|
Log-Analyse und Auswertung: System infiziert. Email geblocked.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.12.2012, 16:13 | #1 |
| System infiziert. Email geblocked. Hallo, ich wollte gerade auf meine Mail Adresse, konnte diese aber nicht öffnen da sie gespeert wurde mit der Begründung, dass unbefugte auf mein Postfach zugegriffen haben und diese für Spam-Versand missbraucht wurde. Kann natürlich sein, dass da nix dran ist aber ich will sicherheitshalber trotzdem mal mein System checken lassen. Hier die OTL Logs: OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.12.2012 15:48:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,21% Memory free 8,00 Gb Paging File | 6,02 Gb Available in Paging File | 75,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 123,02 Gb Free Space | 62,99% Space Free | Partition Type: NTFS Drive D: | 270,35 Gb Total Space | 256,26 Gb Free Space | 94,79% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.07 15:47:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.12.05 16:32:55 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.03 17:58:54 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.11.08 12:40:42 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.26 18:05:04 | 004,656,632 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe ========== Modules (No Company Name) ========== MOD - [2012.12.07 12:03:40 | 000,192,512 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfamcc00001.dll MOD - [2012.12.07 12:03:40 | 000,158,720 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\sfareca00001.dll MOD - [2012.12.05 16:32:54 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.08 12:40:42 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.07.04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.05 16:32:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.08 12:40:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.09.19 17:36:39 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.04.05 10:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.21 01:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 03:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2009.03.30 03:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2008.07.10 04:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 BD 30 8B 72 21 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={73434520-FCB8-11E1-864B-001D601A0B15}&src=2&crg=3.1010000.10001&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={73434520-FCB8-11E1-864B-001D601A0B15}&src=2&crg=3.1010000.10001&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.12 13:34:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 16:32:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.23 18:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.24 14:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7rdr8s2k.default\extensions [2012.11.22 15:24:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7rdr8s2k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.11.24 14:08:00 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7rdr8s2k.default\extensions\foxyproxy@eric.h.jung [2012.11.23 17:15:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7rdr8s2k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.07 11:33:10 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7rdr8s2k.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.09.12 10:01:42 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7rdr8s2k.default\searchplugins\sweetim.xml [2012.12.05 16:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.05 16:32:55 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 09:18:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14F12F9C-2183-4F53-9987-3402D007D014}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e4fc4def-8df1-11e1-b2f8-001d601a0b15}\Shell - "" = AutoRun O33 - MountPoints2\{e4fc4def-8df1-11e1-b2f8-001d601a0b15}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.05 18:39:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Polen 2012 [2012.12.05 16:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.03 17:58:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Spotify [2012.12.03 17:58:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spotify [2012.11.28 18:12:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.11.27 15:48:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2012.11.27 15:48:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2012.11.27 15:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.11.27 15:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.11.27 15:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.11.27 15:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.11.27 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.11.27 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.11.27 15:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.11.27 15:46:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.11.27 15:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.11.27 15:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.11.27 15:41:45 | 000,000,000 | ---D | C] -- C:\AMD [2012.11.26 13:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.11.26 13:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.11.26 13:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.11.26 13:29:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.11.26 13:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012.11.26 13:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.11.16 15:41:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2012.11.16 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.11.16 15:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN ========== Files - Modified Within 30 Days ========== [2012.12.07 15:47:31 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.07 15:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.07 12:08:13 | 000,021,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 12:08:13 | 000,021,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 12:06:57 | 001,796,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.07 12:06:57 | 000,762,208 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.07 12:06:57 | 000,717,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.07 12:06:57 | 000,172,594 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.07 12:06:57 | 000,145,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.07 12:00:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.07 12:00:33 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012.12.03 17:58:56 | 000,001,799 | ---- | M] () -- C:\Users\***\Desktop\Spotify.lnk [2012.11.29 12:30:28 | 004,962,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.28 22:01:38 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.11.28 21:57:00 | 000,236,539 | ---- | M] () -- C:\Users\***\Desktop\DigY-Sig.png [2012.11.26 13:58:35 | 000,001,715 | ---- | M] () -- C:\Users\***\Desktop\Photoshop.exe.lnk [2012.11.20 21:58:16 | 000,009,334 | ---- | M] () -- C:\Users\***\Desktop\28204901_02.zip [2012.11.16 15:40:43 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.11.12 13:34:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt ========== Files Created - No Company Name ========== [2012.12.07 15:47:31 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.12.03 17:58:56 | 000,001,799 | ---- | C] () -- C:\Users\***\Desktop\Spotify.lnk [2012.12.03 17:58:56 | 000,001,785 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.11.28 21:57:00 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.11.28 21:56:54 | 000,236,539 | ---- | C] () -- C:\Users\***\Desktop\DigY-Sig.png [2012.11.26 13:58:35 | 000,001,715 | ---- | C] () -- C:\Users\***\Desktop\Photoshop.exe.lnk [2012.11.26 13:53:52 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2012.11.26 13:52:54 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012.11.26 13:51:16 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012.11.26 13:51:11 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012.11.26 13:29:32 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.11.20 21:58:13 | 000,009,334 | ---- | C] () -- C:\Users\***\Desktop\28204901_02.zip [2012.11.16 15:40:43 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.24 12:26:25 | 001,773,836 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.23 17:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.23 23:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple [2012.11.26 13:29:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.04.24 11:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.04.24 13:23:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.05.14 13:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland [2012.12.07 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2012.11.28 18:12:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.06.20 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2012.04.24 16:56:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.05.10 15:46:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > [/CODE] Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.12.2012 15:48:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,21% Memory free 8,00 Gb Paging File | 6,02 Gb Available in Paging File | 75,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,31 Gb Total Space | 123,02 Gb Free Space | 62,99% Space Free | Partition Type: NTFS Drive D: | 270,35 Gb Total Space | 256,26 Gb Free Space | 94,79% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04DA82E9-1216-4C07-B096-007917C63665}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0CBF926E-1606-44B5-9D93-46BB7B99FE16}" = lport=10243 | protocol=6 | dir=in | app=system | "{277EAA6B-FAB2-48C9-A020-C50CFFB412BB}" = rport=138 | protocol=17 | dir=out | app=system | "{2819719B-6E80-496B-AF4D-1FDB777F1DB8}" = lport=139 | protocol=6 | dir=in | app=system | "{2ADC411A-5293-4843-8AAF-52CCDCAC09EF}" = rport=137 | protocol=17 | dir=out | app=system | "{36D99E2B-9EA2-4F60-86E2-3DF66509F270}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{61B7C948-94D3-40F1-ADC6-09AC92EEBDB0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{62D289F1-4C84-456C-99BC-BB57FC74934F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6DAE88A2-8689-436D-880D-0CCCA06156B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7D5BF734-8D6C-442D-A6CE-EBCA420D4989}" = lport=138 | protocol=17 | dir=in | app=system | "{8998DF07-C462-4353-A1A3-0EA3AB35DD5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8BC21918-AA5D-4257-89AC-A1C8F29F8733}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{95866CD7-63E0-4E3C-BE6E-5635A8F45F39}" = rport=445 | protocol=6 | dir=out | app=system | "{A003D595-3866-44E5-AEBD-BFD747B590DA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{A94D16E5-EC71-44E9-9015-F282E35BE751}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B645CCF2-400C-4458-B438-954BAB2CCD70}" = lport=445 | protocol=6 | dir=in | app=system | "{BE7F6552-A6DE-4560-89E7-584167B6CBAB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CB50E40E-6DDB-47CB-B13A-22282A1C6E62}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CC051D58-B50F-479F-9C25-CE77B082DA41}" = rport=10243 | protocol=6 | dir=out | app=system | "{E13ECB39-E0EF-4173-8EA4-25C16F8F1812}" = rport=139 | protocol=6 | dir=out | app=system | "{EB7A5533-9190-48CC-99A0-8C8482560DE4}" = lport=137 | protocol=17 | dir=in | app=system | "{F36532F9-978E-470A-B386-ED986197180B}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02063170-5B4F-46CE-95C7-3E13E6CE6AC0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0EE17637-0700-465C-8858-7F3F92FF26E5}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{103CAF5A-5B42-4285-8CCD-415D63ECCD15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{204E8B5D-1BCE-414F-AC99-1CF95B26336B}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{3B3A6938-FE25-4BB7-8533-981092AC0B49}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{4287F802-27D5-4E59-B09A-88DE6C927770}" = protocol=6 | dir=out | app=system | "{455B49B8-DFE5-4275-9673-FA19A9705D04}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{47CF6346-6A82-4AC1-BDB8-FFAA51233DB4}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{49093B61-1D9F-4411-977B-087885D36C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{51B95679-24D7-46EE-8343-7263BCC3CBB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{5A81EE83-DC68-40C7-98B7-6730F2FAAD70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5DDA058A-AE53-43A7-B836-90561CF37998}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{615CF391-18BB-4145-A972-1B3293FF0717}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe | "{650A1CCB-6C7B-4133-BE3D-D764E52EE2F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{69767544-4EA7-45C5-B897-3116A1280190}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6A3C43AA-B858-48B2-861A-A79128B58F83}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{6E584315-E063-4246-9AD7-D2780B5C868A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F05651D-BBAA-4D02-A160-68266424F020}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7C7F97C4-6DDE-480E-B9AC-92921EC8A4D6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{7DD82F56-0BC0-464F-BBBD-488BF2F7F2A3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{7E8F3ADB-D406-4803-AFBA-C3A15E7C1D7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7EA7DCF2-8EF1-4A7D-A53D-5FEF8DB5BA14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7F4CAC94-20BE-4F42-803D-709103FCE73E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{82617246-187C-41B3-9C65-D9A34B31248C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{85F99F93-5ADB-4347-8B1F-3917A4B05A10}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{881CD0BD-97FA-42A3-8E77-4CBF72B5B3C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{98BED181-0979-4E68-98D7-0590B49C6255}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{994919DC-7D2C-442D-8ACB-265A7C4C9123}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A6F583F1-27A8-4845-A12C-ADBC59B4F1FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B063A217-5512-4F1B-928A-CB7073BC29F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{B242F8D8-5C22-45FA-A408-AD1397A37C44}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{B3A90F9F-CA72-4807-8BB1-8AB3D83AA6F1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BB278F3B-A893-47D8-88F7-43D80F655D3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{BFBBC3F3-A304-4EED-A53F-5700D9B76BDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C046B836-F2B5-4F4B-BC95-DC99F9DC8986}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8859230-C3E3-448F-919E-12A0072C1517}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{CCDC45DE-4FD8-4E4B-8B90-A37DD9A7F066}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D0C81436-9D4F-406D-89E3-406E37030EE8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D1B600B2-76D4-4DDD-8FB9-08D56577A413}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{D5041B72-DFFA-4083-B85F-E58AA5221B8B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{D6D6EC4D-41AA-41EC-A66C-BDC2E1D6313C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D8197959-929C-4EAA-9DF9-5C6D757FEAA6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DB160501-1CA0-4A8A-B05B-5B0AA193478E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DBA73C69-3CCB-427A-A917-14A4DA5CBCAE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{DBFAB77E-579F-406E-B743-82B6E2CD74D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{FDBD7FC1-DFE7-416C-9ADC-01E0C7267198}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0ED08899-7185-4847-B908-CE0339C78963}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "TCP Query User{1B9762FA-FB14-4499-B66F-8F5163BDA65B}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{9CBE372A-87F7-4700-BC24-EF1D7C440C51}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{C1098A22-6C60-436C-B112-2A46F43A695A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{C3D311B8-B3A8-42E6-8220-32CF16554244}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{EB46B40A-8236-40C9-ACFA-170DECDD51D2}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{5EFEA733-E57F-418F-A74E-CE405388A132}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{78E00B51-2875-46B7-B86E-1D9F0676E065}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe | "UDP Query User{BE37534C-E096-4D5B-8605-349174C517E7}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | "UDP Query User{C599CEB5-66BA-4520-BEA5-B0EDAF827848}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{D5DBB41D-8829-4D92-87DF-8B477C4B175E}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{EF8CE90D-7F96-4D07-83CE-CA8C38D267D8}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files "{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding "{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit) "{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de "{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64) "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit) "{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit) "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services "{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit) "{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64 "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders "{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU "{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0 "doPDF 7 printer_is1" = doPDF 7.3 printer "EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 2.0.4 "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian "{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition "{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese "{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish "{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German "{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish "{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish "{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean "{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek "{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish "{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU "{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{E728441A-7820-4B1C-87C9-DE7BE37B2953}" = Download Navigator "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian "{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common "{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Android SDK Tools" = Android SDK Tools "avast" = avast! Free Antivirus "CMake 2.8.8" = CMake 2.8, a cross-platform, open-source build system "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Diablo III" = Diablo III "EPSON Scanner" = EPSON Scan "hon" = Heroes of Newerth "Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Notepad++" = Notepad++ "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Pidgin" = Pidgin "SpeedFan" = SpeedFan (remove only) "Steam App 570" = Dota 2 "VirtualCloneDrive" = VirtualCloneDrive ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.12.2012 12:48:56 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 02.12.2012 17:40:05 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 03.12.2012 05:58:46 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 03.12.2012 09:54:27 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 04.12.2012 05:33:17 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 04.12.2012 11:10:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 05.12.2012 07:00:25 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 05.12.2012 10:23:21 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 06.12.2012 08:09:55 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 07.12.2012 07:02:24 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 03.10.2012 12:53:04 | Computer Name = ***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 03.10.2012 12:53:04 | Computer Name = ***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 03.10.2012 16:42:38 | Computer Name = ***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 03.10.2012 16:42:38 | Computer Name = ***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 04.10.2012 03:14:33 | Computer Name = ***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 04.10.2012 03:14:33 | Computer Name = ***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 04.10.2012 14:24:17 | Computer Name = ***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 04.10.2012 14:24:17 | Computer Name = ***-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 05.10.2012 04:22:25 | Computer Name = ***-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 05.10.2012 04:22:25 | Computer Name = ***-PC | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > [/CODE] *Edit MaylewareBytes hat nichts gefunden hier der Bericht: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.07.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 07.12.2012 16:25:54 mbam-log-2012-12-07 (16-25-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203632 Laufzeit: 1 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von DigY_ (07.12.2012 um 16:30 Uhr) |
08.12.2012, 13:02 | #2 |
/// TB-Ausbilder | System infiziert. Email geblocked.Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 2 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Bitte poste mit deiner nächsten Antwort
|
08.12.2012, 15:22 | #3 |
| System infiziert. Email geblocked. Danke das du mir hilfst.
