| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2012, 11:13
| #1 |
| |  C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hallo zusammen, leider habe ich scheinbar einiges an Viren auf meinem Computer. Ich habe von Sophos die Meldung bekommen, dass der PC Performer Manager in Quarantäne verschoben wurde. Ein einfaches Entfernen mit Sophos hat nicht funktioniert, ich bekomme die Meldung immer noch. Außerdem habe ich im Task Manager einen Prozess entdeckt, "tbhcn.exe", den ich nicht kenne. Beide Probleme habe ich bei google eingegeben und bin auf dieses Forum aufmerksam geworden. Ich habe jetzt einmal einen Suchlauf mit Malwarebytes gemacht und folgendes Ergebnis erhalten: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.17.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniela :: DANIELA-PC [Administrator] 17.12.2012 09:36:48 mbam-log-2012-12-17 (11-02-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 553288 Laufzeit: 1 Stunde(n), 22 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 40 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0003491.BHO.1 (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Daten: Vid-Saver -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 10 C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Guest\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Guest\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Keine Aktion durchgeführt. Infizierte Dateien: 103 C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Temp\softonic_ssk_conduit.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Temp\VidSaver14_20120508.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Temp\InstallShare2773\FunmoodsSetupV2.1.exe (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Keine Aktion durchgeführt. (Ende) Vielen Dank und viele Grüße |
|
17.12.2012, 11:26
| #2 |
| /// Malware-holic   | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hi,
__________________sieht erst mal nicht tragisch aus. viel Adware Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
17.12.2012, 14:33
| #3 |
| | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hier mal der Text aus der OTL.text
__________________Code:
ATTFilter OTL logfile created on: 17.12.2012 14:08:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniela\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free 7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe PRC - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2012.12.14 14:46:07 | 000,928,832 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.09.26 15:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe PRC - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 18:59:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.15 18:59:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.15 18:59:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll MOD - [2012.11.15 18:59:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.15 18:59:00 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.15 18:58:48 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe MOD - [2007.10.08 09:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.core.dll MOD - [2007.10.08 09:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.common.dll MOD - [2007.10.08 09:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll MOD - [2007.09.06 21:40:36 | 000,692,224 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodrs.dll MOD - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe MOD - [2007.09.06 21:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll MOD - [2007.08.10 07:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe MOD - [2007.06.14 21:45:05 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocnv4.dll MOD - [2007.05.22 15:10:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocaps.dll MOD - [2007.05.03 16:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll MOD - [2007.03.26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.10.26 01:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.13 18:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV:64bit: - [2007.09.20 21:33:06 | 001,039,360 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdocoms.exe -- (lxdo_device) SRV:64bit: - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService) SRV - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.12.14 14:41:57 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.12.06 16:13:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.11.15 00:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.09.20 21:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdocoms.exe -- (lxdo_device) SRV - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.07.25 18:53:49 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011.10.26 02:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 00:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.01 09:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2011.08.25 02:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011.01.08 00:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.05.15 05:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.04.22 01:06:42 | 000,399,936 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_usb.sys -- (NUMARK_OMNICONTROL) DRV:64bit: - [2010.04.22 01:06:40 | 000,050,240 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_wdm.sys -- (NUMARK_OMNICONTROL_WDM) DRV:64bit: - [2010.04.22 01:06:38 | 000,031,296 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2midi.sys -- (NUMARK_OMNICONTROL_MIDI) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys -- (SANDRA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKLM\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=109958&tt=3012_1&babsrc=HP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 26 8C 53 8A 44 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF} IE - HKCU\..\SearchScopes,DefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKCU\..