| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.11.2012, 23:44
| #1 |
 |  JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr Hallo, hatte Anfang der Woche den TR/Spy.ZBot.dynb drauf und mit Malwarebytes entfernt. Das Programm fand danach nichts mehr. Heute habe ich noch mal über alles Avira drüberlaufen lassen und da gab es 27 Infektionsmeldungen und 22 Warnungen. Die meisten der Infektionen sind aber im Spamfilter (Spamihilator) oder im Papierkorb im Mailprogramm (ungeöffnet, auch keine Vorschau!), die öffne ich nicht und beschäftigen mich daher auch nicht. Der TR/Spy.ZBot.dynb wurde nochmal gefunden, aber in einem _OTL\MovedFiles-Ordner, ich vermute daher, dass das der Überrest von einer früheren Infektion war, die ich mit Hilfe von hier (danke :-) in den Griff bekommen hatte. Allerdings gibt es da ein paar Java-Viren, die ich nicht interpretieren kann. Hier mal der Avira-Scan von eben: Code:
ATTFilter
Avira Free Antivirus
Report file date: Mittwoch, 21. November 2012 18:01
Scanning for 4536279 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : HP Berlin
Computer name : HPBERLIN-PC
Version information:
BUILD.DAT : 12.0.0.1125 Bytes 02.05.2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 02.05.2012 13:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 20.06.2012 11:28:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 17:36:28
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:54:49
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11.10.2012 20:02:59
VBASE008.VDF : 7.11.45.208 2048 Bytes 11.10.2012 20:02:59
VBASE009.VDF : 7.11.45.209 2048 Bytes 11.10.2012 20:02:59
VBASE010.VDF : 7.11.45.210 2048 Bytes 11.10.2012 20:02:59
VBASE011.VDF : 7.11.45.211 2048 Bytes 11.10.2012 20:03:00
VBASE012.VDF : 7.11.45.212 2048 Bytes 11.10.2012 20:03:00
VBASE013.VDF : 7.11.45.213 2048 Bytes 11.10.2012 20:03:00
VBASE014.VDF : 7.11.46.65 220160 Bytes 16.10.2012 20:02:55
VBASE015.VDF : 7.11.46.153 173568 Bytes 18.10.2012 20:02:56
VBASE016.VDF : 7.11.46.223 162304 Bytes 19.10.2012 20:02:57
VBASE017.VDF : 7.11.47.35 126464 Bytes 22.10.2012 20:03:06
VBASE018.VDF : 7.11.47.95 175616 Bytes 24.10.2012 20:03:05
VBASE019.VDF : 7.11.47.177 164352 Bytes 26.10.2012 08:24:07
VBASE020.VDF : 7.11.47.229 143360 Bytes 28.10.2012 09:24:14
VBASE021.VDF : 7.11.48.47 138240 Bytes 30.10.2012 17:01:07
VBASE022.VDF : 7.11.48.135 122880 Bytes 01.11.2012 17:21:31
VBASE023.VDF : 7.11.48.209 142848 Bytes 05.11.2012 18:14:15
VBASE024.VDF : 7.11.48.243 119296 Bytes 05.11.2012 18:14:10
VBASE025.VDF : 7.11.49.47 136704 Bytes 07.11.2012 18:14:32
VBASE026.VDF : 7.11.49.135 194560 Bytes 09.11.2012 13:11:09
VBASE027.VDF : 7.11.49.209 188416 Bytes 12.11.2012 13:11:11
VBASE028.VDF : 7.11.50.27 212992 Bytes 14.11.2012 16:38:23
VBASE029.VDF : 7.11.50.105 200704 Bytes 18.11.2012 18:22:53
VBASE030.VDF : 7.11.50.164 340992 Bytes 20.11.2012 18:22:52
VBASE031.VDF : 7.11.50.174 43008 Bytes 20.11.2012 18:22:52
Engine version : 8.2.10.202
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 14:40:48
AESCRIPT.DLL : 8.1.4.66 463227 Bytes 12.11.2012 13:11:45
AESCN.DLL : 8.1.9.4 131445 Bytes 19.11.2012 18:22:55
AESBX.DLL : 8.2.5.12 606578 Bytes 20.06.2012 11:28:32
AERDL.DLL : 8.2.0.74 643445 Bytes 07.11.2012 18:14:36
AEPACK.DLL : 8.3.0.40 815479 Bytes 12.11.2012 13:11:44
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 18:14:21
AEHEUR.DLL : 8.1.4.138 5542265 Bytes 19.11.2012 18:22:55
AEHELP.DLL : 8.1.25.2 258423 Bytes 14.10.2012 20:03:03
AEGEN.DLL : 8.1.6.10 438646 Bytes 19.11.2012 18:22:53
AEEXP.DLL : 8.2.0.10 119158 Bytes 05.11.2012 18:14:22
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 14:40:41
AECORE.DLL : 8.1.29.2 201079 Bytes 07.11.2012 18:14:33
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 18:14:17
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 02.05.2012 00:03:52
RCTEXT.DLL : 12.3.0.15 96720 Bytes 02.05.2012 13:40:44
Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +PCK,+PFS,+SPR,
Start of the scan: Mittwoch, 21. November 2012 18:01
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD1
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
C:\Program Files (x86)\Handbrake\uninst.exe
[WARNING] Invalid end of file
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SyncServer.exe' - '1' Module(s) have been scanned
Scan process 'ATH.exe' - '1' Module(s) have been scanned
Scan process 'ATH.exe' - '1' Module(s) have been scanned
Scan process 'APSDaemon.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'wlmail.exe' - '1' Module(s) have been scanned
Scan process 'Dropbox.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'tvtip.exe' - '1' Module(s) have been scanned
Module is OK -> <C:\Programme\TV Movie ClickFinder\tvtip.exe>
[WARNING] The file could not be opened!
[NOTE] The file does not exist!
[NOTE] Process 'tvtip.exe' was terminated
Scan process 'PBN.exe' - '1' Module(s) have been scanned
Scan process 'WNA3100.exe' - '1' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\Program Files (x86)\Handbrake\uninst.exe
[WARNING] Invalid end of file
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIWNGUX7\tvbilder-009-20120716[1].cftv
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\69080407-000004FB.eml
[0] Archive type: MIME
--> DCIM.htm
[DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\70F578F5-000004FC.eml
[0] Archive type: MIME
--> DCIM.htm
[DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\40572C6E-000026B0.eml
[0] Archive type: MIME
--> Contract_Scan_DS8220.htm
[DETECTION] Contains recognition pattern of the HTML/Redirect.FQ HTML script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\4359467D-000025D4.eml
[0] Archive type: MIME
--> Persönliches Profil - PayPal.htm
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\481A1C9C-000026EA.eml
[0] Archive type: MIME
--> Invoice_T756916.htm
[DETECTION] Contains recognition pattern of the JS/Redirector.QW Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\7F9776EE-000026FE.eml
[0] Archive type: MIME
--> Invoices-02-2012.htm
[DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\125228EB-000006CE.eml
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\16DB4C5D-0000070F.eml
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\79F22B86-0000070D.eml
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\1A1B17E6-00000279.eml
[0] Archive type: MIME
--> Persönliches Profil - PayPal.htm
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\3BE02A2C-0000027C.eml
[0] Archive type: MIME
--> Persönliches Profil - PayPal.htm
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\7498193E-00000280.eml
[0] Archive type: MIME
--> Persönliches Profil - PayPal.htm
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Temp\GLZHZD
[0] Archive type: ZIP
--> testesta.class
[DETECTION] Contains recognition pattern of the JAVA/Dermit.EM Java virus
--> testestb.class
[DETECTION] Contains recognition pattern of the JAVA/Dermit.EN Java virus
--> NewClass1.class
[DETECTION] Contains recognition pattern of the JAVA/Pesur.AY Java virus
--> testestd.class
[DETECTION] Contains recognition pattern of the JAVA/Karamel.AO.3 Java virus
--> testestc.class
[DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5e06165d-3a143d3b
[0] Archive type: ZIP
--> trphpgdtafbtttmvy/mltdmagswwqvsafpq.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FW Java virus
--> trphpgdtafbtttmvy/qysfflnsla.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Themo.F.2 Java virus
--> trphpgdtafbtttmvy/vnvvqw.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.GA Java virus
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\6b5cda3f-36b61bfb
[0] Archive type: ZIP
--> testesta.class
[DETECTION] Contains recognition pattern of the JAVA/Dermit.EM Java virus
--> testestb.class
[DETECTION] Contains recognition pattern of the JAVA/Dermit.EN Java virus
--> NewClass1.class
[DETECTION] Contains recognition pattern of the JAVA/Pesur.AY Java virus
--> testestd.class
[DETECTION] Contains recognition pattern of the JAVA/Karamel.AO.3 Java virus
--> testestc.class
[DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\85cc27fbce264aadfdab8fc9e618d3429ee24940
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\85cc27fbce264aadfdab8fc9e618d3429ee24940
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\85cc27fbce264aadfdab8fc9e618d3429ee24940
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\85cc27fbce264aadfdab8fc9e618d3429ee24940
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\85cc27fbce264aadfdab8fc9e618d3429ee24940
[WARNING] The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010676.msg
[0] Archive type: MIME
--> Document_N47683.htm
[DETECTION] Contains recognition pattern of the HTML/Redir.K HTML script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010685.msg
[0] Archive type: MIME
--> HP-Document-26506.htm
[DETECTION] Contains recognition pattern of the JS/Blacole.CV Java script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010692.msg
[0] Archive type: MIME
--> HP-Scan-67990.htm
[DETECTION] Contains recognition pattern of the JS/Redir.BE.1 Java script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010731.msg
[0] Archive type: MIME
--> Invoices-02-2012.htm
[DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en2012.exe
[WARNING] The file is password protected
C:\Users\HP Berlin\Downloads\iPhone2,1_4.0_8A293_Restore.zip
[WARNING] Invalid compressed data
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\CubeMaze 1.0.ipa
[WARNING] The file is password protected
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\Graz Touch 1.0 1.ipa
[WARNING] Possible archive bomb: the maximum unpack size has been reached.
C:\_OTL\MovedFiles\06142012_181231\C_Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe
[DETECTION] Is the TR/Spy.ZBot.dynb Trojan
Beginning disinfection:
C:\_OTL\MovedFiles\06142012_181231\C_Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe
[DETECTION] Is the TR/Spy.ZBot.dynb Trojan
[NOTE] The file was moved to the quarantine directory under the name '5788faa5.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010731.msg
[DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
[NOTE] The file was moved to the quarantine directory under the name '4eccd579.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010692.msg
[DETECTION] Contains recognition pattern of the JS/Redir.BE.1 Java script virus
[NOTE] The file was moved to the quarantine directory under the name '1c938f91.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010685.msg
[DETECTION] Contains recognition pattern of the JS/Blacole.CV Java script virus
[NOTE] The file was moved to the quarantine directory under the name '7aa4c053.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010676.msg
[DETECTION] Contains recognition pattern of the HTML/Redir.K HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '3f20ed6d.qua'.
