
22:39:48.0384 5352 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:39:48.0415 5352 Npfs - ok
22:39:48.0430 5352 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:39:48.0462 5352 nsi - ok
22:39:48.0477 5352 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:39:48.0508 5352 nsiproxy - ok
22:39:48.0555 5352 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:39:48.0586 5352 Ntfs - ok
22:39:48.0602 5352 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:39:48.0633 5352 Null - ok
22:39:48.0680 5352 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:39:48.0680 5352 NVHDA - ok
22:39:48.0883 5352 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:39:49.0039 5352 nvlddmkm - ok
22:39:49.0070 5352 nvpciflt - ok
22:39:49.0086 5352 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:39:49.0101 5352 nvraid - ok
22:39:49.0132 5352 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:39:49.0132 5352 nvstor - ok
22:39:49.0179 5352 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
22:39:49.0226 5352 nvsvc - ok
22:39:49.0273 5352 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:39:49.0335 5352 nvUpdatusService - ok
22:39:49.0351 5352 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:39:49.0366 5352 nv_agp - ok
22:39:49.0382 5352 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:39:49.0398 5352 ohci1394 - ok
22:39:49.0398 5352 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:49.0429 5352 ose - ok
22:39:49.0538 5352 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:39:49.0647 5352 osppsvc - ok
22:39:49.0647 5352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:39:49.0678 5352 p2pimsvc - ok
22:39:49.0694 5352 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:39:49.0710 5352 p2psvc - ok
22:39:49.0741 5352 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:39:49.0756 5352 Parport - ok
22:39:49.0788 5352 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:39:49.0803 5352 partmgr - ok
22:39:49.0803 5352 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:39:49.0834 5352 PcaSvc - ok
22:39:49.0834 5352 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:39:49.0850 5352 pci - ok
22:39:49.0881 5352 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:39:49.0897 5352 pciide - ok
22:39:49.0928 5352 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:39:49.0928 5352 pcmcia - ok
22:39:49.0975 5352 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:39:49.0990 5352 pcw - ok
22:39:50.0006 5352 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:39:50.0068 5352 PEAUTH - ok
22:39:50.0131 5352 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:39:50.0146 5352 PerfHost - ok
22:39:50.0193 5352 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:39:50.0271 5352 pla - ok
22:39:50.0302 5352 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:39:50.0334 5352 PlugPlay - ok
22:39:50.0380 5352 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:39:50.0396 5352 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:39:50.0396 5352 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:39:50.0412 5352 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:39:50.0443 5352 PNRPAutoReg - ok
22:39:50.0458 5352 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:39:50.0458 5352 PNRPsvc - ok
22:39:50.0490 5352 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:39:50.0536 5352 PolicyAgent - ok
22:39:50.0552 5352 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:39:50.0583 5352 Power - ok
22:39:50.0630 5352 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:39:50.0661 5352 PptpMiniport - ok
22:39:50.0692 5352 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:39:50.0692 5352 Processor - ok
22:39:50.0708 5352 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:39:50.0739 5352 ProfSvc - ok
22:39:50.0739 5352 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:39:50.0755 5352 ProtectedStorage - ok
22:39:50.0770 5352 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:39:50.0786 5352 Psched - ok
22:39:50.0817 5352 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:39:50.0817 5352 PSI_SVC_2 - ok
22:39:50.0864 5352 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:39:50.0911 5352 ql2300 - ok
22:39:50.0926 5352 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:39:50.0942 5352 ql40xx - ok
22:39:50.0958 5352 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:39:50.0973 5352 QWAVE - ok
22:39:50.0989 5352 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:39:51.0036 5352 QWAVEdrv - ok
22:39:51.0051 5352 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:39:51.0098 5352 RasAcd - ok
22:39:51.0129 5352 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:39:51.0207 5352 RasAgileVpn - ok
22:39:51.0223 5352 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:39:51.0285 5352 RasAuto - ok
22:39:51.0316 5352 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:51.0363 5352 Rasl2tp - ok
22:39:51.0394 5352 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:39:51.0426 5352 RasMan - ok
22:39:51.0441 5352 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:51.0472 5352 RasPppoe - ok
22:39:51.0488 5352 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:39:51.0519 5352 RasSstp - ok