\SearchScopes\{34F18C3E-95F3-4D26-A78C-8693276A09CF}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980 IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=3012_1&babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search" FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e&tlver=1.5.29.1&instlRef=sst&babTrack&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.13 09:34:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles/4ohvftw3.default\extensions\specialsavings@superfish.com [2012.08.16 21:27:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.16 21:27:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M] [2012.04.09 15:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Extensions [2012.12.14 14:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions [2012.12.12 08:37:51 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.24 10:04:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.12.03 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2012.08.16 21:18:16 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com [2012.12.12 08:37:50 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com [2012.07.24 19:04:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\ffxtlbr@babylon.com [2012.08.16 21:27:09 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\specialsavings@superfish.com [2012.12.12 08:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode [2012.12.14 14:36:26 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\toolbar@web.de.xpi [2012.12.12 08:37:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.24 10:04:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.03 17:29:43 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.12.14 15:39:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012.12.17 08:59:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire [2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire [2012.12.17 09:00:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire [2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire [2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire [2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012.12.17 08:59:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012.12.14 15:39:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.12.14 14:36:31 | 000,000,911 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\11-suche.xml [2012.12.14 14:36:31 | 000,002,273 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\englische-ergebnisse.xml [2012.12.14 14:36:31 | 000,010,563 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\gmx-suche.xml [2012.12.14 14:36:31 | 000,002,432 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\lastminute.xml [2012.08.16 21:18:17 | 000,002,792 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Plusnetwork.xml [2012.07.24 19:04:26 | 000,002,339 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Search.xml [2012.12.14 14:36:31 | 000,005,545 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\webde-suche.xml [2012.12.06 16:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.06 16:13:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.23 10:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.24 19:02:12 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (appbario8 Toolbar) - {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe () O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe () O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B69BBBF-BBCF-4BDF-BEA1-A64A8CA283A8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited) O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MsConfig:64bit - StartUpReg: Lexmark 9500 Series - hkey= - key= - C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe () MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.17 14:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe [2012.12.17 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Malwarebytes [2012.12.17 09:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.17 09:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.17 09:34:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.17 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.14 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.12.14 15:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.12.14 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.12.14 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos [2012.12.14 14:45:00 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.12.14 14:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.12.13 09:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2012.12.13 09:40:47 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\PDF Architect [2012.12.13 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING [2012.12.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Documents\PDF Architect Files [2012.12.13 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2012.12.13 09:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\pdfforge [2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.12.13 09:33:36 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.12.13 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.12.13 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Programs [2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Blender [2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Blender [2012.12.13 07:36:53 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung_MAN [2012.12.12 11:17:26 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilders [2012.12.06 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.27 21:01:14 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung Michael [2012.11.27 21:00:13 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilder Oma und Opa [2012.11.22 19:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.22 19:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.22 19:24:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe [2012.12.17 14:02:28 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2012.12.17 14:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.17 