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\6b5cda3f-36b61bfb
[DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
[NOTE] The file was moved to the quarantine directory under the name '4004df5e.qua'.
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5e06165d-3a143d3b
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.GA Java virus
[NOTE] The file was moved to the quarantine directory under the name '0c83f309.qua'.
C:\Users\HP Berlin\AppData\Local\Temp\GLZHZD
[DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
[NOTE] The file was moved to the quarantine directory under the name '7141b332.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\7498193E-00000280.eml
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
[NOTE] The file was moved to the quarantine directory under the name '5dfa9c67.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\3BE02A2C-0000027C.eml
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
[NOTE] The file was moved to the quarantine directory under the name '4486a7f3.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\1A1B17E6-00000279.eml
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
[NOTE] The file was moved to the quarantine directory under the name '28f68bc2.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\7F9776EE-000026FE.eml
[DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
[NOTE] The file was moved to the quarantine directory under the name '5977b24a.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\481A1C9C-000026EA.eml
[DETECTION] Contains recognition pattern of the JS/Redirector.QW Java script virus
[NOTE] The file was moved to the quarantine directory under the name '5755829b.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\4359467D-000025D4.eml
[DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
[NOTE] The file was moved to the quarantine directory under the name '1240fbdc.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\40572C6E-000026B0.eml
[DETECTION] Contains recognition pattern of the HTML/Redirect.FQ HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '1b4bff4a.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\70F578F5-000004FC.eml
[DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
[NOTE] The file was moved to the quarantine directory under the name '431be623.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\69080407-000004FB.eml
[DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
[NOTE] The file was moved to the quarantine directory under the name '6fc19fd4.qua'.
End of the scan: Mittwoch, 21. November 2012 23:30
Used time: 5:26:37 Hour(s)
The scan has been done completely.
50331 Scanned directories
2963804 Files were scanned
27 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
17 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
2963776 Files not concerned
183475 Archives were scanned
22 Warnings
18 Notes
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 HP Berlin :: HPBERLIN-PC [Administrator] 21.11.2012 17:03:52 mbam-log-2012-11-21 (17-03-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 250303 Laufzeit: 6 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 21.11.2012 17:10:26 - Run 5 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop\AntiSpyware 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 77,00% Memory free 11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,29% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 472,08 Gb Free Space | 69,00% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 470,04 Gb Free Space | 67,28% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive O: | 1396,92 Gb Total Space | 833,84 Gb Free Space | 59,69% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 03:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.06.13 21:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe PRC - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.01 23:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.02.26 23:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe PRC - [2012.02.20 20:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.02.15 09:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.07.29 19:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.01.20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe PRC - [2009.11.25 17:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe PRC - [2009.08.05 12:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009.07.23 19:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012.05.12 13:02:33 | 000,839,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll MOD - [2012.04.14 11:30:02 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll MOD - [2012.02.11 23:56:21 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.08.14 08:13:35 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\149c74602e3720d5e12fd34691793f45\CustomMarshalers.ni.dll MOD - [2010.08.14 07:46:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2010.08.14 07:46:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2010.08.14 07:46:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll MOD - [2010.08.14 07:46:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2010.08.14 07:46:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2010.08.14 07:46:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2010.08.14 07:46:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2010.01.20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe MOD - [2009.11.25 17:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe MOD - [2009.09.15 18:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll MOD - [2009.08.28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll MOD - [2009.08.05 12:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009.06.10 22:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 22:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2010.04.16 08:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.12 10:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2010.01.04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.12.28 16:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService) SRV - [2009.12.17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) SRV - [2006.09.14 07:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2005.09.30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.01.07 15:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.01.06 18:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.11 10:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.06 07:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 15:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.01.19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2009.07.23 19:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B} IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 21:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.23 11:52:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions [2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.01 18:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Firefox\Profiles\13la5nka.default\extensions [2012.09.23 11:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.16 10:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.07.12 11:34:25 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8EEC5C5C-0CEE-4EED-8F31-A4710E426A73} [2012.11.20 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1EC5ED30-FDE7-4764-9BB4-CD93974CBF88} [2012.11.19 21:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2012.11.19 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0929D70E-88D2-4007-8E58-F048718ED315} [2012.11.19 11:13:53 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.11.19 10:34:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DCC784B6-79A5-4781-8178-B47432DE31E0} [2012.11.18 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AC1AED9A-E2B9-4466-9F05-8ABCE3EF831E} [2012.11.18 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9784BF28-E68A-4859-8C53-419F4A757915} [2012.11.17 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{45AD049F-F939-4FF3-A811-ADF9C1AA641C} [2012.11.17 10:33:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED3FE1C2-99F9-42CA-BA7B-9C8FE5436AE9} [2012.11.16 20:49:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5770DFB3-F22F-4351-A809-D82E49541AF8} [2012.11.16 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9D2456A1-BE43-49CB-A60B-9BE57BA45706} [2012.11.15 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{506EB94F-341B-4A95-8658-B285A5E4F246} [2012.11.14 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA0EFF52-D535-4762-86C0-9EAC96195613} [2012.11.14 08:58:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F525D118-91B5-40D6-890A-CB5F88CAEE5E} [2012.11.13 09:38:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B500A58B-4191-42DC-B40B-43068B3E5BC1} [2012.11.12 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C48C946B-FA5B-4E08-BF8C-E79D22DADB95} [2012.11.12 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7FBDB8E-A5FF-43C6-84A9-E993E30B0459} [2012.11.11 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6BDAD0C-3A9D-4BE8-AC6C-67A34E968BD5} [2012.11.09 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8EEAD40-2204-4E57-AB76-B574C6CFFCF0} [2012.11.08 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{519CC909-217D-4629-925D-28BDAE42F89D} [2012.11.07 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{742F2C70-138B-40E9-96CB-B9F99F5C94F0} [2012.11.06 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AF300890-1F02-4816-8326-B04AD23AF5A7} [2012.11.05 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0343BF73-538B-4084-A9E8-5E49DFA03A24} [2012.11.05 09:19:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6FFADC1-DB24-41BD-A24C-BFA06BD4F6C2} [2012.11.04 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CFB3CF4D-38EB-4AB4-AC72-8C4D9B1FF81B} [2012.11.03 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EC9D1CFF-407F-4FFA-ACBE-0E8634590C58} [2012.11.03 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9CF69E3E-F113-4407-B496-227F9645FD61} [2012.11.02 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{103326DD-19C2-4FCE-B21D-CD0889AA76F4} [2012.10.31 19:24:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{905AB02E-EECD-4696-BFD5-4314616E6B62} [2012.10.31 07:24:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A68CB485-DA37-46BA-B0F6-9F821DCF3BCA} [2012.10.30 18:11:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA491B2B-FBC0-4B4F-A5C4-13009FA0C30F} [2012.10.29 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3CC5A4E5-C261-432E-B9F4-7D031947E234} [2012.10.29 10:40:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9ED5F4FC-DB7C-41F2-BB02-25B7BC8BEDA0} [2012.10.28 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6F078ECC-6355-4741-A8AD-0CA4D5B4CC48} [2012.10.28 10:39:35 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C724B98A-6D08-4996-9429-2B306B08F134} [2012.10.27 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{69F66856-B145-4173-A636-8A15BC7052C6} [2012.10.27 09:23:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A47A1C98-17C8-4D5E-A26D-B9502166F094} [2012.10.26 21:22:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3EA5563F-52B9-417D-87B3-6E9FA44E6F66} [2012.10.26 11:58:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Xmas 2012 [2012.10.26 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1C45F286-CAE4-46F6-842C-4699518246EE} [2012.10.25 15:06:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A8D11CC9-8FF8-4AF9-A0E0-B32DBEB93704} [2012.10.24 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5F3170CF-E661-40AD-B654-7E95D5D2B2B3} [2012.10.24 09:39:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D6750719-E796-40F0-B3A2-A0D0D5F96522} [2012.10.23 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E155E258-CC90-4A70-B57C-4DB83E3E8A24} [2012.10.23 09:38:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0AC5E2E9-007D-468D-9B39-13A5807BFC19} [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.21 17:17:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.21 13:39:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 13:39:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 13:36:53 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.21 13:36:53 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.21 13:36:53 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.21 13:36:53 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.21 13:36:53 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.21 13:31:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.21 13:31:29 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.30 21:31:01 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.16 10:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.16 10:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.16 10:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.16 10:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.16 10:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.08.23 20:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2011.06.08 15:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.08 15:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.08 15:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.08 15:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.08 15:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.08 15:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.08 15:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.08 15:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.08 15:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.08 15:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.08 15:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.08 15:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.08 15:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.08 15:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.08 15:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini ========== LOP Check ========== [2010.08.31 09:00:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012.08.21 13:30:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:00, on 04.01.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Spamihilator\spamihilator.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.babyzimmer.de/forum/script/forum1.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9386 bytes Sind die Biester aktiv - und wie krieg ich sie wieder los? Danke! shopgirl |