22:39:51.0550 5352 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:39:51.0582 5352 rdbss - ok
22:39:51.0613 5352 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:39:51.0613 5352 rdpbus - ok
22:39:51.0628 5352 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:51.0675 5352 RDPCDD - ok
22:39:51.0691 5352 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:39:51.0722 5352 RDPENCDD - ok
22:39:51.0738 5352 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:39:51.0784 5352 RDPREFMP - ok
22:39:51.0800 5352 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:39:51.0816 5352 RDPWD - ok
22:39:51.0831 5352 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:39:51.0847 5352 rdyboost - ok
22:39:51.0847 5352 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:39:51.0894 5352 RemoteAccess - ok
22:39:51.0909 5352 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:39:51.0956 5352 RemoteRegistry - ok
22:39:51.0972 5352 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:39:51.0987 5352 RpcEptMapper - ok
22:39:52.0018 5352 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:39:52.0034 5352 RpcLocator - ok
22:39:52.0050 5352 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:39:52.0081 5352 RpcSs - ok
22:39:52.0096 5352 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:39:52.0143 5352 rspndr - ok
22:39:52.0190 5352 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:39:52.0206 5352 RTL8167 - ok
22:39:52.0252 5352 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
22:39:52.0268 5352 RTL8192su - ok
22:39:52.0284 5352 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:39:52.0299 5352 SamSs - ok
22:39:52.0315 5352 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:39:52.0315 5352 sbp2port - ok
22:39:52.0330 5352 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:39:52.0362 5352 SCardSvr - ok
22:39:52.0377 5352 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:39:52.0408 5352 scfilter - ok
22:39:52.0440 5352 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:39:52.0486 5352 Schedule - ok
22:39:52.0502 5352 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:39:52.0533 5352 SCPolicySvc - ok
22:39:52.0533 5352 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:39:52.0564 5352 SDRSVC - ok
22:39:52.0580 5352 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:39:52.0611 5352 secdrv - ok
22:39:52.0627 5352 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:39:52.0658 5352 seclogon - ok
22:39:52.0658 5352 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:39:52.0705 5352 SENS - ok
22:39:52.0720 5352 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:39:52.0736 5352 SensrSvc - ok
22:39:52.0767 5352 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:39:52.0798 5352 Serenum - ok
22:39:52.0830 5352 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:39:52.0861 5352 Serial - ok
22:39:52.0908 5352 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:39:52.0923 5352 sermouse - ok
22:39:52.0954 5352 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:39:53.0001 5352 SessionEnv - ok
22:39:53.0017 5352 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:39:53.0032 5352 sffdisk - ok
22:39:53.0048 5352 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:39:53.0079 5352 sffp_mmc - ok
22:39:53.0095 5352 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:39:53.0110 5352 sffp_sd - ok
22:39:53.0126 5352 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:39:53.0126 5352 sfloppy - ok
22:39:53.0157 5352 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:39:53.0173 5352 Sftfs - ok
22:39:53.0204 5352 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:39:53.0220 5352 sftlist - ok
22:39:53.0251 5352 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:39:53.0251 5352 Sftplay - ok
22:39:53.0282 5352 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:39:53.0282 5352 Sftredir - ok
22:39:53.0298 5352 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:39:53.0313 5352 Sftvol - ok
22:39:53.0344 5352 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:39:53.0360 5352 sftvsa - ok
22:39:53.0376 5352 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:39:53.0422 5352 SharedAccess - ok
22:39:53.0454 5352 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:39:53.0485 5352 ShellHWDetection - ok
22:39:53.0532 5352 [ BD0D88034925E49A273A44905E2796A8 ] SipIMNDI C:\Windows\system32\DRIVERS\SipIMNDI64.sys
22:39:53.0532 5352 SipIMNDI - ok
22:39:53.0547 5352 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:39:53.0563 5352 SiSRaid2 - ok
22:39:53.0578 5352 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:39:53.0594 5352 SiSRaid4 - ok
22:39:53.0688 5352 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:39:53.0766 5352 Skype C2C Service - ok
22:39:53.0812 5352 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:39:53.0828 5352 SkypeUpdate - ok
22:39:53.0859 5352 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:39:53.0922 5352 Smb - ok
22:39:53.0953 5352 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:39:53.0984 5352 SNMPTRAP - ok
22:39:54.0140 5352 [ 37D91C6385BB1104D67925FC43800ED0 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