09:35:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 09:04:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.17 09:04:58 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.17 09:04:58 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 08:58:08 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.12.14 19:37:25 | 000,003,215 | ---- | M] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk [2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.12.14 14:42:26 | 000,037,440 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.12.14 14:28:55 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.12.14 07:45:48 | 000,273,758 | ---- | M] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf [2012.12.13 16:50:38 | 000,002,044 | -H-- | M] () -- C:\Users\Daniela\Documents\Default.rdp [2012.12.13 14:08:58 | 000,000,000 | ---- | M] () -- C:\Users\Daniela\Documents\NEWSOFT [2012.12.13 14:02:10 | 000,007,637 | ---- | M] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf [2012.12.13 13:55:51 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.13 09:46:23 | 001,357,837 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf [2012.12.13 09:43:08 | 000,648,398 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf [2012.12.13 09:40:43 | 000,715,168 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf [2012.12.13 09:34:42 | 000,000,993 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk [2012.12.13 09:33:48 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.12.13 09:01:17 | 000,001,038 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk [2012.12.13 08:48:00 | 002,475,720 | ---- | M] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF [2012.12.13 08:23:29 | 000,497,162 | ---- | M] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf [2012.12.07 09:56:16 | 000,291,235 | -H-- | M] () -- C:\Users\Daniela\Desktop\ZbThumbnail.info [2012.12.07 09:54:17 | 001,354,020 | ---- | M] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg [2012.11.22 19:24:56 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.17 09:35:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.14 19:37:25 | 000,003,215 | ---- | C] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk [2012.12.13 14:02:10 | 000,007,637 | ---- | C] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf [2012.12.13 09:46:22 | 001,357,837 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf [2012.12.13 09:43:08 | 000,648,398 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf [2012.12.13 09:40:42 | 000,715,168 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf [2012.12.13 09:34:42 | 000,000,993 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk [2012.12.13 09:33:48 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.12.13 09:01:17 | 000,001,038 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk [2012.12.13 08:48:00 | 002,475,720 | ---- | C] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF [2012.12.13 08:24:07 | 000,497,162 | ---- | C] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf [2012.12.08 11:10:27 | 000,273,758 | ---- | C] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf [2012.12.07 10:12:28 | 004,900,888 | ---- | C] () -- C:\Users\Daniela\Desktop\Michi.JPG [2012.12.07 09:54:16 | 001,354,020 | ---- | C] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg [2012.08.19 16:15:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.24 19:03:48 | 000,384,844 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods-speeddial.crx [2012.07.24 19:03:47 | 000,031,465 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods.crx [2012.07.21 13:59:00 | 011,632,640 | ---- | C] () -- C:\Users\Daniela\AppData\Roaming\Sandra.mdb [2012.07.21 13:57:56 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.21 13:48:14 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll [2012.04.21 13:48:14 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2012.04.21 13:46:04 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll [2012.04.21 13:46:03 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll [2012.04.21 13:46:03 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll [2012.04.21 13:46:03 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll [2012.04.21 13:46:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll [2012.04.21 13:46:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll [2012.04.21 13:45:59 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll [2012.04.21 13:45:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll [2012.04.21 13:45:58 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll [2012.04.21 13:45:58 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll [2012.04.21 13:45:58 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe [2012.04.21 13:45:57 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll [2012.04.21 13:45:57 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe [2012.04.21 13:45:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll [2012.04.21 13:45:56 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.10.26 00:38:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.10.26 00:38:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 21:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.22 16:15:56 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\9500 Series [2012.04.14 11:19:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\AbiSuite [2012.12.13 09:34:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING [2012.07.24 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Babylon [2012.07.24 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BabylonToolbar [2012.12.17 14:12:11 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion [2012.07.24 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canneverbe Limited [2012.04.23 06:09:25 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canon [2012.12.17 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Dropbox [2012.08.16 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoft [2012.08.16 