|
22.11.2012, 21:04
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
 Solche Angaben reichen nicht, du hast nur ein MBAM-Log ohne Funde gepostet - bitte poste die vollständigen Angaben/Logs der Virenscanner bz. Malwarebytes siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
23.11.2012, 13:11
| #3 |
| | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr Hallo,
__________________hier das "alte" Malwarebytes-Protokoll: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 HP Berlin :: HPBERLIN-PC [Administrator] 19.11.2012 11:09:50 mbam-log-2012-11-19 (11-09-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 250355 Laufzeit: 4 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\HP Berlin\AppData\Roaming\Wyhy\hymo.exe (Trojan.Zbot.SXGen) -> 3436 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{BF7DB920-E954-AD7E-DCEE-1423D01E373E} (Trojan.Zbot.SXGen) -> Daten: "C:\Users\HP Berlin\AppData\Roaming\Wyhy\hymo.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\HP Berlin\AppData\Roaming\Wyhy\hymo.exe (Trojan.Zbot.SXGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HP Berlin\AppData\Roaming\Yflibi\funyit.exe (Trojan.Zbot.SXGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) danke, shopgirl |
|
23.11.2012, 14:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.11.2012, 15:23
| #5 |
| | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr hallo, danke für die rasche antwort. avast ist mir leider mehrfach abgestürzt ("appcrash"), obwohl ich avira komplett gekillt und avast als admin ausgeführt habe. hier das andere protokoll: Code:
ATTFilter 15:19:47.0636 5456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:19:47.0823 5456 ============================================================
15:19:47.0823 5456 Current date / time: 2012/11/23 15:19:47.0823
15:19:47.0823 5456 SystemInfo:
15:19:47.0823 5456
15:19:47.0823 5456 OS Version: 6.1.7600 ServicePack: 0.0
15:19:47.0823 5456 Product type: Workstation
15:19:47.0823 5456 ComputerName: HPBERLIN-PC
15:19:47.0823 5456 UserName: HP Berlin
15:19:47.0823 5456 Windows directory: C:\Windows
15:19:47.0823 5456 System windows directory: C:\Windows
15:19:47.0823 5456 Running under WOW64
15:19:47.0823 5456 Processor architecture: Intel x64
15:19:47.0823 5456 Number of processors: 8
15:19:47.0823 5456 Page size: 0x1000
15:19:47.0823 5456 Boot type: Normal boot
15:19:47.0823 5456 ============================================================
15:19:48.0228 5456 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:48.0244 5456 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:48.0244 5456 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:48.0260 5456 ============================================================
15:19:48.0260 5456 \Device\Harddisk0\DR0:
15:19:48.0260 5456 MBR partitions:
15:19:48.0260 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:19:48.0260 5456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5584C800
15:19:48.0260 5456 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x5587F000, BlocksNum 0x1CC6800
15:19:48.0260 5456 \Device\Harddisk1\DR1:
15:19:48.0260 5456 MBR partitions:
15:19:48.0260 5456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
15:19:48.0260 5456 \Device\Harddisk2\DR2:
15:19:48.0260 5456 MBR partitions:
15:19:48.0260 5456 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xAEA86702
15:19:48.0260 5456 ============================================================
15:19:48.0275 5456 C: <-> \Device\Harddisk0\DR0\Partition2
15:19:48.0291 5456 E: <-> \Device\Harddisk1\DR1\Partition1
15:19:48.0338 5456 D: <-> \Device\Harddisk0\DR0\Partition3
15:19:48.0338 5456 O: <-> \Device\Harddisk2\DR2\Partition1
15:19:48.0338 5456 ============================================================
15:19:48.0338 5456 Initialize success
15:19:48.0338 5456 ============================================================
15:19:53.0564 0488 ============================================================
15:19:53.0564 0488 Scan started
15:19:53.0564 0488 Mode: Manual; SigCheck; TDLFS;
15:19:53.0564 0488 ============================================================
15:19:54.0437 0488 ================ Scan system memory ========================
15:19:54.0437 0488 System memory - ok
15:19:54.0437 0488 ================ Scan services =============================
15:19:54.0593 0488 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:19:54.0718 0488 1394ohci - ok
15:19:54.0734 0488 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:19:54.0749 0488 ACPI - ok
15:19:54.0749 0488 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:19:54.0843 0488 AcpiPmi - ok
15:19:54.0983 0488 [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
15:19:54.0999 0488 AdobeActiveFileMonitor10.0 - ok
15:19:55.0092 0488 [ 177FF6608B48638D4066726F3A3F8444 ] AdobeActiveFileMonitor5.0 C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
15:19:55.0139 0488 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
15:19:55.0139 0488 AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
15:19:55.0186 0488 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:19:55.0217 0488 adp94xx - ok
15:19:55.0264 0488 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:19:55.0295 0488 adpahci - ok
15:19:55.0311 0488 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:19:55.0326 0488 adpu320 - ok
15:19:55.0358 0488 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:19:55.0498 0488 AeLookupSvc - ok
15:19:55.0529 0488 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
15:19:55.0607 0488 AFD - ok
15:19:55.0654 0488 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:19:55.0670 0488 agp440 - ok
15:19:55.0716 0488 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:19:55.0779 0488 ALG - ok
15:19:55.0794 0488 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:19:55.0810 0488 aliide - ok
15:19:55.0826 0488 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:19:55.0841 0488 amdide - ok
15:19:55.0872 0488 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:19:55.0904 0488 AmdK8 - ok
15:19:55.0935 0488 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:19:55.0966 0488 AmdPPM - ok
15:19:55.0982 0488 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
15:19:55.0997 0488 amdsata - ok
15:19:56.0044 0488 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:19:56.0075 0488 amdsbs - ok
15:19:56.0106 0488 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
15:19:56.0122 0488 amdxata - ok
15:19:56.0200 0488 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:19:56.0231 0488 AntiVirSchedulerService - ok
15:19:56.0262 0488 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:19:56.0309 0488 AntiVirService - ok
15:19:56.0325 0488 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:19:56.0434 0488 AppID - ok
15:19:56.0450 0488 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:19:56.0496 0488 AppIDSvc - ok
15:19:56.0528 0488 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:19:56.0590 0488 Appinfo - ok
15:19:56.0668 0488 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:19:56.0699 0488 Apple Mobile Device - ok
15:19:56.0762 0488 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:19:56.0777 0488 arc - ok
15:19:56.0808 0488 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:19:56.0808 0488 arcsas - ok
15:19:56.0918 0488 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:19:56.0964 0488 aspnet_state - ok
15:19:56.0996 0488 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:19:57.0089 0488 AsyncMac - ok
15:19:57.0120 0488 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:19:57.0136 0488 atapi - ok
15:19:57.0167 0488 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:19:57.0214 0488 AudioEndpointBuilder - ok
15:19:57.0230 0488 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:19:57.0261 0488 AudioSrv - ok
15:19:57.0323 0488 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:19:57.0386 0488 avgntflt - ok
15:19:57.0417 0488 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:19:57.0448 0488 avipbb - ok
15:19:57.0479 0488 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:19:57.0495 0488 avkmgr - ok
15:19:57.0510 0488 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:19:57.0604 0488 AxInstSV - ok
15:19:57.0620 0488 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:19:57.0698 0488 b06bdrv - ok
15:19:57.0713 0488 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:19:57.0760 0488 b57nd60a - ok
15:19:57.0822 0488 [ E49110A58A32E9450356686A95DD7763 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
15:19:57.0869 0488 BCMH43XX - ok
15:19:57.0885 0488 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:19:57.0947 0488 BDESVC - ok
15:19:57.0963 0488 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:19:58.0025 0488 Beep - ok
15:19:58.0056 0488 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:19:58.0103 0488 BFE - ok
15:19:58.0212 0488 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
15:19:58.0244 0488 bgsvcgen - ok
15:19:58.0290 0488 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
15:19:58.0368 0488 BITS - ok
15:19:58.0400 0488 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:19:58.0431 0488 blbdrive - ok
15:19:58.0509 0488 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:19:58.0540 0488 Bonjour Service - ok
15:19:58.0571 0488 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:19:58.0618 0488 bowser - ok
15:19:58.0649 0488 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:19:58.0696 0488 BrFiltLo - ok
15:19:58.0712 0488 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:19:58.0743 0488 BrFiltUp - ok
15:19:58.0758 0488 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:19:58.0852 0488 BridgeMP - ok
15:19:58.0899 0488 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
15:19:58.0930 0488 Browser - ok
15:19:58.0946 0488 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:19:58.0977 0488 Brserid - ok
15:19:58.0992 0488 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:19:59.0024 0488 BrSerWdm - ok
15:19:59.0039 0488 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:19:59.0055 0488 BrUsbMdm - ok
15:19:59.0086 0488 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:19:59.0133 0488 BrUsbSer - ok
15:19:59.0148 0488 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:19:59.0211 0488 BTHMODEM - ok
15:19:59.0242 0488 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:19:59.0320 0488 bthserv - ok
15:19:59.0382 0488 catchme - ok
15:19:59.0445 0488 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
15:19:59.0507 0488 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
15:19:59.0507 0488 CCALib8 - detected UnsignedFile.Multi.Generic (1)
15:19:59.0538 0488 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:19:59.0585 0488 cdfs - ok
15:19:59.0601 0488 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:19:59.0632 0488 cdrom - ok
15:19:59.0679 0488 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:19:59.0741 0488 CertPropSvc - ok
15:19:59.0757 0488 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:19:59.0788 0488 circlass - ok
15:19:59.0819 0488 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:19:59.0850 0488 CLFS - ok
15:19:59.0897 0488 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:19:59.0928 0488 clr_optimization_v2.0.50727_32 - ok
15:19:59.0960 0488 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:19:59.0991 0488 clr_optimization_v2.0.50727_64 - ok
15:20:00.0053 0488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:00.0084 0488 clr_optimization_v4.0.30319_32 - ok
15:20:00.0131 0488 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:20:00.0178 0488 clr_optimization_v4.0.30319_64 - ok
15:20:00.0194 0488 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:00.0225 0488 CmBatt - ok
15:20:00.0256 0488 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:20:00.0272 0488 cmdide - ok
15:20:00.0287 0488 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
15:20:00.0318 0488 CNG - ok
15:20:00.0350 0488 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:20:00.0365 0488 Compbatt - ok
15:20:00.0381 0488 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:20:00.0412 0488 CompositeBus - ok
15:20:00.0428 0488 COMSysApp - ok
15:20:00.0443 0488 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:00.0459 0488 crcdisk - ok
15:20:00.0490 0488 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:20:00.0537 0488 CryptSvc - ok
15:20:00.0584 0488 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
15:20:00.0599 0488 CVirtA - ok
15:20:00.0677 0488 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
15:20:00.0708 0488 CVPND - ok
15:20:00.0771 0488 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
15:20:00.0771 0488 CVPNDRVA - ok