22:39:54.0358 5352 SNPSTD3 - ok
22:39:54.0358 5352 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:39:54.0374 5352 spldr - ok
22:39:54.0405 5352 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:39:54.0421 5352 Spooler - ok
22:39:54.0483 5352 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:39:54.0577 5352 sppsvc - ok
22:39:54.0592 5352 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:39:54.0624 5352 sppuinotify - ok
22:39:54.0670 5352 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
22:39:54.0686 5352 SRTSP - ok
22:39:54.0702 5352 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
22:39:54.0702 5352 SRTSPX - ok
22:39:54.0717 5352 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:39:54.0748 5352 srv - ok
22:39:54.0764 5352 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:39:54.0795 5352 srv2 - ok
22:39:54.0795 5352 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:39:54.0811 5352 srvnet - ok
22:39:54.0842 5352 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:39:54.0889 5352 SSDPSRV - ok
22:39:54.0889 5352 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:39:54.0920 5352 SstpSvc - ok
22:39:54.0982 5352 Steam Client Service - ok
22:39:55.0060 5352 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:39:55.0076 5352 Stereo Service - ok
22:39:55.0107 5352 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:39:55.0123 5352 stexstor - ok
22:39:55.0154 5352 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:39:55.0170 5352 StillCam - ok
22:39:55.0201 5352 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:39:55.0232 5352 stisvc - ok
22:39:55.0263 5352 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:39:55.0279 5352 swenum - ok
22:39:55.0294 5352 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:39:55.0326 5352 swprv - ok
22:39:55.0357 5352 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
22:39:55.0372 5352 SymDS - ok
22:39:55.0388 5352 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
22:39:55.0404 5352 SymEFA - ok
22:39:55.0419 5352 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:39:55.0435 5352 SymEvent - ok
22:39:55.0450 5352 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
22:39:55.0450 5352 SymIRON - ok
22:39:55.0466 5352 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
22:39:55.0482 5352 SymNetS - ok
22:39:55.0513 5352 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:39:55.0560 5352 SysMain - ok
22:39:55.0575 5352 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:39:55.0606 5352 TabletInputService - ok
22:39:55.0606 5352 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:39:55.0638 5352 TapiSrv - ok
22:39:55.0669 5352 [ 4430E9B4C60AAB672D16E801BAD0555E ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
22:39:55.0684 5352 tbhsd - ok
22:39:55.0700 5352 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:39:55.0731 5352 TBS - ok
22:39:55.0794 5352 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:39:55.0856 5352 Tcpip - ok
22:39:55.0903 5352 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:39:55.0918 5352 TCPIP6 - ok
22:39:55.0950 5352 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:39:55.0981 5352 tcpipreg - ok
22:39:55.0996 5352 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:39:56.0028 5352 TDPIPE - ok
22:39:56.0043 5352 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:39:56.0074 5352 TDTCP - ok
22:39:56.0090 5352 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:39:56.0137 5352 tdx - ok
22:39:56.0152 5352 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:39:56.0168 5352 TermDD - ok
22:39:56.0184 5352 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:39:56.0246 5352 TermService - ok
22:39:56.0277 5352 TFsExDisk - ok
22:39:56.0293 5352 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:39:56.0324 5352 Themes - ok
22:39:56.0340 5352 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:39:56.0371 5352 THREADORDER - ok
22:39:56.0386 5352 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:39:56.0433 5352 TrkWks - ok
22:39:56.0496 5352 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:39:56.0542 5352 TrustedInstaller - ok
22:39:56.0558 5352 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:56.0605 5352 tssecsrv - ok
22:39:56.0620 5352 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:39:56.0652 5352 TsUsbFlt - ok
22:39:56.0667 5352 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:39:56.0698 5352 TsUsbGD - ok
22:39:56.0776 5352 [ 41A3F69FBB7CA37A3FC5CD8EF424F199 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:39:56.0823 5352 TuneUp.Defrag - ok
22:39:56.0870 5352 [ EBA3ABFFDADA40A2B590ADEF1A24CA24 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:39:56.0917 5352 TuneUp.UtilitiesSvc - ok
22:39:56.0979 5352 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:39:56.0995 5352 TuneUpUtilitiesDrv - ok
22:39:57.0010 5352 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:39:57.0057 5352 tunnel - ok
22:39:57.0073 5352 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:39:57.0088 5352 uagp35 - ok
22:39:57.0104 5352 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:39:57.0151 5352 udfs - ok