__________________Defooger log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:59 on 08/12/2012 (DigY) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Daher keine log davon. |
08.12.2012, 20:35 | #4 |
/// TB-Ausbilder | System infiziert. Email geblocked. Servus, Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
09.12.2012, 10:56 | #5 |
| System infiziert. Email geblocked. Morgen, hier die Log. Wurde nichts gefunden. Code:
ATTFilter 10:54:41.0324 3940 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 10:54:41.0427 3940 ============================================================ 10:54:41.0427 3940 Current date / time: 2012/12/09 10:54:41.0427 10:54:41.0427 3940 SystemInfo: 10:54:41.0427 3940 10:54:41.0427 3940 OS Version: 6.1.7601 ServicePack: 1.0 10:54:41.0427 3940 Product type: Workstation 10:54:41.0427 3940 ComputerName: ***-PC 10:54:41.0427 3940 UserName: *** 10:54:41.0427 3940 Windows directory: C:\Windows 10:54:41.0427 3940 System windows directory: C:\Windows 10:54:41.0427 3940 Running under WOW64 10:54:41.0427 3940 Processor architecture: Intel x64 10:54:41.0427 3940 Number of processors: 4 10:54:41.0427 3940 Page size: 0x1000 10:54:41.0427 3940 Boot type: Normal boot 10:54:41.0427 3940 ============================================================ 10:54:42.0354 3940 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 10:54:42.0383 3940 ============================================================ 10:54:42.0383 3940 \Device\Harddisk0\DR0: 10:54:42.0400 3940 MBR partitions: 10:54:42.0400 3940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 10:54:42.0400 3940 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x186A0000 10:54:42.0400 3940 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186D2800, BlocksNum 0x21CB3000 10:54:42.0400 3940 ============================================================ 10:54:42.0426 3940 C: <-> \Device\Harddisk0\DR0\Partition2 10:54:42.0506 3940 D: <-> \Device\Harddisk0\DR0\Partition3 10:54:42.0507 3940 ============================================================ 10:54:42.0507 3940 Initialize success 10:54:42.0507 3940 ============================================================ 10:55:05.0047 2292 ============================================================ 10:55:05.0048 2292 Scan started 10:55:05.0048 2292 Mode: Manual; 10:55:05.0048 2292 ============================================================ 10:55:05.0305 2292 ================ Scan system memory ======================== 10:55:05.0305 2292 System memory - ok 10:55:05.0305 2292 ================ Scan services ============================= 10:55:05.0436 2292 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 10:55:05.0440 2292 1394ohci - ok 10:55:05.0457 2292 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 10:55:05.0462 2292 ACPI - ok 10:55:05.0476 2292 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 10:55:05.0478 2292 AcpiPmi - ok 10:55:05.0589 2292 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 10:55:05.0591 2292 AdobeARMservice - ok 10:55:05.0667 2292 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 10:55:05.0671 2292 AdobeFlashPlayerUpdateSvc - ok 10:55:05.0700 2292 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 10:55:05.0707 2292 adp94xx - ok 10:55:05.0738 2292 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 10:55:05.0744 2292 adpahci - ok 10:55:05.0763 2292 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 10:55:05.0766 2292 adpu320 - ok 10:55:05.0785 2292 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 10:55:05.0787 2292 AeLookupSvc - ok 10:55:05.0821 2292 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 10:55:05.0828 2292 AFD - ok 10:55:05.0841 2292 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 10:55:05.0844 2292 agp440 - ok 10:55:05.0858 2292 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 10:55:05.0860 2292 ALG - ok 10:55:05.0880 2292 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 10:55:05.0881 2292 aliide - ok 10:55:05.0918 2292 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 10:55:05.0922 2292 AMD External Events Utility - ok 10:55:05.0937 2292 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 10:55:05.0940 2292 amdide - ok 10:55:05.0948 2292 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 10:55:05.0950 2292 AmdK8 - ok 10:55:06.0135 2292 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 10:55:06.0302 2292 amdkmdag - ok 10:55:06.0335 2292 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 10:55:06.0337 2292 amdkmdap - ok 10:55:06.0353 2292 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 10:55:06.0356 2292 AmdPPM - ok 10:55:06.0378 2292 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 10:55:06.0380 2292 amdsata - ok 10:55:06.0391 2292 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 10:55:06.0395 2292 amdsbs - ok 10:55:06.0404 2292 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 10:55:06.0405 2292 amdxata - ok 10:55:06.0437 2292 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 10:55:06.0439 2292 AppID - ok 10:55:06.0453 2292 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 10:55:06.0455 2292 AppIDSvc - ok 10:55:06.0467 2292 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 10:55:06.0469 2292 Appinfo - ok 10:55:06.0513 2292 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:55:06.0516 2292 Apple Mobile Device - ok 10:55:06.0547 2292 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 10:55:06.0551 2292 AppMgmt - ok 10:55:06.0568 2292 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 10:55:06.0570 2292 arc - ok 10:55:06.0587 2292 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 10:55:06.0589 2292 arcsas - ok 10:55:06.0664 2292 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 10:55:06.0667 2292 aspnet_state - ok 10:55:06.0693 2292 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 10:55:06.0693 2292 aswFsBlk - ok 10:55:06.0742 2292 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 10:55:06.0743 2292 aswMonFlt - ok 10:55:06.0753 2292 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 10:55:06.0754 2292 aswRdr - ok 10:55:06.0786 2292 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 10:55:06.0791 2292 aswSnx - ok 10:55:06.0811 2292 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys 10:55:06.0813 2292 aswSP - ok 10:55:06.0820 2292 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 10:55:06.0820 2292 aswTdi - ok 10:55:06.0841 2292 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 10:55:06.0843 2292 AsyncMac - ok 10:55:06.0873 2292 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 10:55:06.0874 2292 atapi - ok 10:55:06.0906 2292 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 10:55:06.0907 2292 AtiHDAudioService - ok 10:55:07.0085 2292 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 10:55:07.0143 2292 atikmdag - ok 10:55:07.0183 2292 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 10:55:07.0201 2292 AudioEndpointBuilder - ok 10:55:07.0221 2292 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 10:55:07.0226 2292 AudioSrv - ok 10:55:07.0277 2292 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 10:55:07.0278 2292 avast! Antivirus - ok 10:55:07.0320 2292 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 10:55:07.0323 2292 AxInstSV - ok 10:55:07.0371 2292 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 10:55:07.0378 2292 b06bdrv - ok 10:55:07.0401 2292 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 10:55:07.0406 2292 b57nd60a - ok 10:55:07.0428 2292 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 10:55:07.0462 2292 BDESVC - ok 10:55:07.0471 2292 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 10:55:07.0478 2292 Beep - ok 10:55:07.0514 2292 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 10:55:07.0532 2292 BFE - ok 10:55:07.0570 2292 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 10:55:07.0591 2292 BITS - ok 10:55:07.0606 2292 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 10:55:07.0608 2292 blbdrive - ok 10:55:07.0654 2292 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 10:55:07.0661 2292 Bonjour Service - ok 10:55:07.0690 2292 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 10:55:07.0692 2292 bowser - ok 10:55:07.0723 2292 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 10:55:07.0725 2292 BrFiltLo - ok 10:55:07.0734 2292 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 10:55:07.0736 2292 BrFiltUp - ok 10:55:07.0761 2292 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 10:55:07.0765 2292 Browser - ok 10:55:07.0781 2292 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 10:55:07.0786 2292 Brserid - ok 10:55:07.0801 2292 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 10:55:07.0804 2292 BrSerWdm - ok 10:55:07.0814 2292 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 10:55:07.0816 2292 BrUsbMdm - ok 10:55:07.0826 2292 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 10:55:07.0828 2292 BrUsbSer - ok 10:55:07.0840 2292 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 10:55:07.0843 2292 BTHMODEM - ok 10:55:07.0876 2292 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 10:55:07.0879 2292 bthserv - ok 10:55:07.0897 2292 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 10:55:07.0899 2292 cdfs - ok 10:55:07.0923 2292 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 10:55:07.0926 2292 cdrom - ok 10:55:07.0942 2292 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 10:55:07.0944 2292 CertPropSvc - ok 10:55:07.0957 2292 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 10:55:07.0959 2292 circlass - ok 10:55:07.0973 2292 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 10:55:07.0979 2292 CLFS - ok 10:55:08.0023 2292 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:55:08.0027 2292 clr_optimization_v2.0.50727_32 - ok 10:55:08.0055 2292 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 10:55:08.0058 2292 clr_optimization_v2.0.50727_64 - ok 10:55:08.0100 2292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:55:08.0124 2292 clr_optimization_v4.0.30319_32 - ok 10:55:08.0139 2292 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 10:55:08.0144 2292 clr_optimization_v4.0.30319_64 - ok 10:55:08.0167 2292 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 10:55:08.0169 2292 CmBatt - ok 10:55:08.0179 2292 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 10:55:08.0181 2292 cmdide - ok 10:55:08.0209 2292 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 