21:18:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.23 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\GHISLER [2012.04.21 16:50:28 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Lexmark Productivity Studio [2012.10.16 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\NewSoft [2012.12.13 09:40:49 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PDF Architect [2012.12.13 09:33:48 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\pdfforge [2012.04.23 07:07:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PhotoScape [2012.08.25 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\STRATO [2012.06.23 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.15 21:04:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.07.25 18:54:20 | 000,000,000 | ---D | M] -- C:\Intel [2012.04.21 13:55:24 | 000,000,000 | ---D | M] -- C:\logs [2012.04.14 16:58:21 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.06.23 15:49:11 | 000,000,000 | ---D | M] -- C:\numark DJ Pult Treiber [2012.06.17 19:20:41 | 000,000,000 | ---D | M] -- C:\Patent [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.14 15:30:45 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.17 09:34:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.17 09:35:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.04.09 14:55:42 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.04.09 15:23:12 | 000,000,000 | ---D | M] -- C:\savw_100_sa [2012.12.17 09:33:55 | 000,000,000 | ---D | M] -- C:\setups [2012.12.17 14:10:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.23 14:55:56 | 000,000,000 | ---D | M] -- C:\totalcmd [2012.06.23 16:49:56 | 000,000,000 | ---D | M] -- C:\Traktor nomml [2012.06.23 15:49:19 | 000,000,000 | ---D | M] -- C:\Traktor Pro DJ Software [2012.12.15 21:04:12 | 000,000,000 | R--D | M] -- C:\Users [2012.06.23 17:52:21 | 000,000,000 | ---D | M] -- C:\VDJ2 [2012.06.23 17:53:44 | 000,000,000 | ---D | M] -- C:\VDJ3 [2012.09.01 07:58:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.13 19:13:02 | 000,000,550 | ---- | C] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.01.26 22:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2012a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.17 14:10:25 | 002,621,440 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat [2012.12.17 14:10:25 | 000,262,144 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG1 [2012.04.09 14:55:52 | 000,000,000 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG2 [2012.04.09 14:58:14 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.09.01 09:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TM.blf [2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000001.regtrans-ms [2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000002.regtrans-ms [2012.04.09 14:55:52 | 000,000,020 | -HS- | M] () -- C:\Users\Daniela\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > [2012.08.16 21:09:56 | 001,750,528 | ---- | M] (Yuna Software) -- C:\Users\Daniela\Local Settings\Temp\Browser_Helper_Companion_DE.exe [2012.07.25 22:26:45 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u34-windows-i586-iftw.exe [2012.08.29 13:07:10 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe [2012.10.01 17:44:51 | 000,912,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe [2012.08.05 08:09:04 | 025,653,936 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Daniela\Local Settings\Temp\SkypeSetup.exe [2012.08.16 21:25:46 | 000,666,272 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\softonic_ssk_conduit.exe [2012.06.23 16:48:47 | 001,873,032 | ---- | M] (215 Apps) -- C:\Users\Daniela\Local Settings\Temp\VidSaver14_20120508.exe [250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.dll > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniela\Local Settings\Temp\FirewallAPI.dll [2012.08.16 21:18:17 | 000,362,029 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\sqlite3.dll [250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.12.2012 14:08:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniela\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5226BC-E4EA-4166-AB8F-521D4645782C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1BF56D3D-5C33-4FC9-A617-421DD7373721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{522A262B-5BE8-4C3F-AC41-62C2DDCDB6C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E81AC6C-A6A2-456B-A895-66F3C35A61F3}" = lport=139 | protocol=6 | dir=in | app=system |
"{649FB298-7795-4D7E-8D43-40687D597E98}" = lport=445 | protocol=6 | dir=in | app=system |
"{6A595F77-0580-462E-9444-A172D809B294}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E351B74-31BE-4ACB-A546-FB8FEBAF93A3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\rpcagentsrv.exe |
"{76492EDB-4883-448A-97B9-F4A0AA46B752}" = lport=10243 | protocol=6 | dir=in | app=system |
"{767FACEA-91A9-492D-AF21-EFFEB757B43D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{771DCB17-1EE3-45E7-949F-175039E2F370}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C6A87AC-FA87-4A1A-A921-F7E8DFC3EDE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81630A44-89EB-4749-8BD1-1FD6CCF67663}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83DE482F-D082-4334-B515-EB8EFC625059}" = lport=138 | protocol=17 | dir=in | app=system |
"{840B4F4A-4303-48AA-BBD1-A584B80CA947}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8B617B50-FFD9-4C70-B3A0-1247DEC49B4C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\wnt500x64\rpcsandrasrv.exe |
"{932D09B9-3F8F-4058-88E3-533E4C3A323A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95313063-3A24-401B-A863-D05E828CA303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B0C97BF-2256-4E52-8EBB-161EF57EE0B6}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D58C05D-0119-42E9-BD86-74C3BA9E54FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E0EA2E-5ACE-4A45-B346-480D16B3F07B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A8641D9F-FA8C-4440-8664-0C8837565D24}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBCFAE4B-F6AF-4F0F-877C-C0F451053F99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DEE1C061-5384-4236-B08C-15FBD2B45DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E90CA7B5-ADBF-48BD-ABF2-A2D361B7E938}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F4C17FE4-D039-438C-9A0D-C233FCAAC2C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{F72F8E4D-D435-4D3E-B88E-C0DF00DBE561}" = rport=138 | protocol=17 | dir=out | app=system |