15:20:00.0833 0488 [ 23D4B856725F5FC3C4F410C150AB107B ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:20:00.0849 0488 dc3d - ok
15:20:00.0896 0488 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:20:00.0942 0488 DcomLaunch - ok
15:20:00.0974 0488 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:20:01.0020 0488 defragsvc - ok
15:20:01.0036 0488 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:20:01.0083 0488 DfsC - ok
15:20:01.0114 0488 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:20:01.0208 0488 Dhcp - ok
15:20:01.0239 0488 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:20:01.0286 0488 discache - ok
15:20:01.0317 0488 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:20:01.0348 0488 Disk - ok
15:20:01.0395 0488 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
15:20:01.0410 0488 DNE - ok
15:20:01.0426 0488 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:20:01.0488 0488 Dnscache - ok
15:20:01.0520 0488 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:20:01.0535 0488 dot3svc - ok
15:20:01.0551 0488 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:20:01.0566 0488 DPS - ok
15:20:01.0613 0488 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:20:01.0629 0488 drmkaud - ok
15:20:01.0644 0488 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:20:01.0676 0488 DXGKrnl - ok
15:20:01.0691 0488 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:20:01.0722 0488 EapHost - ok
15:20:01.0800 0488 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:20:01.0910 0488 ebdrv - ok
15:20:01.0941 0488 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
15:20:01.0988 0488 EFS - ok
15:20:02.0066 0488 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:20:02.0144 0488 ehRecvr - ok
15:20:02.0175 0488 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:20:02.0253 0488 ehSched - ok
15:20:02.0284 0488 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:20:02.0315 0488 elxstor - ok
15:20:02.0315 0488 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:20:02.0346 0488 ErrDev - ok
15:20:02.0378 0488 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:20:02.0409 0488 EventSystem - ok
15:20:02.0440 0488 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:20:02.0487 0488 exfat - ok
15:20:02.0534 0488 ezSharedSvc - ok
15:20:02.0534 0488 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:20:02.0580 0488 fastfat - ok
15:20:02.0643 0488 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:20:02.0705 0488 Fax - ok
15:20:02.0721 0488 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:20:02.0768 0488 fdc - ok
15:20:02.0799 0488 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:20:02.0877 0488 fdPHost - ok
15:20:02.0892 0488 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:20:02.0924 0488 FDResPub - ok
15:20:02.0924 0488 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:20:02.0939 0488 FileInfo - ok
15:20:02.0955 0488 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:20:03.0002 0488 Filetrace - ok
15:20:03.0017 0488 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:20:03.0033 0488 flpydisk - ok
15:20:03.0048 0488 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:20:03.0064 0488 FltMgr - ok
15:20:03.0080 0488 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
15:20:03.0158 0488 FontCache - ok
15:20:03.0204 0488 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:20:03.0236 0488 FontCache3.0.0.0 - ok
15:20:03.0251 0488 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:20:03.0282 0488 FsDepends - ok
15:20:03.0314 0488 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:20:03.0329 0488 fssfltr - ok
15:20:03.0392 0488 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:20:03.0454 0488 fsssvc - ok
15:20:03.0470 0488 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:20:03.0485 0488 Fs_Rec - ok
15:20:03.0532 0488 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:20:03.0579 0488 fvevol - ok
15:20:03.0594 0488 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:20:03.0610 0488 gagp30kx - ok
15:20:03.0657 0488 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:20:03.0672 0488 GameConsoleService - ok
15:20:03.0704 0488 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:20:03.0719 0488 GEARAspiWDM - ok
15:20:03.0766 0488 [ 9599A713E1776B8F69300FC9008F33C1 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
15:20:03.0828 0488 getPlusHelper - ok
15:20:03.0844 0488 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:20:03.0891 0488 gpsvc - ok
15:20:03.0938 0488 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:03.0969 0488 gupdate - ok
15:20:03.0984 0488 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:04.0000 0488 gupdatem - ok
15:20:04.0031 0488 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:20:04.0094 0488 hcw85cir - ok
15:20:04.0094 0488 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:20:04.0140 0488 HDAudBus - ok
15:20:04.0140 0488 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:20:04.0172 0488 HidBatt - ok
15:20:04.0172 0488 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:20:04.0203 0488 HidBth - ok
15:20:04.0218 0488 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:20:04.0250 0488 HidIr - ok
15:20:04.0281 0488 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:20:04.0343 0488 hidserv - ok
15:20:04.0359 0488 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:20:04.0406 0488 HidUsb - ok
15:20:04.0421 0488 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:20:04.0468 0488 hkmsvc - ok
15:20:04.0499 0488 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:20:04.0530 0488 HomeGroupListener - ok
15:20:04.0562 0488 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:20:04.0577 0488 HomeGroupProvider - ok
15:20:04.0624 0488 [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:20:04.0655 0488 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:20:04.0655 0488 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:20:04.0686 0488 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:20:04.0718 0488 hpqwmiex - ok
15:20:04.0733 0488 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:20:04.0749 0488 HpSAMD - ok
15:20:04.0780 0488 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:20:04.0827 0488 HTTP - ok
15:20:04.0827 0488 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:20:04.0842 0488 hwpolicy - ok
15:20:04.0858 0488 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:20:04.0874 0488 i8042prt - ok
15:20:04.0936 0488 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:20:04.0967 0488 IAANTMON - ok
15:20:04.0998 0488 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:20:05.0030 0488 iaStor - ok
15:20:05.0045 0488 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
15:20:05.0092 0488 iaStorV - ok
15:20:05.0139 0488 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:20:05.0201 0488 idsvc - ok
15:20:05.0217 0488 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:20:05.0232 0488 iirsp - ok
15:20:05.0264 0488 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:20:05.0326 0488 IKEEXT - ok
15:20:05.0404 0488 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:20:05.0451 0488 IntcAzAudAddService - ok
15:20:05.0466 0488 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:20:05.0482 0488 intelide - ok
15:20:05.0513 0488 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:20:05.0544 0488 intelppm - ok
15:20:05.0560 0488 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:20:05.0607 0488 IPBusEnum - ok
15:20:05.0638 0488 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:05.0654 0488 IpFilterDriver - ok
15:20:05.0685 0488 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:20:05.0732 0488 iphlpsvc - ok
15:20:05.0763 0488 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:20:05.0794 0488 IPMIDRV - ok
15:20:05.0825 0488 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:20:05.0856 0488 IPNAT - ok
15:20:05.0919 0488 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:20:05.0966 0488 iPod Service - ok
15:20:05.0966 0488 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:20:05.0981 0488 IRENUM - ok
15:20:05.0997 0488 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:20:05.0997 0488 isapnp - ok
15:20:06.0028 0488 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:20:06.0044 0488 iScsiPrt - ok
15:20:06.0059 0488 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:20:06.0075 0488 kbdclass - ok
15:20:06.0090 0488 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:20:06.0106 0488 kbdhid - ok
15:20:06.0137 0488 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
15:20:06.0168 0488 KeyIso - ok
15:20:06.0184 0488 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:20:06.0200 0488 KSecDD - ok
15:20:06.0215 0488 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:20:06.0231 0488 KSecPkg - ok
15:20:06.0231 0488 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:20:06.0278 0488 ksthunk - ok
15:20:06.0309 0488 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:20:06.0387 0488 KtmRm - ok
15:20:06.0418 0488 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:20:06.0465 0488 LanmanServer - ok
15:20:06.0496 0488 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:20:06.0543 0488 LanmanWorkstation - ok
15:20:06.0590 0488 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:20:06.0636 0488 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:20:06.0636 0488 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:20:06.0668 0488 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:20:06.0730 0488 lltdio - ok
15:20:06.0746 0488 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:20:06.0808 0488 lltdsvc - ok
15:20:06.0824 0488 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:20:06.0855 0488 lmhosts - ok
15:20:06.0870 0488 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:20:06.0886 0488 LSI_FC - ok
15:20:06.0886 0488 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:20:06.0902 0488 LSI_SAS - ok
15:20:06.0902 0488 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:20:06.0917 0488 LSI_SAS2 - ok
15:20:06.0933 0488 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:06.0948 0488 LSI_SCSI - ok
15:20:06.0964 0488 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:20:07.0011 0488 luafv - ok
15:20:07.0042 0488 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:20:07.0073 0488 Mcx2Svc - ok
15:20:07.0104 0488 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:20:07.0120 0488 megasas - ok
15:20:07.0136 0488 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:07.0151 0488 MegaSR - ok
15:20:07.0214 0488 Microsoft SharePoint Workspace Audit Service - ok
15:20:07.0229 0488 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:20:07.0323 0488 MMCSS - ok
15:20:07.0338 0488 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:20:07.0385 0488 Modem - ok
15:20:07.0401 0488 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:20:07.0432 0488 monitor - ok
15:20:07.0463 0488 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:20:07.0479 0488 mouclass - ok
15:20:07.0479 0488 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:20:07.0510 0488 mouhid - ok
15:20:07.0541 0488 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:20:07.0557 0488 mountmgr - ok
15:20:07.0572 0488 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:20:07.0588 0488 mpio - ok
15:20:07.0604 0488 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:20:07.0650 0488 mpsdrv - ok
15:20:07.0666 0488 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:20:07.0713 0488 MpsSvc - ok
15:20:07.0728 0488 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:20:07.0760 0488 MRxDAV - ok
15:20:07.0775 0488 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:07.0838 0488 mrxsmb - ok
15:20:07.0853 0488 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:07.0884 0488 mrxsmb10 - ok
15:20:07.0884 0488 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:07.0900 0488 mrxsmb20 - ok
15:20:07.0916 0488 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:20:07.0931 0488 msahci - ok
15:20:07.0947 0488 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:20:07.0962 0488 msdsm - ok
15:20:07.0978 0488 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:20:07.0978 0488 MSDTC - ok
15:20:07.0994 0488 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:20:08.0025 0488 Msfs - ok
15:20:08.0040 0488 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:20:08.0072 0488 mshidkmdf - ok
15:20:08.0103 0488 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:20:08.0118 0488 msisadrv - ok
15:20:08.0150 0488 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:20:08.0181 0488 MSiSCSI - ok
15:20:08.0181 0488 msiserver - ok
15:20:08.0196 0488 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:20:08.0228 0488 MSKSSRV - ok
15:20:08.0243 0488 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:08.0290 0488 MSPCLOCK - ok
15:20:08.0306 0488 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:20:08.0337 0488 MSPQM - ok
15:20:08.0368 0488 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:20:08.0384 0488 MsRPC - ok
15:20:08.0384 0488 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:20:08.0399 0488 mssmbios - ok
15:20:08.0399 0488 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:20:08.0446 0488 MSTEE - ok
15:20:08.0462 0488 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:08.0508 0488 MTConfig - ok
15:20:08.0540 0488 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:20:08.0540 0488 Mup - ok
15:20:08.0586 0488 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:20:08.0633 0488 napagent - ok