10:55:08.0215 2292 CNG - ok 10:55:08.0225 2292 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 10:55:08.0227 2292 Compbatt - ok 10:55:08.0246 2292 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 10:55:08.0247 2292 CompositeBus - ok 10:55:08.0260 2292 COMSysApp - ok 10:55:08.0269 2292 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 10:55:08.0270 2292 crcdisk - ok 10:55:08.0307 2292 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 10:55:08.0310 2292 CryptSvc - ok 10:55:08.0332 2292 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 10:55:08.0339 2292 CSC - ok 10:55:08.0357 2292 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 10:55:08.0374 2292 CscService - ok 10:55:08.0403 2292 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 10:55:08.0420 2292 DcomLaunch - ok 10:55:08.0445 2292 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 10:55:08.0451 2292 defragsvc - ok 10:55:08.0464 2292 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 10:55:08.0466 2292 DfsC - ok 10:55:08.0484 2292 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 10:55:08.0490 2292 Dhcp - ok 10:55:08.0514 2292 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 10:55:08.0515 2292 discache - ok 10:55:08.0531 2292 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 10:55:08.0532 2292 Disk - ok 10:55:08.0555 2292 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 10:55:08.0558 2292 dmvsc - ok 10:55:08.0582 2292 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 10:55:08.0586 2292 Dnscache - ok 10:55:08.0621 2292 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 10:55:08.0626 2292 dot3svc - ok 10:55:08.0638 2292 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 10:55:08.0642 2292 DPS - ok 10:55:08.0665 2292 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 10:55:08.0667 2292 drmkaud - ok 10:55:08.0697 2292 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 10:55:08.0702 2292 DXGKrnl - ok 10:55:08.0719 2292 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 10:55:08.0723 2292 EapHost - ok 10:55:08.0781 2292 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 10:55:08.0833 2292 ebdrv - ok 10:55:08.0853 2292 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 10:55:08.0857 2292 EFS - ok 10:55:08.0903 2292 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 10:55:08.0912 2292 ehRecvr - ok 10:55:08.0927 2292 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 10:55:08.0931 2292 ehSched - ok 10:55:08.0955 2292 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 10:55:08.0956 2292 ElbyCDIO - ok 10:55:08.0976 2292 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 10:55:08.0984 2292 elxstor - ok 10:55:08.0994 2292 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 10:55:08.0996 2292 ErrDev - ok 10:55:09.0025 2292 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 10:55:09.0032 2292 EventSystem - ok 10:55:09.0046 2292 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 10:55:09.0050 2292 exfat - ok 10:55:09.0066 2292 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 10:55:09.0070 2292 fastfat - ok 10:55:09.0104 2292 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 10:55:09.0121 2292 Fax - ok 10:55:09.0138 2292 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 10:55:09.0140 2292 fdc - ok 10:55:09.0148 2292 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 10:55:09.0150 2292 fdPHost - ok 10:55:09.0159 2292 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 10:55:09.0162 2292 FDResPub - ok 10:55:09.0169 2292 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 10:55:09.0170 2292 FileInfo - ok 10:55:09.0181 2292 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 10:55:09.0183 2292 Filetrace - ok 10:55:09.0196 2292 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 10:55:09.0197 2292 flpydisk - ok 10:55:09.0208 2292 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 10:55:09.0213 2292 FltMgr - ok 10:55:09.0235 2292 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll 10:55:09.0259 2292 FontCache - ok 10:55:09.0297 2292 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 10:55:09.0298 2292 FontCache3.0.0.0 - ok 10:55:09.0318 2292 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 10:55:09.0320 2292 FsDepends - ok 10:55:09.0343 2292 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 10:55:09.0344 2292 Fs_Rec - ok 10:55:09.0406 2292 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 10:55:09.0410 2292 fvevol - ok 10:55:09.0419 2292 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 10:55:09.0422 2292 gagp30kx - ok 10:55:09.0451 2292 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:55:09.0451 2292 GEARAspiWDM - ok 10:55:09.0479 2292 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 10:55:09.0497 2292 gpsvc - ok 10:55:09.0512 2292 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 10:55:09.0514 2292 hcw85cir - ok 10:55:09.0549 2292 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 10:55:09.0555 2292 HdAudAddService - ok 10:55:09.0578 2292 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 10:55:09.0581 2292 HDAudBus - ok 10:55:09.0588 2292 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 10:55:09.0590 2292 HidBatt - ok 10:55:09.0604 2292 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 10:55:09.0607 2292 HidBth - ok 10:55:09.0615 2292 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 10:55:09.0617 2292 HidIr - ok 10:55:09.0633 2292 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 10:55:09.0636 2292 hidserv - ok 10:55:09.0660 2292 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 10:55:09.0662 2292 HidUsb - ok 10:55:09.0684 2292 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 10:55:09.0688 2292 hkmsvc - ok 10:55:09.0703 2292 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 10:55:09.0708 2292 HomeGroupListener - ok 10:55:09.0734 2292 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 10:55:09.0739 2292 HomeGroupProvider - ok 10:55:09.0754 2292 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 10:55:09.0757 2292 HpSAMD - ok 10:55:09.0788 2292 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 10:55:09.0805 2292 HTTP - ok 10:55:09.0823 2292 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 10:55:09.0824 2292 hwpolicy - ok 10:55:09.0848 2292 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 10:55:09.0851 2292 i8042prt - ok 10:55:09.0873 2292 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 10:55:09.0880 2292 iaStorV - ok 10:55:09.0926 2292 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 10:55:09.0947 2292 idsvc - ok 10:55:09.0956 2292 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 10:55:09.0958 2292 iirsp - ok 10:55:09.0994 2292 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 10:55:10.0015 2292 IKEEXT - ok 10:55:10.0034 2292 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 10:55:10.0036 2292 intelide - ok 10:55:10.0055 2292 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 10:55:10.0056 2292 intelppm - ok 10:55:10.0070 2292 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 10:55:10.0073 2292 IPBusEnum - ok 10:55:10.0087 2292 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:55:10.0089 2292 IpFilterDriver - ok 10:55:10.0107 2292 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 10:55:10.0125 2292 iphlpsvc - ok 10:55:10.0140 2292 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 10:55:10.0143 2292 IPMIDRV - ok 10:55:10.0150 2292 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 10:55:10.0153 2292 IPNAT - ok 10:55:10.0189 2292 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 10:55:10.0210 2292 iPod Service - ok 10:55:10.0235 2292 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 10:55:10.0237 2292 IRENUM - ok 10:55:10.0251 2292 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 10:55:10.0253 2292 isapnp - ok 10:55:10.0265 2292 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 10:55:10.0270 2292 iScsiPrt - ok 10:55:10.0288 2292 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 10:55:10.0289 2292 kbdclass - ok 10:55:10.0308 2292 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 10:55:10.0310 2292 kbdhid - ok 10:55:10.0319 2292 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 10:55:10.0322 2292 KeyIso - ok 10:55:10.0351 2292 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 10:55:10.0354 2292 KSecDD - ok 10:55:10.0373 2292 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 10:55:10.0376 2292 KSecPkg - ok 10:55:10.0403 2292 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 10:55:10.0405 2292 ksthunk - ok 10:55:10.0432 2292 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 10:55:10.0439 2292 KtmRm - ok 10:55:10.0470 2292 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 10:55:10.0477 2292 LanmanServer - ok 10:55:10.0488 2292 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 10:55:10.0493 2292 LanmanWorkstation - ok 10:55:10.0519 2292 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 10:55:10.0521 2292 lltdio - ok 10:55:10.0543 2292 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 10:55:10.0550 2292 lltdsvc - ok 10:55:10.0560 2292 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 10:55:10.0563 2292 lmhosts - ok 10:55:10.0580 2292 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 10:55:10.0583 2292 LSI_FC - ok 10:55:10.0597 2292 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 10:55:10.0600 2292 LSI_SAS - ok 10:55:10.0613 2292 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 10:55:10.0616 2292 LSI_SAS2 - ok 10:55:10.0626 2292 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 10:55:10.0628 2292 LSI_SCSI - ok 10:55:10.0645 2292 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 10:55:10.0647 2292 luafv - ok 10:55:10.0669 2292 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 10:55:10.0673 2292 Mcx2Svc - ok 10:55:10.0685 2292 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 10:55:10.0688 2292 megasas - ok 10:55:10.0703 2292 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 10:55:10.0708 2292 MegaSR - ok 10:55:10.0733 2292 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 10:55:10.0736 2292 MMCSS - ok 10:55:10.0751 2292 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 10:55:10.0753 2292 Modem - ok 10:55:10.0769 2292 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 10:55:10.0770 2292 monitor - ok 10:55:10.0779 2292 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 10:55:10.0779 2292 mouclass - ok 10:55:10.0798 2292 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 10:55:10.0800 2292 mouhid - ok 10:55:10.0816 2292 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 10:55:10.0818 2292 mountmgr - ok 10:55:10.0866 2292 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 10:55:10.0868 2292 MozillaMaintenance - ok 10:55:10.0883 2292 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 10:55:10.0887 2292 mpio - ok 10:55:10.0898 2292 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 10:55:10.0900 2292 mpsdrv - ok 10:55:10.0933 2292 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 10:55:10.0954 2292 MpsSvc - ok 10:55:10.0968 2292 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 10:55:10.0972 2292 MRxDAV - ok 10:55:10.0994 2292 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 10:55:10.0997 2292 mrxsmb - ok 10:55:11.0010 2292 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:55:11.0015 2292 mrxsmb10 - ok 10:55:11.0025 2292 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:55:11.0027 2292 mrxsmb20 - ok 10:55:11.0050 2292 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 10:55:11.0051 2292 msahci - ok 10:55:11.0064 2292 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 10:55:11.0068 2292 msdsm - ok 10:55:11.0077 2292 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 10:55:11.0082 2292 MSDTC - ok 10:55:11.0097 2292 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 10:55:11.0099 2292 Msfs - ok 10:55:11.0106 2292 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 10:55:11.0108 2292 mshidkmdf - ok 10:55:11.0116 2292 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 10:55:11.0117 2292 msisadrv - ok 10:55:11.0144 2292 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 10:55:11.0149 2292 MSiSCSI - ok 10:55:11.0153 2292 msiserver - ok 10:55:11.0176 2292 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 10:55:11.0178 2292 MSKSSRV - ok 10:55:11.0182 2292 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 10:55:11.0183 2292 MSPCLOCK - ok 10:55:11.0193 2292 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 10:55:11.0194 2292 MSPQM - ok 10:55:11.0205 2292 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 10:55:11.0211 2292 MsRPC - ok 10:55:11.0225 2292 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 10:55:11.0226 2292 mssmbios - ok 10:55:11.0265 2292 MSSQL$SQLEXPRESS - ok 10:55:11.0312 2292 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 10:55:11.0314 2292 MSSQLServerADHelper100 - ok 10:55:11.0329 2292 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 10:55:11.0339 2292 MSTEE - ok 10:55:11.0361 2292 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 10:55:11.0363 2292 MTConfig - ok 10:55:11.0376 2292 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 10:55:11.0377 2292 Mup - ok 10:55:11.0402 2292 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 10:55:11.0411 2292 napagent - ok 10:55:11.0433 2292 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 10:55:11.0438 2292 NativeWifiP - ok 10:55:11.0467 2292 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 10:55:11.0484 2292 NDIS - ok 10:55:11.0494 2292 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 10:55:11.0496 2292 NdisCap - ok 10:55:11.0514 2292 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 10:55:11.0516 2292 NdisTapi - ok 10:55:11.0525 2292 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 10:55:11.0527 2292 Ndisuio - ok 10:55:11.0538 2292 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 10:55:11.0542 2292 NdisWan - ok 10:55:11.0554 2292 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 10:55:11.0557 2292 NDProxy - ok 10:55:11.0568 2292 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 10:55:11.0571 2292 NetBIOS - ok 10:55:11.0582 2292 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 10:55:11.0586 2292 NetBT - ok 10:55:11.0602 2292 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 10:55:11.0606 2292 Netlogon - ok 10:55:11.0636 2292 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 10:55:11.0643 2292 Netman - ok 10:55:11.0669 2292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:11.0673 2292 NetMsmqActivator - ok 10:55:11.0677 2292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:11.0678 2292 NetPipeActivator - ok 10:55:11.0699 2292 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 10:55:11.0707 2292 netprofm - ok 10:55:11.0711 2292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:11.0713 2292 NetTcpActivator - ok 10:55:11.0717 2292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 10:55:11.0718 2292 NetTcpPortSharing - ok 10:55:11.0743 2292 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 10:55:11.0745 2292 nfrd960 - ok 10:55:11.0767 2292 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 10:55:11.0774 2292 NlaSvc - ok 10:55:11.0784 2292 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 10:55:11.0786 2292 Npfs - ok 10:55:11.0797 2292 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 10:55:11.0801 2292 nsi - ok 10:55:11.0811 2292 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 10:55:11.0812 2292 nsiproxy - ok 10:55:11.0851 2292 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 10:55:11.0886 2292 Ntfs - ok 10:55:11.0894 2292 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 10:55:11.0895 2292 Null - ok 10:55:11.0935 2292 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 10:55:11.0942 2292 NVENETFD - ok 10:55:11.0955 2292 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 10:55:11.0958 2292 nvraid - ok 10:55:11.0974 2292 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 10:55:11.0975 2292 nvstor - ok 10:55:11.0988 2292 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 10:55:11.0991 2292 nv_agp - ok 10:55:12.0015 2292 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 10:55:12.0018 2292 ohci1394 - ok 10:55:12.0049 2292 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:55:12.0052 2292 ose - ok 10:55:12.0153 2292 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 10:55:12.0233 2292 osppsvc - ok 10:55:12.0258 2292 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 10:55:12.0265 2292 p2pimsvc - ok 10:55:12.0293 2292 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 10:55:12.0301 2292 p2psvc - ok 10:55:12.0328 2292 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 10:55:12.0330 2292 Parport - ok 10:55:12.0361 2292 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 10:55:12.0363 2292 partmgr - ok 10:55:12.0375 2292 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 10:55:12.0381 2292 PcaSvc - ok 10:55:12.0391 2292 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 10:55:12.0394 2292 pci - ok 10:55:12.0408 2292 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 10:55:12.0408 2292 pciide - ok 10:55:12.0420 2292 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 10:55:12.0424 2292 pcmcia - ok 10:55:12.0431 2292 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 10:55:12.0432 2292 pcw - ok 10:55:12.0449 2292 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 10:55:12.0466 2292 PEAUTH - ok 10:55:12.0505 2292 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 10:55:12.0531 2292 PeerDistSvc - ok 10:55:12.0592 2292 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 10:55:12.0595 2292 PerfHost - ok 10:55:12.0637 2292 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 10:55:12.0666 2292 pla - ok 10:55:12.0704 2292 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 10:55:12.0711 2292 PlugPlay - ok 10:55:12.0724 2292 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 10:55:12.0728 2292 PNRPAutoReg - ok 10:55:12.0741 2292 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 10:55:12.0745 2292 PNRPsvc - ok 10:55:12.0765 2292 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 10:55:12.0773 2292 PolicyAgent - ok 10:55:12.0791 2292 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 10:55:12.0797 2292 Power - ok 10:55:12.0822 2292 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 10:55:12.0824 2292 PptpMiniport - ok 10:55:12.0835 2292 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 10:55:12.0838 2292 Processor - ok 10:55:12.0861 2292 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 10:55:12.0867 2292 ProfSvc - ok 10:55:12.0876 2292 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 10:55:12.0879 2292 ProtectedStorage - ok 10:55:12.0903 2292 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 10:55:12.0906 2292 Psched - ok 10:55:12.0935 2292 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 10:55:12.0961 2292 ql2300 - ok 10:55:12.0985 2292 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 10:55:12.0988 2292 ql40xx - ok 10:55:13.0015 2292 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 10:55:13.0021 2292 QWAVE - ok 10:55:13.0031 2292 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 10:55:13.0033 2292 QWAVEdrv - ok 10:55:13.0044 2292 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 10:55:13.0046 2292 RasAcd - ok 10:55:13.0080 2292 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 10:55:13.0082 2292 RasAgileVpn - ok 10:55:13.0095 2292 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 10:55:13.0099 2292 RasAuto - ok 10:55:13.0115 2292 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 10:55:13.0118 2292 Rasl2tp - ok 10:55:13.0139 2292 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 10:55:13.0146 2292 RasMan - ok 10:55:13.0157 2292 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 10:55:13.0160 2292 RasPppoe - ok 10:55:13.0173 2292 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 10:55:13.0176 2292 RasSstp - ok 10:55:13.0188 2292 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 10:55:13.0194 2292 rdbss - ok 10:55:13.0205 2292 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 10:55:13.0207 2292 rdpbus - ok 10:55:13.0211 2292 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 10:55:13.0213 2292 RDPCDD - ok 10:55:13.0234 2292 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 10:55:13.0238 2292 RDPDR - ok 10:55:13.0251 2292 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 10:55:13.0252 2292 RDPENCDD - ok 10:55:13.0263 2292 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 10:55:13.0264 2292 RDPREFMP - ok 10:55:13.0288 2292 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 10:55:13.0292 2292 RDPWD - ok 10:55:13.0310 2292 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 10:55:13.0314 2292 rdyboost - ok 10:55:13.0331 