"{F7959A64-EF2E-4F85-AA46-3703CDB00649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0021B6DA-0AF2-4E50-B139-A3E1913977AF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{01D761E7-62FD-490E-A0C0-110BC45CC6E0}" = protocol=6 | dir=out | app=system |
"{137AA8DB-9C7A-4639-B462-5FA11399AAC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{141380F0-D124-4DD2-8390-7B30404C50CC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe |
"{2077D096-0209-4DD4-B341-78847BC4F2F7}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{212C070F-2285-4CC1-99BA-9ECBB514416A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{212C3BCA-F604-4626-803A-2337E27E92FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30657F83-BC65-43AB-A0A8-B5FB8EEFDF68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{31CF9225-D3FF-4C8E-AFF6-42A856FFF5E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{351DC4F3-21DE-4CD8-AF1F-58EEDB1AEC58}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe |
"{450BDF62-E2F3-43D0-97D3-5FFFF0E36264}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47418643-E062-47C7-B0C4-1ED40BF08C4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CB1C86D-934D-4A2B-AA15-BE3E0B7DC813}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EB2F145-0CE4-47C4-AD01-C05BF380727F}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe |
"{5409AE5A-67C5-4F80-AB12-353FDA403BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe |
"{571F0524-76D0-4B09-AB27-4C75BF79C576}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{58A6A6E5-6A04-439B-928E-9EE5902FF18C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{599A6D7B-02C2-412A-B0D0-796A96A57362}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdocoms.exe |
"{6548724C-F1AA-492B-88FD-82A2FBC6556E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6925CB2B-EEA8-46ED-919F-4CD89520EC56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6F039D07-152F-44BE-87A1-9A7DE5D9CA5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FF02524-9C51-4F26-A8E5-837FD910509F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe |
"{7B6A70E8-895F-4ACC-99FC-A0C641610C76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7CBABE19-6F7A-4339-9227-39F347DCC95D}" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"{7CEEA206-648C-4D53-BF0B-CE7FAC6239C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdocoms.exe |
"{7F169A79-3EC2-426B-BFA7-8DE615F8F49A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{8574990B-BCBB-4B4B-8575-4580DEB3DEB3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
"{9ED297B3-32CD-4B91-AA00-4B72D363102B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0058A6D-8099-4E2E-B83C-518A798CB086}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A74BA43F-8FB6-45D1-9586-FE682AAB2027}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AD26D55C-5D73-4F2D-8317-F96809171620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6FFDD5B-3923-4AE1-B9C7-E45CBE3169A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7B0CCDD-ED41-4082-A091-43EB0C07EE36}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"{BA11B601-C57C-43AD-B222-1B9CD17DB057}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB4B2796-3A18-4C04-AF03-D1CB586D7A18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C60F8AE1-B077-47A5-8394-B61CD6E111D3}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C82FC724-CCB2-417A-97D7-D089A264D809}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe |
"{CAA1A207-1B0A-4CE8-AB9C-188153E2464D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe |
"{D0D585EA-355B-48E4-A700-112A26DB5FF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D533F55B-06CF-441A-9FB7-2DEFA5987B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe |
"{DB7F2D53-6D15-4202-9FE0-3A7F58AFFAD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1DBCFDC-4829-4C85-97A8-EE1860974005}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E274C5D3-7F1D-4A1A-8A75-208919B78266}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
"{E89B9EB5-A1AA-430B-BD48-9BA5D726CC27}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9935C7E-C64A-40DD-98BC-8CE2043A6B06}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe |
"{F2B167AB-E071-4828-841D-8DE726F0B751}" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"{F331EF02-EBA7-48C8-B822-6B9758CDF825}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe |
"{F8D70D8C-2611-41EC-A766-2FA4D698319B}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FC232706-0BD5-4B49-A1E0-38CC5DA2829F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"TCP Query User{11AD1681-9EE0-450B-A265-8E0A3815D992}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2D8DFF63-311C-44BC-99E4-BCA116438552}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
"TCP Query User{FDEA5079-5A15-4792-850F-15F29F400A6B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{0F7CF7A3-DB39-4153-BA7B-247B7DA1E9B5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{24617DDD-98DC-4AEA-BF5E-861C692739FB}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{56679297-EED7-48FF-960A-FAECDFD8F2F6}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Lexmark 9500 Series" = Lexmark 9500 Series
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"USB_AUDIO_DEusb-audio.deNumarkOMNICONTROL" = OMNI CONTROL USB Audio driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C42B0AD-3D32-4721-9665-AFD958AF6523}" = Remote Desktop
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.9.2
"appbario8 Toolbar" = appbario8 Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BrowserCompanion" = BrowserCompanion