22:39:57.0166 5352 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:39:57.0198 5352 UI0Detect - ok
22:39:57.0229 5352 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:39:57.0229 5352 uliagpkx - ok
22:39:57.0260 5352 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:39:57.0276 5352 umbus - ok
22:39:57.0307 5352 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:39:57.0338 5352 UmPass - ok
22:39:57.0416 5352 [ FC43877B4625F6EB773C98233EB625C5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:39:57.0510 5352 UNS - ok
22:39:57.0525 5352 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:39:57.0556 5352 upnphost - ok
22:39:57.0603 5352 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:39:57.0634 5352 usbaudio - ok
22:39:57.0666 5352 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:57.0697 5352 usbccgp - ok
22:39:57.0712 5352 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:39:57.0759 5352 usbcir - ok
22:39:57.0806 5352 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:39:57.0837 5352 usbehci - ok
22:39:57.0853 5352 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
22:39:57.0884 5352 usbhub - ok
22:39:57.0900 5352 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:39:57.0915 5352 usbohci - ok
22:39:57.0931 5352 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:39:57.0962 5352 usbprint - ok
22:39:57.0978 5352 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:57.0993 5352 USBSTOR - ok
22:39:58.0040 5352 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:39:58.0056 5352 usbuhci - ok
22:39:58.0087 5352 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:39:58.0134 5352 UxSms - ok
22:39:58.0196 5352 [ 9AC0C072FD7EDE138842BEF7DA73B0E6 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
22:39:58.0212 5352 UxTuneUp - ok
22:39:58.0227 5352 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:39:58.0243 5352 VaultSvc - ok
22:39:58.0258 5352 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:39:58.0274 5352 vdrvroot - ok
22:39:58.0290 5352 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:39:58.0352 5352 vds - ok
22:39:58.0368 5352 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:58.0383 5352 vga - ok
22:39:58.0383 5352 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:39:58.0430 5352 VgaSave - ok
22:39:58.0446 5352 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:39:58.0461 5352 vhdmp - ok
22:39:58.0461 5352 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:39:58.0477 5352 viaide - ok
22:39:58.0492 5352 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:39:58.0492 5352 volmgr - ok
22:39:58.0508 5352 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:39:58.0508 5352 volmgrx - ok
22:39:58.0524 5352 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:39:58.0539 5352 volsnap - ok
22:39:58.0555 5352 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:39:58.0570 5352 vsmraid - ok
22:39:58.0602 5352 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:39:58.0664 5352 VSS - ok
22:39:58.0742 5352 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
22:39:58.0773 5352 vToolbarUpdater13.2.0 - ok
22:39:58.0773 5352 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:39:58.0804 5352 vwifibus - ok
22:39:58.0820 5352 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:39:58.0851 5352 vwififlt - ok
22:39:58.0867 5352 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:39:58.0914 5352 W32Time - ok
22:39:58.0929 5352 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:39:58.0945 5352 WacomPen - ok
22:39:58.0960 5352 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:39:58.0992 5352 WANARP - ok
22:39:59.0007 5352 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:39:59.0023 5352 Wanarpv6 - ok
22:39:59.0085 5352 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:39:59.0148 5352 WatAdminSvc - ok
22:39:59.0194 5352 [ 878C947C69EE89E4DBFF9DBD6155C15D ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
22:39:59.0210 5352 watchmi ( UnsignedFile.Multi.Generic ) - warning
22:39:59.0210 5352 watchmi - detected UnsignedFile.Multi.Generic (1)
22:39:59.0257 5352 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:39:59.0319 5352 wbengine - ok
22:39:59.0335 5352 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:39:59.0350 5352 WbioSrvc - ok
22:39:59.0366 5352 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:39:59.0413 5352 wcncsvc - ok
22:39:59.0428 5352 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:39:59.0444 5352 WcsPlugInService - ok
22:39:59.0475 5352 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:39:59.0475 5352 Wd - ok
22:39:59.0538 5352 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:39:59.0569 5352 Wdf01000 - ok
22:39:59.0584 5352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:39:59.0600 5352 WdiServiceHost - ok
22:39:59.0616 5352 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:39:59.0616 5352 WdiSystemHost - ok
22:39:59.0647 5352 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:39:59.0662 5352 WebClient - ok
22:39:59.0694 5352 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:39:59.0725 5352 Wecsvc - ok
22:39:59.0740 5352 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:39:59.0772 5352 wercplsupport - ok