15:20:08.0664 0488 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:20:08.0696 0488 NativeWifiP - ok
15:20:08.0742 0488 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:20:08.0758 0488 NDIS - ok
15:20:08.0774 0488 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:08.0805 0488 NdisCap - ok
15:20:08.0820 0488 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:08.0852 0488 NdisTapi - ok
15:20:08.0852 0488 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:08.0914 0488 Ndisuio - ok
15:20:08.0945 0488 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:08.0976 0488 NdisWan - ok
15:20:08.0992 0488 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:20:09.0054 0488 NDProxy - ok
15:20:09.0086 0488 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:20:09.0117 0488 NetBIOS - ok
15:20:09.0117 0488 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:20:09.0164 0488 NetBT - ok
15:20:09.0179 0488 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
15:20:09.0179 0488 Netlogon - ok
15:20:09.0210 0488 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:20:09.0242 0488 Netman - ok
15:20:09.0273 0488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0288 0488 NetMsmqActivator - ok
15:20:09.0304 0488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0304 0488 NetPipeActivator - ok
15:20:09.0335 0488 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:20:09.0382 0488 netprofm - ok
15:20:09.0398 0488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0398 0488 NetTcpActivator - ok
15:20:09.0398 0488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:20:09.0413 0488 NetTcpPortSharing - ok
15:20:09.0444 0488 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:09.0460 0488 nfrd960 - ok
15:20:09.0507 0488 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:20:09.0569 0488 NlaSvc - ok
15:20:09.0585 0488 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:20:09.0600 0488 Npfs - ok
15:20:09.0616 0488 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:20:09.0647 0488 nsi - ok
15:20:09.0663 0488 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:20:09.0725 0488 nsiproxy - ok
15:20:09.0756 0488 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:20:09.0803 0488 Ntfs - ok
15:20:09.0803 0488 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:20:09.0850 0488 Null - ok
15:20:10.0068 0488 [ F0FBFE1E29FF233B0E000054C1FB968A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:20:10.0178 0488 nvlddmkm - ok
15:20:10.0209 0488 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
15:20:10.0224 0488 nvraid - ok
15:20:10.0256 0488 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
15:20:10.0271 0488 nvstor - ok
15:20:10.0302 0488 [ 4E70B5247914426722621180B8764514 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:20:10.0318 0488 nvsvc - ok
15:20:10.0349 0488 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:20:10.0365 0488 nv_agp - ok
15:20:10.0365 0488 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:20:10.0396 0488 ohci1394 - ok
15:20:10.0458 0488 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:10.0474 0488 ose - ok
15:20:10.0614 0488 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:20:10.0708 0488 osppsvc - ok
15:20:10.0724 0488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:20:10.0786 0488 p2pimsvc - ok
15:20:10.0802 0488 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:20:10.0817 0488 p2psvc - ok
15:20:10.0848 0488 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:20:10.0848 0488 Parport - ok
15:20:10.0864 0488 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:20:10.0880 0488 partmgr - ok
15:20:10.0895 0488 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:20:10.0926 0488 PcaSvc - ok
15:20:10.0958 0488 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:20:10.0973 0488 pci - ok
15:20:10.0989 0488 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:20:10.0989 0488 pciide - ok
15:20:11.0004 0488 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:11.0020 0488 pcmcia - ok
15:20:11.0036 0488 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:20:11.0036 0488 pcw - ok
15:20:11.0067 0488 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:20:11.0129 0488 PEAUTH - ok
15:20:11.0207 0488 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:20:11.0238 0488 PerfHost - ok
15:20:11.0301 0488 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:20:11.0394 0488 pla - ok
15:20:11.0457 0488 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:20:11.0504 0488 PlugPlay - ok
15:20:11.0519 0488 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:20:11.0535 0488 PNRPAutoReg - ok
15:20:11.0550 0488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:20:11.0566 0488 PNRPsvc - ok
15:20:11.0597 0488 [ B23F79E41E30ED500586151A9EF27D8F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
15:20:11.0597 0488 Point64 - ok
15:20:11.0628 0488 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:20:11.0691 0488 PolicyAgent - ok
15:20:11.0722 0488 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:20:11.0753 0488 Power - ok
15:20:11.0784 0488 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:20:11.0831 0488 PptpMiniport - ok
15:20:11.0847 0488 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:20:11.0878 0488 Processor - ok
15:20:11.0909 0488 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
15:20:11.0972 0488 ProfSvc - ok
15:20:12.0003 0488 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:20:12.0003 0488 ProtectedStorage - ok
15:20:12.0018 0488 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:20:12.0050 0488 Psched - ok
15:20:12.0081 0488 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:20:12.0096 0488 PxHlpa64 - ok
15:20:12.0143 0488 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:20:12.0206 0488 ql2300 - ok
15:20:12.0221 0488 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:12.0221 0488 ql40xx - ok
15:20:12.0252 0488 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:20:12.0268 0488 QWAVE - ok
15:20:12.0284 0488 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:20:12.0284 0488 QWAVEdrv - ok
15:20:12.0315 0488 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:20:12.0330 0488 RasAcd - ok
15:20:12.0362 0488 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:12.0393 0488 RasAgileVpn - ok
15:20:12.0393 0488 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:20:12.0455 0488 RasAuto - ok
15:20:12.0486 0488 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:12.0549 0488 Rasl2tp - ok
15:20:12.0564 0488 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:20:12.0611 0488 RasMan - ok
15:20:12.0642 0488 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:12.0689 0488 RasPppoe - ok
15:20:12.0705 0488 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:20:12.0736 0488 RasSstp - ok
15:20:12.0767 0488 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:20:12.0845 0488 rdbss - ok
15:20:12.0876 0488 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:12.0876 0488 rdpbus - ok
15:20:12.0892 0488 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:12.0923 0488 RDPCDD - ok
15:20:12.0923 0488 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:20:12.0970 0488 RDPENCDD - ok
15:20:12.0986 0488 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:20:13.0017 0488 RDPREFMP - ok
15:20:13.0017 0488 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:20:13.0079 0488 RDPWD - ok
15:20:13.0095 0488 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:20:13.0110 0488 rdyboost - ok
15:20:13.0126 0488 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:20:13.0157 0488 RemoteAccess - ok
15:20:13.0188 0488 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:20:13.0235 0488 RemoteRegistry - ok
15:20:13.0251 0488 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:20:13.0282 0488 RpcEptMapper - ok
15:20:13.0298 0488 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:20:13.0329 0488 RpcLocator - ok
15:20:13.0360 0488 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:20:13.0407 0488 RpcSs - ok
15:20:13.0422 0488 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:20:13.0469 0488 rspndr - ok
15:20:13.0516 0488 [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:20:13.0532 0488 RTL8167 - ok
15:20:13.0547 0488 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
15:20:13.0563 0488 SamSs - ok
15:20:13.0578 0488 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:20:13.0594 0488 sbp2port - ok
15:20:13.0625 0488 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:20:13.0656 0488 SCardSvr - ok
15:20:13.0672 0488 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:20:13.0734 0488 scfilter - ok
15:20:13.0766 0488 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
15:20:13.0812 0488 Schedule - ok
15:20:13.0875 0488 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
15:20:13.0890 0488 SCMNdisP - ok
15:20:13.0937 0488 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:20:13.0968 0488 SCPolicySvc - ok
15:20:13.0984 0488 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:20:14.0046 0488 SDRSVC - ok
15:20:14.0062 0488 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:20:14.0109 0488 secdrv - ok
15:20:14.0109 0488 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:20:14.0140 0488 seclogon - ok
15:20:14.0171 0488 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:20:14.0234 0488 SENS - ok
15:20:14.0265 0488 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:20:14.0312 0488 SensrSvc - ok
15:20:14.0327 0488 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:20:14.0343 0488 Serenum - ok
15:20:14.0358 0488 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:20:14.0405 0488 Serial - ok
15:20:14.0421 0488 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:20:14.0468 0488 sermouse - ok
15:20:14.0483 0488 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:20:14.0546 0488 SessionEnv - ok
15:20:14.0561 0488 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:20:14.0608 0488 sffdisk - ok
15:20:14.0624 0488 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:20:14.0655 0488 sffp_mmc - ok
15:20:14.0670 0488 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:20:14.0702 0488 sffp_sd - ok
15:20:14.0733 0488 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:14.0764 0488 sfloppy - ok
15:20:14.0811 0488 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:20:14.0858 0488 SharedAccess - ok
15:20:14.0873 0488 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:20:14.0904 0488 ShellHWDetection - ok
15:20:14.0936 0488 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:14.0951 0488 SiSRaid2 - ok
15:20:14.0982 0488 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:14.0998 0488 SiSRaid4 - ok
15:20:15.0014 0488 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:20:15.0060 0488 Smb - ok
15:20:15.0092 0488 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:20:15.0138 0488 SNMPTRAP - ok
15:20:15.0154 0488 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:20:15.0170 0488 spldr - ok
15:20:15.0185 0488 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
15:20:15.0248 0488 Spooler - ok
15:20:15.0310 0488 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:20:15.0419 0488 sppsvc - ok
15:20:15.0435 0488 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:20:15.0482 0488 sppuinotify - ok
15:20:15.0497 0488 [ DE6F5658DA951C4BC8E498570B5B0D5F ] srv C:\Windows\system32\DRIVERS\srv.sys
15:20:15.0528 0488 srv - ok
15:20:15.0575 0488 [ 4D33D59C0B930C523D29F9BD40CDA9D2 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:20:15.0606 0488 srv2 - ok
15:20:15.0638 0488 [ 5A663FD67049267BC5C3F3279E631FFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:20:15.0653 0488 srvnet - ok
15:20:15.0669 0488 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:20:15.0716 0488 SSDPSRV - ok
15:20:15.0731 0488 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:20:15.0762 0488 SstpSvc - ok
15:20:15.0778 0488 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:20:15.0778 0488 stexstor - ok
15:20:15.0794 0488 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:20:15.0809 0488 stisvc - ok
15:20:15.0825 0488 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:20:15.0825 0488 swenum - ok
15:20:15.0840 0488 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:20:15.0872 0488 swprv - ok
15:20:15.0918 0488 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:20:15.0981 0488 SysMain - ok
15:20:15.0996 0488 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:20:16.0012 0488 TabletInputService - ok
15:20:16.0043 0488 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:20:16.0090 0488 TapiSrv - ok
15:20:16.0090 0488 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:20:16.0137 0488 TBS - ok
15:20:16.0184 0488 [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:20:16.0230 0488 Tcpip - ok
15:20:16.0277 0488 [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:20:16.0324 0488 TCPIP6 - ok
15:20:16.0340 0488 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:20:16.0371 0488 tcpipreg - ok
15:20:16.0386 0488 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:20:16.0433 0488 TDPIPE - ok
15:20:16.0449 0488 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:20:16.0464 0488 TDTCP - ok
15:20:16.0480 0488 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:20:16.0511 0488 tdx - ok
15:20:16.0605 0488 [ 5624ACD0B7900BEABBD329443A4F4454 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
15:20:16.0636 0488 TeamViewer5 - ok
15:20:16.0667 0488 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:20:16.0667 0488 teamviewervpn - ok