2292 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 10:55:13.0340 2292 RemoteAccess - ok 10:55:13.0367 2292 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 10:55:13.0372 2292 RemoteRegistry - ok 10:55:13.0388 2292 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 10:55:13.0397 2292 RpcEptMapper - ok 10:55:13.0413 2292 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 10:55:13.0416 2292 RpcLocator - ok 10:55:13.0434 2292 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 10:55:13.0439 2292 RpcSs - ok 10:55:13.0477 2292 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys 10:55:13.0483 2292 RsFx0103 - ok 10:55:13.0506 2292 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 10:55:13.0508 2292 rspndr - ok 10:55:13.0526 2292 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 10:55:13.0529 2292 s3cap - ok 10:55:13.0534 2292 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 10:55:13.0537 2292 SamSs - ok 10:55:13.0550 2292 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 10:55:13.0554 2292 sbp2port - ok 10:55:13.0573 2292 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 10:55:13.0579 2292 SCardSvr - ok 10:55:13.0594 2292 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 10:55:13.0596 2292 scfilter - ok 10:55:13.0617 2292 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 10:55:13.0643 2292 Schedule - ok 10:55:13.0664 2292 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 10:55:13.0665 2292 SCPolicySvc - ok 10:55:13.0678 2292 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 10:55:13.0684 2292 SDRSVC - ok 10:55:13.0707 2292 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 10:55:13.0709 2292 secdrv - ok 10:55:13.0723 2292 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 10:55:13.0727 2292 seclogon - ok 10:55:13.0736 2292 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 10:55:13.0741 2292 SENS - ok 10:55:13.0750 2292 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 10:55:13.0755 2292 SensrSvc - ok 10:55:13.0777 2292 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 10:55:13.0779 2292 Serenum - ok 10:55:13.0800 2292 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 10:55:13.0802 2292 Serial - ok 10:55:13.0818 2292 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 10:55:13.0820 2292 sermouse - ok 10:55:13.0838 2292 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 10:55:13.0843 2292 SessionEnv - ok 10:55:13.0851 2292 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 10:55:13.0853 2292 sffdisk - ok 10:55:13.0863 2292 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 10:55:13.0865 2292 sffp_mmc - ok 10:55:13.0873 2292 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 10:55:13.0876 2292 sffp_sd - ok 10:55:13.0886 2292 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 10:55:13.0888 2292 sfloppy - ok 10:55:13.0913 2292 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 10:55:13.0919 2292 SharedAccess - ok 10:55:13.0937 2292 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 10:55:13.0945 2292 ShellHWDetection - ok 10:55:13.0955 2292 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 10:55:13.0957 2292 SiSRaid2 - ok 10:55:13.0970 2292 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 10:55:13.0973 2292 SiSRaid4 - ok 10:55:13.0998 2292 [ 68EA68D03BF58389FE6AD2B38FAD798C ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 10:55:14.0001 2292 SkypeUpdate - ok 10:55:14.0019 2292 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 10:55:14.0022 2292 Smb - ok 10:55:14.0060 2292 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 10:55:14.0064 2292 SNMPTRAP - ok 10:55:14.0082 2292 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys 10:55:14.0085 2292 speedfan - ok 10:55:14.0094 2292 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 10:55:14.0095 2292 spldr - ok 10:55:14.0116 2292 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 10:55:14.0134 2292 Spooler - ok 10:55:14.0193 2292 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 10:55:14.0253 2292 sppsvc - ok 10:55:14.0265 2292 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 10:55:14.0270 2292 sppuinotify - ok 10:55:14.0295 2292 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 10:55:14.0302 2292 SQLAgent$SQLEXPRESS - ok 10:55:14.0340 2292 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 10:55:14.0345 2292 SQLBrowser - ok 10:55:14.0370 2292 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 10:55:14.0374 2292 SQLWriter - ok 10:55:14.0405 2292 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 10:55:14.0412 2292 srv - ok 10:55:14.0427 2292 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 10:55:14.0433 2292 srv2 - ok 10:55:14.0448 2292 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 10:55:14.0451 2292 srvnet - ok 10:55:14.0484 2292 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 10:55:14.0491 2292 SSDPSRV - ok 10:55:14.0499 2292 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 10:55:14.0504 2292 SstpSvc - ok 10:55:14.0511 2292 Steam Client Service - ok 10:55:14.0529 2292 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 10:55:14.0531 2292 stexstor - ok 10:55:14.0556 2292 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 10:55:14.0574 2292 stisvc - ok 10:55:14.0591 2292 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 10:55:14.0592 2292 storflt - ok 10:55:14.0613 2292 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 10:55:14.0618 2292 StorSvc - ok 10:55:14.0630 2292 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 10:55:14.0632 2292 storvsc - ok 10:55:14.0645 2292 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 10:55:14.0645 2292 swenum - ok 10:55:14.0728 2292 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 10:55:14.0735 2292 SwitchBoard - ok 10:55:14.0784 2292 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 10:55:14.0817 2292 swprv - ok 10:55:15.0033 2292 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 10:55:15.0082 2292 SysMain - ok 10:55:15.0129 2292 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 10:55:15.0136 2292 TabletInputService - ok 10:55:15.0155 2292 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 10:55:15.0171 2292 TapiSrv - ok 10:55:15.0188 2292 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 10:55:15.0193 2292 TBS - ok 10:55:15.0261 2292 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 10:55:15.0296 2292 Tcpip - ok 10:55:15.0346 2292 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 10:55:15.0357 2292 TCPIP6 - ok 10:55:15.0402 2292 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 10:55:15.0404 2292 tcpipreg - ok 10:55:15.0414 2292 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 10:55:15.0416 2292 TDPIPE - ok 10:55:15.0433 2292 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 10:55:15.0436 2292 TDTCP - ok 10:55:15.0448 2292 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 10:55:15.0451 2292 tdx - ok 10:55:15.0458 2292 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 10:55:15.0459 2292 TermDD - ok 10:55:15.0487 2292 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 10:55:15.0504 2292 TermService - ok 10:55:15.0515 2292 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 10:55:15.0519 2292 Themes - ok 10:55:15.0539 2292 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 10:55:15.0541 2292 THREADORDER - ok 10:55:15.0553 2292 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 10:55:15.0558 2292 TrkWks - ok 10:55:15.0598 2292 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 10:55:15.0601 2292 TrustedInstaller - ok 10:55:15.0613 2292 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 10:55:15.0615 2292 tssecsrv - ok 10:55:15.0636 2292 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 10:55:15.0639 2292 TsUsbFlt - ok 10:55:15.0653 2292 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 10:55:15.0655 2292 TsUsbGD - ok 10:55:15.0673 2292 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 10:55:15.0676 2292 tunnel - ok 10:55:15.0691 2292 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 10:55:15.0695 2292 uagp35 - ok 10:55:15.0706 2292 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 10:55:15.0711 2292 udfs - ok 10:55:15.0734 2292 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 10:55:15.0739 2292 UI0Detect - ok 10:55:15.0747 2292 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 10:55:15.0750 2292 uliagpkx - ok 10:55:15.0766 2292 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 10:55:15.0768 2292 umbus - ok 10:55:15.0779 2292 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 10:55:15.0781 2292 UmPass - ok 10:55:15.0801 2292 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 10:55:15.0808 2292 UmRdpService - ok 10:55:15.0824 2292 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 10:55:15.0832 2292 upnphost - ok 10:55:15.0860 2292 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 10:55:15.0862 2292 USBAAPL64 - ok 10:55:15.0870 2292 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 10:55:15.0873 2292 usbccgp - ok 10:55:15.0891 2292 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 10:55:15.0894 2292 usbcir - ok 10:55:15.0907 2292 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 10:55:15.0909 2292 usbehci - ok 10:55:15.0934 2292 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 10:55:15.0940 2292 usbhub - ok 10:55:15.0948 2292 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 10:55:15.0950 2292 usbohci - ok 10:55:15.0962 2292 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 10:55:15.0965 2292 usbprint - ok 10:55:15.0978 2292 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 10:55:15.0982 2292 USBSTOR - ok 10:55:15.0997 2292 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 10:55:15.0999 2292 usbuhci - ok 10:55:16.0025 2292 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 10:55:16.0029 2292 UxSms - ok 10:55:16.0042 2292 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 10:55:16.0044 2292 VaultSvc - ok 10:55:16.0067 2292 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys 10:55:16.0070 2292 VClone - ok 10:55:16.0088 2292 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 10:55:16.0089 2292 vdrvroot - ok 10:55:16.0108 2292 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 10:55:16.0125 2292 vds - ok 10:55:16.0149 2292 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 10:55:16.0151 2292 vga - ok 10:55:16.0161 2292 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 