22:39:59.0803 5352 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:39:59.0865 5352 WerSvc - ok
22:39:59.0896 5352 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:39:59.0928 5352 WfpLwf - ok
22:39:59.0943 5352 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:39:59.0943 5352 WIMMount - ok
22:39:59.0974 5352 WinDefend - ok
22:39:59.0974 5352 WinHttpAutoProxySvc - ok
22:40:00.0006 5352 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:40:00.0052 5352 Winmgmt - ok
22:40:00.0099 5352 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:40:00.0162 5352 WinRM - ok
22:40:00.0224 5352 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:00.0240 5352 WinUsb - ok
22:40:00.0271 5352 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:40:00.0318 5352 Wlansvc - ok
22:40:00.0380 5352 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:40:00.0396 5352 wlcrasvc - ok
22:40:00.0442 5352 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:00.0505 5352 wlidsvc - ok
22:40:00.0520 5352 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:40:00.0552 5352 WmiAcpi - ok
22:40:00.0567 5352 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:40:00.0598 5352 wmiApSrv - ok
22:40:00.0630 5352 WMPNetworkSvc - ok
22:40:00.0661 5352 wolf - ok
22:40:00.0708 5352 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:40:00.0723 5352 WPCSvc - ok
22:40:00.0739 5352 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:40:00.0754 5352 WPDBusEnum - ok
22:40:00.0770 5352 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:40:00.0801 5352 ws2ifsl - ok
22:40:00.0817 5352 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:40:00.0848 5352 wscsvc - ok
22:40:00.0848 5352 WSearch - ok
22:40:00.0864 5352 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
22:40:00.0879 5352 wsvd - ok
22:40:00.0910 5352 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:40:00.0973 5352 wuauserv - ok
22:40:00.0973 5352 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:40:01.0020 5352 WudfPf - ok
22:40:01.0035 5352 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:01.0082 5352 WUDFRd - ok
22:40:01.0098 5352 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:40:01.0129 5352 wudfsvc - ok
22:40:01.0144 5352 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:40:01.0160 5352 WwanSvc - ok
22:40:01.0176 5352 ================ Scan global ===============================
22:40:01.0207 5352 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:40:01.0207 5352 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:40:01.0222 5352 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:40:01.0238 5352 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:40:01.0254 5352 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:40:01.0269 5352 [Global] - ok
22:40:01.0269 5352 ================ Scan MBR ==================================
22:40:01.0269 5352 [ 753CA1D394F3C0855134963D7361060F ] \Device\Harddisk0\DR0
22:40:03.0126 5352 \Device\Harddisk0\DR0 - ok
22:40:03.0126 5352 ================ Scan VBR ==================================
22:40:03.0126 5352 [ B5967DEE3556AB5547CE4A01720D3A87 ] \Device\Harddisk0\DR0\Partition1
22:40:03.0126 5352 \Device\Harddisk0\DR0\Partition1 - ok
22:40:03.0173 5352 [ 723B1384481DF8BCF39370C73915C3B3 ] \Device\Harddisk0\DR0\Partition2
22:40:03.0173 5352 \Device\Harddisk0\DR0\Partition2 - ok
22:40:03.0204 5352 [ 321024554349D673DA11DF6C854568BF ] \Device\Harddisk0\DR0\Partition3
22:40:03.0219 5352 \Device\Harddisk0\DR0\Partition3 - ok
22:40:03.0219 5352 ============================================================
22:40:03.0219 5352 Scan finished
22:40:03.0219 5352 ============================================================
22:40:03.0219 5132 Detected object count: 8
22:40:03.0219 5132 Actual detected object count: 8
22:40:12.0067 5132 DFSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 DFSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:12.0067 5132 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:12.0067 5132 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:12.0067 5132 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:12.0067 5132 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:12.0067 5132 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:12.0067 5132 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:40:12.0067 5132 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
22:40:12.0067 5132 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
10.11.2012, 22:59
| #15 |
| /// Malware-holic | Rechner mit 'Torpig' und/oder 'Mebroot' infiziert sieht bisher ok aus. auf beiden pcs: lade hitman pro http://www.trojaner-board.de/99424-c...o-scannen.html lizense, aktivate test lizense. dann auf scan, nichts löschen, am ende log als xml exportieren und posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Rechner mit 'Torpig' und/oder 'Mebroot' infiziert |
| 32 bit, abbruch, autorun, avira, bho, desktop, error, firefox, flash player, format, helper, home, hängt, infizierte dateien, install.exe, league of legends, logfile, mozilla, nvidia update, plug-in, problem, realtek, registry, rundll, scan, sinkhole, software, svchost.exe, symantec, teamspeak, vista |
Linear-Darstellung