15:20:16.0683 0488 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:20:16.0698 0488 TermDD - ok
15:20:16.0730 0488 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:20:16.0792 0488 TermService - ok
15:20:16.0823 0488 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:20:16.0839 0488 Themes - ok
15:20:16.0870 0488 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:20:16.0917 0488 THREADORDER - ok
15:20:16.0932 0488 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:20:16.0964 0488 TrkWks - ok
15:20:17.0026 0488 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:20:17.0057 0488 TrustedInstaller - ok
15:20:17.0088 0488 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:17.0151 0488 tssecsrv - ok
15:20:17.0166 0488 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:20:17.0213 0488 tunnel - ok
15:20:17.0244 0488 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:20:17.0260 0488 uagp35 - ok
15:20:17.0276 0488 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:20:17.0307 0488 udfs - ok
15:20:17.0322 0488 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:20:17.0338 0488 UI0Detect - ok
15:20:17.0354 0488 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:20:17.0354 0488 uliagpkx - ok
15:20:17.0369 0488 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:20:17.0385 0488 umbus - ok
15:20:17.0416 0488 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:20:17.0432 0488 UmPass - ok
15:20:17.0447 0488 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:20:17.0463 0488 upnphost - ok
15:20:17.0494 0488 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:20:17.0510 0488 USBAAPL64 - ok
15:20:17.0541 0488 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:20:17.0556 0488 usbaudio - ok
15:20:17.0588 0488 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:17.0619 0488 usbccgp - ok
15:20:17.0634 0488 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:20:17.0681 0488 usbcir - ok
15:20:17.0697 0488 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:20:17.0728 0488 usbehci - ok
15:20:17.0759 0488 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:20:17.0806 0488 usbhub - ok
15:20:17.0822 0488 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:20:17.0853 0488 usbohci - ok
15:20:17.0868 0488 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:20:17.0900 0488 usbprint - ok
15:20:17.0931 0488 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:20:17.0946 0488 usbscan - ok
15:20:17.0962 0488 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:17.0993 0488 USBSTOR - ok
15:20:18.0009 0488 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:20:18.0024 0488 usbuhci - ok
15:20:18.0040 0488 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:20:18.0087 0488 UxSms - ok
15:20:18.0102 0488 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
15:20:18.0102 0488 VaultSvc - ok
15:20:18.0134 0488 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:20:18.0134 0488 vdrvroot - ok
15:20:18.0165 0488 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:20:18.0212 0488 vds - ok
15:20:18.0243 0488 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:18.0258 0488 vga - ok
15:20:18.0274 0488 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:20:18.0321 0488 VgaSave - ok
15:20:18.0352 0488 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:20:18.0352 0488 vhdmp - ok
15:20:18.0368 0488 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:20:18.0368 0488 viaide - ok
15:20:18.0383 0488 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:20:18.0399 0488 volmgr - ok
15:20:18.0414 0488 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:20:18.0430 0488 volmgrx - ok
15:20:18.0446 0488 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:20:18.0461 0488 volsnap - ok
15:20:18.0477 0488 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:18.0492 0488 vsmraid - ok
15:20:18.0539 0488 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:20:18.0617 0488 VSS - ok
15:20:18.0633 0488 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:18.0648 0488 vwifibus - ok
15:20:18.0695 0488 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:18.0711 0488 vwififlt - ok
15:20:18.0742 0488 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:20:18.0758 0488 vwifimp - ok
15:20:18.0773 0488 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:20:18.0804 0488 W32Time - ok
15:20:18.0820 0488 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:20:18.0851 0488 WacomPen - ok
15:20:18.0882 0488 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:20:18.0960 0488 WANARP - ok
15:20:18.0960 0488 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:20:18.0976 0488 Wanarpv6 - ok
15:20:19.0023 0488 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:20:19.0101 0488 wbengine - ok
15:20:19.0116 0488 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:20:19.0148 0488 WbioSrvc - ok
15:20:19.0163 0488 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:20:19.0194 0488 wcncsvc - ok
15:20:19.0194 0488 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:20:19.0226 0488 WcsPlugInService - ok
15:20:19.0241 0488 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:20:19.0257 0488 Wd - ok
15:20:19.0288 0488 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:20:19.0304 0488 Wdf01000 - ok
15:20:19.0319 0488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:20:19.0350 0488 WdiServiceHost - ok
15:20:19.0366 0488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:20:19.0397 0488 WdiSystemHost - ok
15:20:19.0413 0488 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
15:20:19.0460 0488 WebClient - ok
15:20:19.0475 0488 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:20:19.0506 0488 Wecsvc - ok
15:20:19.0522 0488 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:20:19.0584 0488 wercplsupport - ok
15:20:19.0600 0488 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:20:19.0647 0488 WerSvc - ok
15:20:19.0662 0488 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:19.0678 0488 WfpLwf - ok
15:20:19.0694 0488 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:20:19.0694 0488 WIMMount - ok
15:20:19.0709 0488 WinDefend - ok
15:20:19.0709 0488 WinHttpAutoProxySvc - ok
15:20:19.0756 0488 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:20:19.0772 0488 Winmgmt - ok
15:20:19.0818 0488 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:20:19.0912 0488 WinRM - ok
15:20:19.0959 0488 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:19.0990 0488 WinUsb - ok
15:20:20.0052 0488 [ 0F695800783C3F9E577B94BF1E71D95A ] WLANBelkinService C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
15:20:20.0068 0488 WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
15:20:20.0068 0488 WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
15:20:20.0084 0488 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:20:20.0146 0488 Wlansvc - ok
15:20:20.0255 0488 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:20:20.0318 0488 wlidsvc - ok
15:20:20.0333 0488 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:20:20.0364 0488 WmiAcpi - ok
15:20:20.0380 0488 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:20:20.0427 0488 wmiApSrv - ok
15:20:20.0427 0488 WMPNetworkSvc - ok
15:20:20.0458 0488 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:20:20.0489 0488 WPCSvc - ok
15:20:20.0520 0488 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:20:20.0536 0488 WPDBusEnum - ok
15:20:20.0567 0488 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:20:20.0614 0488 ws2ifsl - ok
15:20:20.0630 0488 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
15:20:20.0676 0488 wscsvc - ok
15:20:20.0676 0488 WSearch - ok
15:20:20.0723 0488 [ 76FBEFAB6677AF9C498116F1AAEA8BDB ] WSWNA3100 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
15:20:20.0770 0488 WSWNA3100 ( UnsignedFile.Multi.Generic ) - warning
15:20:20.0770 0488 WSWNA3100 - detected UnsignedFile.Multi.Generic (1)
15:20:20.0832 0488 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:20:20.0910 0488 wuauserv - ok
15:20:20.0926 0488 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:20:20.0957 0488 WudfPf - ok
15:20:20.0988 0488 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:21.0051 0488 WUDFRd - ok
15:20:21.0066 0488 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:20:21.0144 0488 wudfsvc - ok
15:20:21.0160 0488 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:20:21.0207 0488 WwanSvc - ok
15:20:21.0300 0488 [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
15:20:21.0300 0488 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
15:20:21.0332 0488 ================ Scan global ===============================
15:20:21.0347 0488 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:20:21.0363 0488 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
15:20:21.0363 0488 [ B200DECA2186858595A97FBE63E896CC ] C:\Windows\system32\winsrv.dll
15:20:21.0394 0488 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:20:21.0410 0488 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:20:21.0425 0488 [Global] - ok
15:20:21.0425 0488 ================ Scan MBR ==================================
15:20:21.0425 0488 [ 353F71FFD05627A1E79698548889C581 ] \Device\Harddisk0\DR0
15:20:21.0628 0488 \Device\Harddisk0\DR0 - ok
15:20:21.0628 0488 [ 4606A12AED5E4CE105136C6C9C8EA568 ] \Device\Harddisk1\DR1
15:20:21.0706 0488 \Device\Harddisk1\DR1 - ok
15:20:21.0722 0488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
15:20:22.0689 0488 \Device\Harddisk2\DR2 - ok
15:20:22.0689 0488 ================ Scan VBR ==================================
15:20:22.0704 0488 [ CD4044DC58EE61929C177AF7FA813318 ] \Device\Harddisk0\DR0\Partition1
15:20:22.0704 0488 \Device\Harddisk0\DR0\Partition1 - ok
15:20:22.0720 0488 [ 5FA5CDF5485FB8FD38C82997B94A4E67 ] \Device\Harddisk0\DR0\Partition2
15:20:22.0720 0488 \Device\Harddisk0\DR0\Partition2 - ok
15:20:22.0736 0488 [ CF22E3603587FC318B0C0F172036F534 ] \Device\Harddisk0\DR0\Partition3
15:20:22.0751 0488 \Device\Harddisk0\DR0\Partition3 - ok
15:20:22.0751 0488 [ D2081CB93FE1B3D64A5AAAF7417E4E7A ] \Device\Harddisk1\DR1\Partition1
15:20:22.0751 0488 \Device\Harddisk1\DR1\Partition1 - ok
15:20:22.0751 0488 [ 24C33367AF2B127B146B79558F096340 ] \Device\Harddisk2\DR2\Partition1
15:20:22.0751 0488 \Device\Harddisk2\DR2\Partition1 - ok
15:20:22.0751 0488 ============================================================
15:20:22.0751 0488 Scan finished
15:20:22.0751 0488 ============================================================
15:20:22.0767 5972 Detected object count: 6
15:20:22.0767 5972 Actual detected object count: 6
15:20:32.0439 5972 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972 AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:32.0439 5972 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:32.0439 5972 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:32.0439 5972 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:32.0439 5972 WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972 WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:20:32.0439 5972 WSWNA3100 ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:32.0439 5972 WSWNA3100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
shopgirl |
|
23.11.2012, 16:23
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehrZitat:
__________________ --> JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr |
|
23.11.2012, 16:25
| #7 |
| | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr sorry. da hab ich schlampig gelesen :-( hier isses: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 16:27:01
-----------------------------
16:27:01.130 OS Version: Windows x64 6.1.7600
16:27:01.130 Number of processors: 8 586 0x1E05
16:27:01.130 ComputerName: HPBERLIN-PC UserName: HP Berlin
16:27:10.084 Initialize success
16:27:14.562 AVAST engine defs: 12112300
16:27:17.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:27:17.994 Disk 0 Vendor: ST375052 HP34 Size: 715404MB BusType: 8
16:27:17.994 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:27:17.994 Disk 1 Vendor: ST375052 HP34 Size: 715404MB BusType: 8
16:27:18.009 Disk 0 MBR read successfully
16:27:18.025 Disk 0 MBR scan
16:27:18.025 Disk 0 unknown MBR code
16:27:18.040 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:27:18.056 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700569 MB offset 206848
16:27:18.087 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14733 MB offset 1434972160
16:27:18.150 Disk 0 scanning C:\Windows\system32\drivers
16:27:30.286 Service scanning
16:27:50.754 Modules scanning
16:27:50.754 Disk 0 trace - called modules:
16:27:50.785 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:27:50.785 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dc5060]
16:27:50.800 3 CLASSPNP.SYS[fffff880015cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b45050]
16:27:50.800 Scan finished successfully
16:30:03.557 Disk 0 MBR has been saved successfully to "C:\Users\HP Berlin\Desktop\MBR.dat"
16:30:03.557 The log file has been saved successfully to "C:\Users\HP Berlin\Desktop\aswMBR.txt"
|
|
23.11.2012, 17:09
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2012, 18:52
| #9 |
| | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr hallo, hier das combofix-protokoll: [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-23.02 - HP Berlin 23.11.2012 18:06:11.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.8183.6101 [GMT 1:00]
ausgeführt von:: c:\users\HP Berlin\Desktop\AntiSpyware\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP Berlin\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-23 bis 2012-11-23 ))))))))))))))))))))))))))))))
.