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"funmoods" = Funmoods Web Search
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"PDF Blender" = PDF Blender
"pdfsam" = pdfsam
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SpecialSavings" = SpecialSavings
"STRATO HiDrive" = STRATO HiDrive (remove only)
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Wondershare Vivideo_is1" = Wondershare Vivideo(Build 2.0.0.12)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.12.2012 02:17:10 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_windows-live-movie-maker.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_wondershare-vivideo.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
Error - 15.12.2012 15:08:00 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.12.2012 13:08:15 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 04:00:01 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 04:16:43 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: lxdocoms.exe, version: 1.232.15.0, time
stamp: 0x46f2d8ff Faulting module name: lxdohbn3.dll, version: 1.232.15.0, time
stamp: 0x46f2d8d7 Exception code: 0xc0000005 Fault offset: 0x0000000000061053 Faulting
process id: 0x514 Faulting application start time: 0x01cddc2c50f929c0 Faulting application
path: C:\Windows\system32\lxdocoms.exe Faulting module path: C:\Windows\system32\lxdohbn3.dll
Report
Id: 1704df1d-4822-11e2-9cbb-00262d75d392
Error - 17.12.2012 09:07:46 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FRun.exe, version: 1.41.0.0, time stamp:
0x462e566d Faulting module name: lxdoDRS.dll_unloaded, version: 0.0.0.0, time stamp:
0x46e065c4 Exception code: 0xc0000005 Fault offset: 0x0a2c4c97 Faulting process id:
0x858 Faulting application start time: 0x01cddc2ecbd5a4ce Faulting application path:
C:\Program Files (x86)\Lexmark 9500 Series\FRun.exe Faulting module path: lxdoDRS.dll
Report
Id: bfdaee2e-484a-11e2-9cbb-00262d75d392
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS
Error - 17.12.2012 06:57:13 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).
Error - 17.12.2012 06:57:26 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
1026 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.
[ System Events ]
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 07.10.2012 04:08:11 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description =
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = PNRPSvc | ID = 102
Description =
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 07.10.2012 05:16:09 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
17.12.2012, 14:36
| #4 |
| | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hier mal der Text aus der OTL.text Code:
ATTFilter OTL logfile created on: 17.12.2012 14:08:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniela\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free 7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe PRC - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe PRC - [2012.12.14 14:46:07 | 000,928,832 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe PRC - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe PRC - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe PRC - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.09.26 15:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe PRC - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe ========== Modules (No Company Name) ========== MOD - [2012.11.15 18:59:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.15 18:59:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.15 18:59:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll MOD - [2012.11.15 18:59:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.15 18:59:00 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.15 18:58:48 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.07.02 10:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe MOD - [2007.10.08 09:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.core.dll MOD - [2007.10.08 09:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.monitor.common.dll MOD - [2007.10.08 09:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.dll MOD - [2007.09.06 21:40:36 | 000,692,224 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodrs.dll MOD - [2007.09.06 21:38:57 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe MOD - [2007.09.06 21:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoscw.dll MOD - [2007.08.10 07:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2007.08.10 07:11:54 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe MOD - [2007.06.14 21:45:05 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocnv4.dll MOD - [2007.05.22 15:10:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocaps.dll MOD - [2007.05.03 16:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdodatr.dll MOD - [2007.03.26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 9500 Series\lxdocats.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.10.26 01:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.06.13 18:47:02 | 000,068,760 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV:64bit: - [2007.09.20 21:33:06 | 001,039,360 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdocoms.exe -- (lxdo_device) SRV:64bit: - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService) SRV - [2012.12.14 14:46:15 | 000,236,608 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service) SRV - [2012.12.14 14:43:08 | 000,159,296 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService) SRV - [2012.12.14 14:42:55 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService) SRV - [2012.12.14 14:42:51 | 002,878,016 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service) SRV - [2012.12.14 14:41:57 | 002,010,688 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe -- (swi_update_64) SRV - [2012.12.06 16:13:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2012.06.07 09:54:31 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service) SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.11.15 00:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.09.20 21:05:06 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdocoms.exe -- (lxdo_device) SRV - [2007.07.17 13:29:01 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe -- (lxdoCATSCustConnectService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess) DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.07.25 18:53:49 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011.10.26 02:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 00:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.01 09:47:32 | 000,036,640 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter) DRV:64bit: - [2011.08.25 02:46:56 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011.01.08 00:22:22 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.05.15 05:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.04.22 01:06:42 | 000,399,936 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_usb.sys -- (NUMARK_OMNICONTROL) DRV:64bit: - [2010.04.22 01:06:40 | 000,050,240 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2_wdm.sys -- (NUMARK_OMNICONTROL_WDM) DRV:64bit: - [2010.04.22 01:06:38 | 000,031,296 | ---- | M] (Numark) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nkc2midi.sys -- (NUMARK_OMNICONTROL_MIDI) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys -- (SANDRA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKLM\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=109958&tt=3012_1&babsrc=HP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 26 8C 53 8A 44 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF} IE - HKCU\..\SearchScopes,DefaultScope = {34F18C3E-95F3-4D26-A78C-8693276A09CF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583 IE - HKCU\..\SearchScopes\{34F18C3E-95F3-4D26-A78C-8693276A09CF}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980 IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{6C052F87-11C0-559B-F1AA-51BEA08DB7EC}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=3012_1&babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search" FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e&tlver=1.5.29.1&instlRef=sst&babTrack&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.13 09:34:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles/4ohvftw3.default\extensions\specialsavings@superfish.com [2012.08.16 21:27:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.16 21:27:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 16:13:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.13 09:54:31 | 000,000,000 | ---D | M] [2012.04.09 15:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Extensions [2012.12.14 14:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions [2012.12.12 08:37:51 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.24 10:04:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.12.03 17:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2012.08.16 21:18:16 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com [2012.12.12 08:37:50 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com [2012.07.24 19:04:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\ffxtlbr@babylon.com [2012.08.16 21:27:09 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\specialsavings@superfish.com [2012.12.12 08:37:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\crossriderapp3491@crossrider.com\chrome\content\extensionCode [2012.12.14 14:36:26 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\toolbar@web.de.xpi [2012.12.12 08:37:50 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.24 10:04:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.03 17:29:43 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.12.14 15:39:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012.12.17 08:59:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire [2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire [2012.12.17 09:00:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire [2012.12.17 14:03:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire [2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.12.17 09:00:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire [2012.12.17 08:59:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012.12.17 08:59:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012.12.14 15:39:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012.12.14 15:39:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.12.14 14:36:31 | 000,000,911 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\11-suche.xml [2012.12.14 14:36:31 | 000,002,273 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\englische-ergebnisse.xml [2012.12.14 14:36:31 | 000,010,563 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\gmx-suche.xml [2012.12.14 14:36:31 | 000,002,432 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\lastminute.xml [2012.08.16 21:18:17 | 000,002,792 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Plusnetwork.xml [2012.07.24 19:04:26 | 000,002,339 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\Search.xml [2012.12.14 14:36:31 | 000,005,545 | ---- | M] () -- C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\searchplugins\webde-suche.xml [2012.12.06 16:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 16:13:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.06 16:13:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.23 10:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.24 19:02:12 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (appbario8 Toolbar) - {0CC09160-108C-4759-BAB1-5C12C216E005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [lxdoamon] C:\Program Files (x86)\Lexmark 9500 Series\lxdoamon.exe () O4:64bit: - HKLM..