10:55:16.0163 2292 VgaSave - ok 10:55:16.0173 2292 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 10:55:16.0177 2292 vhdmp - ok 10:55:16.0190 2292 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 10:55:16.0192 2292 viaide - ok 10:55:16.0211 2292 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 10:55:16.0216 2292 vmbus - ok 10:55:16.0225 2292 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 10:55:16.0227 2292 VMBusHID - ok 10:55:16.0241 2292 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 10:55:16.0244 2292 volmgr - ok 10:55:16.0262 2292 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 10:55:16.0267 2292 volmgrx - ok 10:55:16.0287 2292 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 10:55:16.0292 2292 volsnap - ok 10:55:16.0301 2292 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 10:55:16.0306 2292 vsmraid - ok 10:55:16.0342 2292 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 10:55:16.0377 2292 VSS - ok 10:55:16.0389 2292 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 10:55:16.0391 2292 vwifibus - ok 10:55:16.0408 2292 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 10:55:16.0416 2292 W32Time - ok 10:55:16.0430 2292 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 10:55:16.0432 2292 WacomPen - ok 10:55:16.0456 2292 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 10:55:16.0458 2292 WANARP - ok 10:55:16.0466 2292 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 10:55:16.0467 2292 Wanarpv6 - ok 10:55:16.0505 2292 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 10:55:16.0535 2292 wbengine - ok 10:55:16.0552 2292 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 10:55:16.0559 2292 WbioSrvc - ok 10:55:16.0573 2292 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 10:55:16.0581 2292 wcncsvc - ok 10:55:16.0595 2292 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 10:55:16.0600 2292 WcsPlugInService - ok 10:55:16.0624 2292 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 10:55:16.0626 2292 Wd - ok 10:55:16.0647 2292 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 10:55:16.0655 2292 Wdf01000 - ok 10:55:16.0668 2292 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 10:55:16.0674 2292 WdiServiceHost - ok 10:55:16.0678 2292 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 10:55:16.0681 2292 WdiSystemHost - ok 10:55:16.0694 2292 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 10:55:16.0701 2292 WebClient - ok 10:55:16.0719 2292 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 10:55:16.0726 2292 Wecsvc - ok 10:55:16.0739 2292 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 10:55:16.0743 2292 wercplsupport - ok 10:55:16.0759 2292 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 10:55:16.0764 2292 WerSvc - ok 10:55:16.0786 2292 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 10:55:16.0788 2292 WfpLwf - ok 10:55:16.0794 2292 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 10:55:16.0795 2292 WIMMount - ok 10:55:16.0808 2292 WinDefend - ok 10:55:16.0814 2292 WinHttpAutoProxySvc - ok 10:55:16.0858 2292 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 10:55:16.0862 2292 Winmgmt - ok 10:55:16.0911 2292 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 10:55:16.0954 2292 WinRM - ok 10:55:17.0000 2292 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 10:55:17.0002 2292 WinUsb - ok 10:55:17.0024 2292 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 10:55:17.0049 2292 Wlansvc - ok 10:55:17.0073 2292 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 10:55:17.0075 2292 WmiAcpi - ok 10:55:17.0097 2292 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 10:55:17.0101 2292 wmiApSrv - ok 10:55:17.0122 2292 WMPNetworkSvc - ok 10:55:17.0140 2292 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 10:55:17.0145 2292 WPCSvc - ok 10:55:17.0157 2292 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 10:55:17.0163 2292 WPDBusEnum - ok 10:55:17.0169 2292 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 10:55:17.0171 2292 ws2ifsl - ok 10:55:17.0182 2292 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 10:55:17.0188 2292 wscsvc - ok 10:55:17.0193 2292 WSearch - ok 10:55:17.0254 2292 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 10:55:17.0297 2292 wuauserv - ok 10:55:17.0308 2292 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 10:55:17.0311 2292 WudfPf - ok 10:55:17.0330 2292 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 10:55:17.0362 2292 WUDFRd - ok 10:55:17.0398 2292 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 10:55:17.0403 2292 wudfsvc - ok 10:55:17.0419 2292 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 10:55:17.0426 2292 WwanSvc - ok 10:55:17.0438 2292 ================ Scan global =============================== 10:55:17.0454 2292 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 10:55:17.0474 2292 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 10:55:17.0485 2292 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 10:55:17.0500 2292 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 10:55:17.0522 2292 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 10:55:17.0530 2292 [Global] - ok 10:55:17.0530 2292 ================ Scan MBR ================================== 10:55:17.0537 2292 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 10:55:17.0707 2292 \Device\Harddisk0\DR0 - ok 10:55:17.0707 2292 ================ Scan VBR ================================== 10:55:17.0720 2292 [ B0ED080C90094AEB8B541D4A7E29FACA ] \Device\Harddisk0\DR0\Partition1 10:55:17.0724 2292 \Device\Harddisk0\DR0\Partition1 - ok 10:55:17.0735 2292 [ 8CA0EBD65FD51C2E2FB0E2A68922DA0E ] \Device\Harddisk0\DR0\Partition2 10:55:17.0738 2292 \Device\Harddisk0\DR0\Partition2 - ok 10:55:17.0753 2292 [ 2545B7223865613077BC73BE888AF6F8 ] \Device\Harddisk0\DR0\Partition3 10:55:17.0755 2292 \Device\Harddisk0\DR0\Partition3 - ok 10:55:17.0755 2292 ============================================================ 10:55:17.0755 2292 Scan finished 10:55:17.0755 2292 ============================================================ 10:55:17.0763 0168 Detected object count: 0 10:55:17.0763 0168 Actual detected object count: 0 |
09.12.2012, 21:50 | #6 |
/// TB-Ausbilder | System infiziert. Email geblocked. Servus, Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 3 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
10.12.2012, 11:29 | #7 |
| System infiziert. Email geblocked. Hallo, hier die adwCleaner Log: Code:
ATTFilter # AdwCleaner v2.100 - Datei am 10/12/2012 um 11:25:14 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : *** - ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7rdr8s2k.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7rdr8s2k.default\searchplugins\SweetIm.xml Ordner Gelöscht : C:\Program Files (x86)\SweetIM Ordner Gelöscht : C:\ProgramData\SweetIM Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7rdr8s2k.default\SweetPacksToolbarData ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\SweetIM Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\Software\SweetIM Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16450 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v17.0.1 (de) Profilname : default Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7rdr8s2k.default\prefs.js Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={73434520-FCB8-11E1-864B-001D60[...] Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1354796048740"); Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.10001"); Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "disable"); Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...] Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...] Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...] Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...] Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...] Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150"); Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530"); Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...] Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false"); Gelöscht : user_pref("sweetim.toolbar.newtab.created", "false"); Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={73434[...] Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...] Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "true"); Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*"); Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false"); Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", ""); Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...] Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false"); Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...] Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10"); Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false"); Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{73434520-FCB8-11E1-864B-001D601A0B15}"); Gelöscht : user_pref("sweetim.toolbar.version", "1.7.0.3"); ************************* AdwCleaner[S1].txt - [10150 octets] - [10/12/2012 11:25:14] ########## EOF - C:\AdwCleaner[S1].txt - [10211 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.0.4 (12.09.2012:4) OS: Windows 7 Professional x64 Ran by *** on 10.12.2012 at 11:35:02,62 Blog: hxxp://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.12.2012 at 11:41:36,23 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter ComboFix 12-12-07.01 - *** 10.12.2012 12:01:24.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2896 [GMT 1:00] ausgeführt von:: c:\users\***\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-10 bis 2012-12-10 )))))))))))))))))))))))))))))) . . 2012-12-10 11:07 . 2012-12-10 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-10 10:35 . 2012-12-10 10:35 -------- d-----w- c:\windows\ERUNT 2012-12-10 10:34 . 2012-12-10 10:34 -------- d-----w- C:\JRT 2012-12-07 15:25 . 2012-12-07 15:25 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2012-12-07 15:25 . 2012-12-07 15:25 -------- d-----w- c:\programdata\Malwarebytes 2012-12-07 15:25 . 2012-12-07 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-07 15:25 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 16:58 . 2012-12-09 11:27 -------- d-----w- c:\users\***\AppData\Local\Spotify 2012-12-03 16:58 . 2012-12-09 17:17 -------- d-----w- c:\users\***\AppData\Roaming\Spotify 2012-11-28 17:12 . 2012-11-28 17:12 -------- d-----w- c:\users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-11-27 14:48 . 