.
2012-11-23 17:14 . 2012-11-23 17:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-23 17:14 . 2012-11-23 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 17:14 . 2012-11-23 17:14 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-11-23 17:14 . 2012-11-23 17:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-19 20:18 . 2012-11-19 20:18 -------- d-----w- c:\programdata\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2012-06-13 20:40 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"TVTip"="c:\programme\TV Movie\TV Movie ClickFinder\tvstart.exe" [2010-07-29 102400]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-14 835224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-07-01 6951680]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-07-01 56064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2012-2-11 2430464]
.
c:\users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dropbox.lnk - c:\users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-25 26909544]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2010-10-14 4562944]
phase-6 Reminder.lnk - c:\program files (x86)\phase-6\phase-6\reminder\reminder.exe [2012-9-4 724992]
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
Spamihilator.lnk - c:\program files (x86)\Spamihilator\spamihilator.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/24 16:32];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-23 18:45 146928]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-14 169624]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 51584]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 35112]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 29133671
*Deregistered* - 29133671
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 10:23]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-05 10:23]
.
2010-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\HP Berlin\AppData\Roaming\Mozilla\Firefox\Profiles\13la5nka.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-23 18:19:11
ComboFix-quarantined-files.txt 2012-11-23 17:19
ComboFix2.txt 2012-06-16 09:50
.
Vor Suchlauf: 12 Verzeichnis(se), 529.509.892.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 530.142.203.904 Bytes frei
.
- - End Of File - - 2DDB708623ADEBC0ECEAD27F1D94EBC4
danke, shopgirl |
|
23.11.2012, 20:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2012, 22:14
| #11 |
| | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr hier ist das log: Code:
ATTFilter # AdwCleaner v2.008 - Datei am 23/11/2012 um 22:07:43 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : HP Berlin - HPBERLIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HP Berlin\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\HP Berlin\AppData\LocalLow\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\HP Berlin\AppData\Roaming\Mozilla\Firefox\Profiles\13la5nka.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1493 octets] - [23/11/2012 22:07:43]
########## EOF - C:\AdwCleaner[R1].txt - [1553 octets] ##########
shopgirl |
|
26.11.2012, 10:05
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 10:25
| #13 |
| | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr hier erst mal die log-datei vom adwcleaner: Code:
ATTFilter # AdwCleaner v2.009 - Datei am 26/11/2012 um 10:11:31 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : HP Berlin - HPBERLIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HP Berlin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\HP Berlin\AppData\LocalLow\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Profilname : default
Datei : C:\Users\HP Berlin\AppData\Roaming\Mozilla\Firefox\Profiles\13la5nka.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1620 octets] - [23/11/2012 22:07:43]
AdwCleaner[S1].txt - [1043 octets] - [26/11/2012 10:11:31]
########## EOF - C:\AdwCleaner[S1].txt - [1103 octets] ##########
danke, shopgirl hier die otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2012 10:26:48 - Run 6 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop\AntiSpyware 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,93% Memory free 11,90 Gb Paging File | 9,57 Gb Available in Paging File | 80,43% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 491,97 Gb Free Space | 71,91% Space Free | Partition Type: NTFS Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 698,64 Gb Total Space | 504,82 Gb Free Space | 72,26% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive O: | 1396,92 Gb Total Space | 839,31 Gb Free Space | 60,08% Space Free | Partition Type: FAT32 Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) PRC - C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe (E.W.E.-Software) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () PRC - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll () MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll () MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe () MOD - C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll () MOD - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WSWNA3100) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe () SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WLANBelkinService) -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe () SRV - (getPlusHelper) @C:\Program Files (x86) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (CCALib8) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider) DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9} IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 21:41:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.23 11:52:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions [2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.01 18:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Firefox\Profiles\13la5nka.default\extensions [2012.09.23 11:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.16 10:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software) O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.11.22 20:43:59 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.26 09:58:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{89B5D7DE-1F64-419D-935D-2763420127ED} [2012.11.25 10:52:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{23C60C99-1094-49EE-8B2A-143438135121} [2012.11.24 21:33:06 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CC3EB116-9C70-4A98-A736-E2F0847E66DD} [2012.11.24 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CA91F4A8-2686-4EF0-B7DF-64957BEEEB3E} [2012.11.24 09:28:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.23 18:19:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.23 14:36:37 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HP Berlin\Desktop\tdsskiller.exe [2012.11.23 14:36:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\HP Berlin\Desktop\aswMBR.exe [2012.11.23 12:45:01 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{2CE22140-05D6-4794-B35C-2B68AF69642D} [2012.11.22 18:24:28 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A2D5D96D-29E5-4E6F-ABE4-7ACBE0F0FCEB} [2012.11.21 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8EEC5C5C-0CEE-4EED-8F31-A4710E426A73} [2012.11.20 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1EC5ED30-FDE7-4764-9BB4-CD93974CBF88} [2012.11.19 21:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery [2012.11.19 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0929D70E-88D2-4007-8E58-F048718ED315} [2012.11.19 10:34:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DCC784B6-79A5-4781-8178-B47432DE31E0} [2012.11.18 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AC1AED9A-E2B9-4466-9F05-8ABCE3EF831E} [2012.11.18 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9784BF28-E68A-4859-8C53-419F4A757915} [2012.11.17 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{45AD049F-F939-4FF3-A811-ADF9C1AA641C} [2012.11.17 10:33:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED3FE1C2-99F9-42CA-BA7B-9C8FE5436AE9} [2012.11.16 20:49:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5770DFB3-F22F-4351-A809-D82E49541AF8} [2012.11.16 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9D2456A1-BE43-49CB-A60B-9BE57BA45706} [2012.11.15 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{506EB94F-341B-4A95-8658-B285A5E4F246} [2012.11.14 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA0EFF52-D535-4762-86C0-9EAC96195613} [2012.11.14 08:58:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F525D118-91B5-40D6-890A-CB5F88CAEE5E} [2012.11.13 09:38:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B500A58B-4191-42DC-B40B-43068B3E5BC1} [2012.11.12 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C48C946B-FA5B-4E08-BF8C-E79D22DADB95} [2012.11.12 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7FBDB8E-A5FF-43C6-84A9-E993E30B0459} [2012.11.11 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6BDAD0C-3A9D-4BE8-AC6C-67A34E968BD5} [2012.11.09 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8EEAD40-2204-4E57-AB76-B574C6CFFCF0} [2012.11.08 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{519CC909-217D-4629-925D-28BDAE42F89D} [2012.11.07 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{742F2C70-138B-40E9-96CB-B9F99F5C94F0} [2012.11.06 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AF300890-1F02-4816-8326-B04AD23AF5A7} [2012.11.05 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0343BF73-538B-4084-A9E8-5E49DFA03A24} [2012.11.05 09:19:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6FFADC1-DB24-41BD-A24C-BFA06BD4F6C2} [2012.11.04 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CFB3CF4D-38EB-4AB4-AC72-8C4D9B1FF81B} [2012.11.03 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EC9D1CFF-407F-4FFA-ACBE-0E8634590C58} [2012.11.03 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9CF69E3E-F113-4407-B496-227F9645FD61} [2012.11.02 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{103326DD-19C2-4FCE-B21D-CD0889AA76F4} [2012.10.31 19:24:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{905AB02E-EECD-4696-BFD5-4314616E6B62} [2012.10.31 07:24:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A68CB485-DA37-46BA-B0F6-9F821DCF3BCA} [2012.10.30 18:11:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA491B2B-FBC0-4B4F-A5C4-13009FA0C30F} [2012.10.29 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3CC5A4E5-C261-432E-B9F4-7D031947E234} [2012.10.29 10:40:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9ED5F4FC-DB7C-41F2-BB02-25B7BC8BEDA0} [2012.10.28 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6F078ECC-6355-4741-A8AD-0CA4D5B4CC48} [2012.10.28 10:39:35 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C724B98A-6D08-4996-9429-2B306B08F134} [2012.10.27 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{69F66856-B145-4173-A636-8A15BC7052C6} [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.26 10:29:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 10:29:22 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 10:26:08 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.26 10:26:08 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.26 10:26:08 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.26 10:26:08 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.26 10:26:08 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.26 10:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.26 10:20:59 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys [2012.11.26 10:17:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.26 10:11:07 | 000,480,125 | ---- | M] () -- C:\Users\HP Berlin\Desktop\adwcleaner.exe [2012.11.23 18:02:20 | 000,001,112 | ---- | M] () -- C:\Users\HP Berlin\Desktop\ComboFix.exe - Verknüpfung.lnk [2012.11.23 14:36:44 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HP Berlin\Desktop\tdsskiller.exe [2012.11.23 14:36:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\HP Berlin\Desktop\aswMBR.exe [2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.26 10:11:07 | 000,480,125 | ---- | C] () -- C:\Users\HP Berlin\Desktop\adwcleaner.exe [2012.11.23 18:02:20 | 000,001,112 | ---- | C] () -- C:\Users\HP Berlin\Desktop\ComboFix.exe - Verknüpfung.lnk [2012.06.30 21:31:01 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.16 10:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.16 10:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.16 10:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.16 10:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.16 10:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.08.23 20:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2011.06.08 15:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.06.08 15:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.06.08 15:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.06.08 15:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.06.08 15:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.06.08 15:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.06.08 15:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.06.08 15:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.06.08 15:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.06.08 15:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.06.08 15:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.06.08 15:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.06.08 15:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.06.08 15:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.06.08 15:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini < End of report > und extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.11.2012 10:26:48 - Run 6
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\HP Berlin\Desktop\AntiSpyware
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 71,93% Memory free
11,90 Gb Paging File | 9,57 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 491,97 Gb Free Space | 71,91% Space Free | Partition Type: NTFS
Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 504,82 Gb Free Space | 72,26% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive O: | 1396,92 Gb Total Space | 839,31 Gb Free Space | 60,08% Space Free | Partition Type: FAT32
Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe" = C:\Program Files (x86)\fotobuch\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6723F1-3AA5-4178-A134-378DFD45C9DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2F5FB749-1B56-4F53-8ADB-1AE77AC19E15}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30F7E1EA-4ACC-4B21-90F4-3266647E4E0B}" = lport=139 | protocol=6 | dir=in | app=system |
"{37982EEA-E668-4804-983F-16B4ECADA90A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3FE195CA-DACC-45C3-A17B-B519D76A3FA6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{445CAABC-9528-4371-BE02-38A95611AD55}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46198814-B7C6-442B-84A0-9915B1F345AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F7C2CFA-DF80-45BF-A619-7FD42A20FF3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57C75115-701B-4DDB-A8D3-C6C2FC0E73F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C139211-916A-4472-B674-4F9588905141}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{66C05EB8-41FA-432B-978B-F81DD97BD24C}" = lport=445 | protocol=6 | dir=in | app=system |
"{73AB7051-BCB8-4F39-8850-013CBE62F07E}" = rport=139 | protocol=6 | dir=out | app=system |
"{7B127F56-E23A-40B6-A3E1-0BFBE18201C4}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B8EB3BD-48B0-410B-BB7B-729068BF66AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B915E9C-D0BD-497E-96FC-7D73C7A094F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EAF5E7C-22AA-425E-9236-D9AE254B7768}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{893E1496-5BAF-4611-B4F3-35F6958A15AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{A11796D3-B610-4572-B96B-B5733AD49081}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A789C1F8-BDA6-4E11-AB15-94B64B29EAEC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B99B63A6-6704-4806-A31A-CBD27FF86385}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C46FD838-F370-4FB8-9BBD-BFE2BB3D21AE}" = rport=138 | protocol=17 | dir=out | app=system |
"{D570279A-C23E-45E3-98B9-6293B8109E35}" = rport=137 | protocol=17 | dir=out | app=system |
"{D83548CD-891C-4AF8-A147-227D4CEEBE80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3DCE4C2-A6BA-40DF-A559-C756A07A84E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FC62FB21-724A-4002-8F9B-45D678464F21}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FF93FBAD-D33D-44A0-8823-5E1F2B265085}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00426580-9ED5-4086-84F4-BCD2D955E7D3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{04157473-AD19-427C-A1EC-E2E2B8A5B405}" = protocol=6 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{06011756-9F1E-488C-8488-0BEFA68DB070}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{0E644D02-DA0A-4740-97A5-1DFC549EBB46}" = protocol=17 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{1038B6B3-8008-4289-91FA-BB024639C61F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1246896F-3FB6-4B4A-AE7E-76A6D712B4BD}" = protocol=6 | dir=in | app=c:\program files\spamihilator\dccproc.exe |
"{49D25E51-A077-455D-BBFD-EFDDE6F92F4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4A6B2281-4B33-4A87-B3D4-C1FC43DEAEA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5D9632EA-5BF4-47E5-BA2E-A24ADBA0F1EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62C37E21-43C8-45B1-9CCF-948FC7DC5C14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6FD5C595-8E48-45E4-ABD5-E063803224B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73E77AE3-AB57-48D1-A9EC-557C04A8C3F3}" = protocol=17 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{75E23F31-B9E5-4DB8-AFFF-79297D1D67F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7AC716B8-197A-465E-A9B9-04815AC0B2C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88EE2069-9573-4CF0-9FA2-B178C3A5849E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89F109EA-945C-48CA-8C36-1810DD70A418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BB68255-F14C-48C0-A050-AA89F03C896A}" = protocol=6 | dir=in | app=c:\program files\spamihilator\spamihilator.exe |
"{9ACDEE99-9124-4EFE-B3AA-AF8F9D5BE477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9D04A4BE-A3FB-40C5-B433-60432A99EA17}" = protocol=17 | dir=in | app=c:\program files\spamihilator\cdcc.exe |
"{9E39D92A-B621-4941-AE43-902B9C4FBEE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F5CD7B7-9201-45E5-942F-F93CAA8E8ECF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9FFDAA89-1AB4-46DC-B94C-8FFE4C74FB54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AD814EF6-5D1A-427D-8497-13D08AA46E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADAAE05A-71EB-4674-A1C2-72D8370ED6EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C5F1BEA8-0071-44F1-AA8A-E83DBF173EED}" = protocol=6 | dir=out | app=system |
"{CA37F01F-C9E8-4534-BE0C-5819A8AB164F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBFBAAD6-7115-40EE-94B9-9CE0054EF007}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CD11C58A-E577-48D9-B13F-31E458643A14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D112E899-0A10-4EDF-8B84-7032A3705F11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DD37C8FA-FBA3-4D7C-BEEC-AED4EB6E5D57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEA85D8E-D5B6-489E-A41B-6642922D4302}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F8AC9631-8608-4EEB-A96B-B424083CC915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{102458A7-93BA-4D2D-B502-45DF3BB2900A}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe |
"TCP Query User{84C1C32E-56CB-4A32-B885-A62A7503272E}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe |
"TCP Query User{A5A45BC6-9DCF-4B5B-A37A-EA078AEC33B8}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=6 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe |
"TCP Query User{E52E0D2E-1531-4222-BDA3-D944DD821488}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe |
"UDP Query User{541FCEAC-C572-4E00-962C-F65FB624CE20}C:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 4\dreamweaver.exe |
"UDP Query User{7DC7B10E-DB97-4F83-88FD-6ECF7E8525C0}C:\program files (x86)\ws_ftp pro\wsftppro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp pro\wsftppro.exe |
"UDP Query User{E869A862-D593-4352-B36B-50FBC58E2511}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe |
"UDP Query User{FA483786-E7FA-404E-9D26-E6AC6A497359}C:\users\hp berlin\appdata\roaming\biyva\myasi.exe" = protocol=17 | dir=in | app=c:\users\hp berlin\appdata\roaming\biyva\myasi.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{3BBD5B14-D5E1-4863-946F-BE91A2B0C3AE}" = Spamihilator 1.0.0 (64-Bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}" = BOINC
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"PC-Doctor for Windows" = Hardwarediagnosetools
"PremElem100" = Adobe Premiere Elements 10
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1A2ACDC-0C22-4EB1-B958-1898A93DAF28}" = TV Movie ClickFinder
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AD708DF0-9F04-4CB3-821A-85804A833B4D}" = ArcSoft Camera Suite
"{ADFB7C0D-854E-4FDA-8861-9447F182AEF9}" = Dynamic Draw 5.4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECE80888-45E5-46FD-8E0C-FEF3648847BB}" = Sibelius Scorch (all browsers)
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8781-9705-0578-2960" = Medienmanager 1.3.0
"8BF2152B-6835-4FF3-A2EC-5BDAB46DCDFF_is1" = Accord CD Ripper Free 6.3.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Astrorix Gold" = Astrorix Gold
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Aura Video Converter_is1" = Aura Video Converter 1.2.3
"Aura4You Software Manager_is1" = Aura4You Software Manager 1.0.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Carlton Books Demo" = Carlton Books Demo
"CassetteMate" = CassetteMate
"Cell_Biology_Interactive" = Cell Biology Interactive
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CSCLIB" = Canon Camera Support Core Library
"Cuber Extreme" = Cuber Extreme
"Designer 2.0_is1" = Designer 2.0
"EasyBits Magic Desktop" = Magic Desktop
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FFsim" = Feuerwehr-Simulator 2010
"FileZilla Client" = FileZilla Client 3.5.3
"Free 3D Video Maker_is1" = Free 3D Video Maker version 1.0.1.426
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.26.602
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Audio Converter_is1" = Free Audio Converter version 2.2.9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.602
"Free DVD Video Converter_is1" = Free DVD Video Converter version 2.0.11.1005
"Free Video Dub_is1" = Free Video Dub version 1.8.12.602
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.12.602
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.25.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HandBrake" = HandBrake 0.9.6
"HijackThis" = HijackThis 2.0.2
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MultitrackStudio_is1" = MultitrackStudio Lite 6.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF reDirect" = PDF reDirect (remove only)
"phase-6" = phase-6 2.3.1a
"PhotoStitch" = Canon Utilities PhotoStitch
"PixelNet Foto Client" = PixelNet Foto Client 4.8
"Rainlendar2" = Rainlendar2 (remove only)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Scratch" = Scratch
"StarBall_is1" = Star Ball
"TeamViewer 5" = TeamViewer 5
"TFA_Nexus" = TFA_Nexus
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games
"WildTangent wildgames Master Uninstall" = WildTangent-Spiele
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.8
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"Winsyntax" = Winsyntax 2.0
"WMBackup-BackupfürWindowsMail" = WMBackup - Windows Mail Backup
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-165768795-3393855570-1586056821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:21:03 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 25.11.2012 13:23:02 | Computer Name = HPBerlin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 24.11.2012 19:30:06 | Computer Name = HPBerlin-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 25.11.2012 05:37:10 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Belkin WLAN service erreicht.
Error - 25.11.2012 05:37:10 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.11.2012 04:54:21 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Belkin WLAN service erreicht.
Error - 26.11.2012 04:54:21 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.11.2012 05:21:11 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Belkin WLAN service erreicht.
Error - 26.11.2012 05:21:11 | Computer Name = HPBerlin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Belkin WLAN service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
danke, shopgirl |
|
26.11.2012, 11:38
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 11:50
| #15 |
| | JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr hier der malware-scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.26.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 HP Berlin :: HPBERLIN-PC [Administrator] 26.11.2012 11:42:46 mbam-log-2012-11-26 (11-42-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 249199 Laufzeit: 3 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) also, der eset scannt seit fast 4 stunden und ist bei 21 %. bis jetzt hat er 1 fund, eine variante der win32/SoftonicDownloader Application. ich melde mich dann wieder in vielen, vielen stunden, wenn er fertig ist ;-) |
|
| Themen zu JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr |
| adobe, antivir guard, avg, avira, bho, bonjour, canon, converter, defender, desktop, firefox, hijack, hijackthis, home, iexplore.exe, internet, logfile, mp3, netgear, nodrives, object, phish/paypal.ax, phishing, plug-in, programm, realtek, system, windows |
Linear-Darstellung