2012-11-27 14:48 -------- d-----w- c:\users\***\AppData\Roaming\ATI 2012-11-27 14:48 . 2012-11-27 14:48 -------- d-----w- c:\users\***\AppData\Local\ATI 2012-11-27 14:48 . 2012-11-27 14:48 -------- d-----w- c:\programdata\ATI 2012-11-27 14:47 . 2012-11-27 14:47 -------- d-----w- c:\programdata\AMD 2012-11-27 14:47 . 2012-11-27 14:47 -------- d-----w- c:\program files (x86)\AMD AVT 2012-11-27 14:47 . 2012-11-27 14:47 -------- d-----w- c:\program files (x86)\AMD APP 2012-11-27 14:47 . 2012-11-27 14:47 -------- d-----w- c:\program files\Common Files\ATI Technologies 2012-11-27 14:47 . 2012-11-27 14:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies 2012-11-27 14:46 . 2012-11-27 14:46 -------- d-----w- c:\program files (x86)\ATI Technologies 2012-11-27 14:45 . 2012-11-27 14:45 -------- d-----w- c:\program files\ATI 2012-11-27 14:42 . 2012-11-27 14:47 -------- d-----w- c:\program files\ATI Technologies 2012-11-27 14:41 . 2012-11-27 14:41 -------- d-----w- C:\AMD 2012-11-26 12:53 . 2012-11-26 12:53 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-11-26 12:52 . 2012-11-26 12:53 -------- d-----w- c:\program files\Adobe 2012-11-26 12:49 . 2012-11-26 12:53 -------- d-----w- c:\program files\Common Files\Adobe 2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\program files (x86)\Adobe Download Assistant 2012-11-26 12:29 . 2012-11-26 12:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-11-17 19:34 . 2007-04-04 17:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll 2012-11-16 14:41 . 2012-12-05 19:38 -------- d-----w- c:\users\***\AppData\Roaming\vlc 2012-11-16 14:40 . 2012-11-16 14:40 -------- d-----w- c:\program files\VideoLAN 2012-11-10 15:34 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC82347B-DC61-433F-9481-6E658A6C1827}\mpengine.dll 2012-11-10 15:32 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-11-10 15:32 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-10 15:32 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-11-10 15:32 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-11-10 15:32 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-08 11:40 . 2012-04-23 17:09 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-08 11:40 . 2012-04-23 17:09 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-30 22:51 . 2012-05-02 19:18 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-05-02 19:18 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-05-02 19:18 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-05-02 19:18 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-05-02 19:18 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-05-02 19:17 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-05-02 19:17 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-05-02 19:18 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-05-02 19:18 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-09-27 23:18 . 2012-05-08 18:50 65309168 ----a-w- c:\windows\system32\MRT.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-12-03 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] . . Inhalt des "geplante Tasks" Ordners . 2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 11:40] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7rdr8s2k.default\ FF - prefs.js: browser.startup.homepage - www.google.de FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-12-10 12:10:22 ComboFix-quarantined-files.txt 2012-12-10 11:10 . Vor Suchlauf: 8 Verzeichnis(se), 138.500.345.856 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 138.362.736.640 Bytes frei . - - End Of File - - 304006B485CA5984CE52A82CE67BB06F Geändert von DigY_ (10.12.2012 um 12:16 Uhr) |
10.12.2012, 16:44 | #8 |
/// TB-Ausbilder | System infiziert. Email geblocked. Servus, wie läuft dein Rechner derzeit? Gibt es noch Probleme, die auf Malware hindeuten? Wenn ja, welche? Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
10.12.2012, 17:34 | #9 |
| System infiziert. Email geblocked. Hi, Rechner läuft ganz gut. Tatt er aber eigentlich vorher auch. Der einzige sichtbare unterschied ist, dass die Toolbar nun entgültig weg ist ( was ich vorher nicht geschafft habe). War also ne art von Malware nehm ich mal an ?! Der Grund für meinen Post war wie gesagt, dass ich nicht mehr auf meine Mail-Adresse zugreiffen kann. Durch einen Anruf kann man diese Sprerre zwar aufheben, allerdings sollte man vorher sein System bereinigen, was hoffentlich nun der Fall ist.(?) Hier das Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 10.12.2012 17:11:02 mbam-log-2012-12-10 (17-11-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 207298 Laufzeit: 2 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Okay nach 2 Studen ESET Scan und erst 50% musst ich nun abbrechen, da ich weg muss.... Denke werde dann morgen nen neuen anlauf machen. Geändert von DigY_ (10.12.2012 um 18:28 Uhr) |
10.12.2012, 19:48 | #10 |
/// TB-Ausbilder | System infiziert. Email geblocked. Servus, vielen Dank für die Info. Alles weitere dann morgen. |
11.12.2012, 16:42 | #11 |
| System infiziert. Email geblocked. ESET log. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f85e098fe1f1ef4c80d1218b34b58be7 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-10 06:22:04 # local_time=2012-12-10 07:22:04 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 2360656 131877196 0 0 # compatibility_mode=5893 16776574 100 94 2602041 106793574 0 0 # scanned=202572 # found=0 # cleaned=0 # scan_time=7120 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f85e098fe1f1ef4c80d1218b34b58be7 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-11 01:52:46 # local_time=2012-12-11 02:52:46 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 2434498 131947438 0 0 # compatibility_mode=5893 16776574 100 94 2675883 106863816 0 0 # scanned=156975 # found=1 # cleaned=0 # scan_time=3925 C:\Users\***\Downloads\installs\vlc-2.0.4-win64.exe Win32/StartPage.OPH trojan (unable to clean) 2EA01BDDE25D4303699A47C59405AACF07BCE798 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f85e098fe1f1ef4c80d1218b34b58be7 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-11 03:37:32 # local_time=2012-12-11 04:37:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 2437184 131953724 0 0 # compatibility_mode=5893 16776574 100 94 2678569 106870102 0 0 # scanned=168268 # found=1 # cleaned=0 # scan_time=6209 C:\Users\***\Downloads\installs\vlc-2.0.4-win64.exe Win32/StartPage.OPH trojan (unable to clean) 2EA01BDDE25D4303699A47C59405AACF07BCE798 I Ist übrigens nocht nicht der ganze Scan. Hab ihn ausversehen abgebrochen *heul*. Mach gerade noch mal einen, hoffe allerdings, dass da nichts mehr kommt. SecurityCheck Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Adobe Flash Player 11.5.502.110 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f85e098fe1f1ef4c80d1218b34b58be7 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-10 06:22:04 # local_time=2012-12-10 07:22:04 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 2360656 131877196 0 0 # compatibility_mode=5893 16776574 100 94 2602041 106793574 0 0 # scanned=202572 # found=0 # cleaned=0 # scan_time=7120 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f85e098fe1f1ef4c80d1218b34b58be7 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-11 01:52:46 # local_time=2012-12-11 02:52:46 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 2434498 131947438 0 0 # compatibility_mode=5893 16776574 100 94 2675883 106863816 0 0 # scanned=156975 # found=1 # cleaned=0 # scan_time=3925 C:\Users\***\Downloads\installs\vlc-2.0.4-win64.exe Win32/StartPage.OPH trojan (unable to clean) 2EA01BDDE25D4303699A47C59405AACF07BCE798 I ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f85e098fe1f1ef4c80d1218b34b58be7 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-11 03:37:32 # local_time=2012-12-11 04:37:32 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 2437184 131953724 0 0 # compatibility_mode=5893 16776574 100 94 2678569 106870102 0 0 # scanned=168268 # found=1 # cleaned=0 # scan_time=6209 C:\Users\***\Downloads\installs\vlc-2.0.4-win64.exe Win32/StartPage.OPH trojan (unable to clean) 2EA01BDDE25D4303699A47C59405AACF07BCE798 I ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f85e098fe1f1ef4c80d1218b34b58be7 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-11 05:26:23 # local_time=2012-12-11 06:26:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 100 94 2447315 131960255 0 0 # compatibility_mode=5893 16776574 100 94 2688700 106876633 0 0 # scanned=248843 # found=1 # cleaned=0 # scan_time=5210 C:\Users\***\Downloads\installs\vlc-2.0.4-win64.exe Win32/StartPage.OPH trojan (unable to clean) 2EA01BDDE25D4303699A47C59405AACF07BCE798 I Geändert von DigY_ (11.12.2012 um 17:35 Uhr) |
11.12.2012, 20:37 | #12 | |
/// TB-Ausbilder | System infiziert. Email geblocked. Servus, Zitat:
Bitte lösche die folgende Datei per Hand: C:\Users\***\Downloads\installs\vlc-2.0.4-win64.exe Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 2 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 3 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 4 Downloade dir bitte delfix auf deinen Desktop.
Schritt 5 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
12.12.2012, 19:08 | #13 |
| System infiziert. Email geblocked. Hi, habe das file gelöscht. Den VLC Player an sich habe ich allerdings noch immer installiert. Ich nehme aber mal an, dass das jetzt kein problem mehr ist ? Schritt 1 - 5 hab ich ausgeführt. SpyewareBlaster ist von der Funktion änlich wie Malwarebytes ? mit der Funktion mein System zurücksetzten zu können ? AdBlockPlus hab ich schon ewig drauf (wer nicht? ), und den Rest muss ich mir noch mal genauer anschauen. Auf jeden Fall danke für deine Hilfe, ein Frohes Fest und einen guten Rutsch dann noch Edit: Hab gerade gelesen, dass du vor kurzem Geburtstag hattest. Also auch noch mal ALLES GUTE nachträglich von mir. Geändert von DigY_ (12.12.2012 um 19:16 Uhr) |
12.12.2012, 19:26 | #14 | |
/// TB-Ausbilder | System infiziert. Email geblocked.Zitat:
Ich bin froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
Themen zu System infiziert. Email geblocked. |
adobe, antivirus, autorun, avast, battle.net, bho, bonjour, email, error, firefox, flash player, format, infiziert., install.exe, logfile, mozilla, msiexec.exe, nicht öffnen, object, plug-in, registry, rundll, scan, security, server, software, spotify web helper, svchost.exe, sweetpacks, system, teamspeak, udp, visual studio, windows |