\Run: [lxdomon.exe] C:\Program Files (x86)\Lexmark 9500 Series\lxdomon.exe () O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B69BBBF-BBCF-4BDF-BEA1-A64A8CA283A8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited) O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MsConfig:64bit - StartUpReg: Lexmark 9500 Series - hkey= - key= - C:\Program Files (x86)\Lexmark 9500 Series\fm3032.exe () MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.17 14:07:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe [2012.12.17 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Malwarebytes [2012.12.17 09:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.17 09:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.17 09:34:59 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.17 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.14 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.12.14 15:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.12.14 15:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.12.14 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sophos [2012.12.14 14:45:00 | 000,154,952 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.12.14 14:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.12.13 09:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2012.12.13 09:40:47 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\PDF Architect [2012.12.13 09:34:35 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING [2012.12.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Documents\PDF Architect Files [2012.12.13 09:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2012.12.13 09:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\pdfforge [2012.12.13 09:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.12.13 09:33:36 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.12.13 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.12.13 09:32:23 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Programs [2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Blender [2012.12.13 09:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Blender [2012.12.13 07:36:53 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung_MAN [2012.12.12 11:17:26 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilders [2012.12.06 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.27 21:01:14 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bewerbung Michael [2012.11.27 21:00:13 | 000,000,000 | ---D | C] -- C:\Users\Daniela\Desktop\Bilder Oma und Opa [2012.11.22 19:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.22 19:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.22 19:24:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.17 14:07:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe [2012.12.17 14:02:28 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012a Startup Accelerator.job [2012.12.17 14:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.17 09:35:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 09:05:48 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 09:04:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.17 09:04:58 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.17 09:04:58 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 08:58:08 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.12.14 19:37:25 | 000,003,215 | ---- | M] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk [2012.12.14 14:45:00 | 000,154,952 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys [2012.12.14 14:42:26 | 000,037,440 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe [2012.12.14 14:28:55 | 000,000,375 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.12.14 07:45:48 | 000,273,758 | ---- | M] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf [2012.12.13 16:50:38 | 000,002,044 | -H-- | M] () -- C:\Users\Daniela\Documents\Default.rdp [2012.12.13 14:08:58 | 000,000,000 | ---- | M] () -- C:\Users\Daniela\Documents\NEWSOFT [2012.12.13 14:02:10 | 000,007,637 | ---- | M] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf [2012.12.13 13:55:51 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.13 09:46:23 | 001,357,837 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf [2012.12.13 09:43:08 | 000,648,398 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf [2012.12.13 09:40:43 | 000,715,168 | ---- | M] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf [2012.12.13 09:34:42 | 000,000,993 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk [2012.12.13 09:33:48 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.12.13 09:01:17 | 000,001,038 | ---- | M] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk [2012.12.13 08:48:00 | 002,475,720 | ---- | M] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF [2012.12.13 08:23:29 | 000,497,162 | ---- | M] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf [2012.12.07 09:56:16 | 000,291,235 | -H-- | M] () -- C:\Users\Daniela\Desktop\ZbThumbnail.info [2012.12.07 09:54:17 | 001,354,020 | ---- | M] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg [2012.11.22 19:24:56 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.17 09:35:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.14 19:37:25 | 000,003,215 | ---- | C] () -- C:\Users\Daniela\Desktop\Sophos Virus Removal Tool.lnk [2012.12.13 14:02:10 | 000,007,637 | ---- | C] () -- C:\Users\Daniela\Desktop\Abrechnung_Gehalt_MunichRe.pdf [2012.12.13 09:46:22 | 001,357,837 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_DMarquart.pdf [2012.12.13 09:43:08 | 000,648,398 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela Marquart.pdf [2012.12.13 09:40:42 | 000,715,168 | ---- | C] () -- C:\Users\Daniela\Desktop\Abiturzeugnis_Daniela_Marquart.pdf [2012.12.13 09:34:42 | 000,000,993 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Architect.lnk [2012.12.13 09:33:48 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.12.13 09:01:17 | 000,001,038 | ---- | C] () -- C:\Users\Daniela\Desktop\PDF Blender.lnk [2012.12.13 08:48:00 | 002,475,720 | ---- | C] () -- C:\Users\Daniela\Desktop\Praktikumszeugnis_MunichRe.PDF [2012.12.13 08:24:07 | 000,497,162 | ---- | C] () -- C:\Users\Daniela\Desktop\ToR_WPV_Marquart_Daniela.pdf [2012.12.08 11:10:27 | 000,273,758 | ---- | C] () -- C:\Users\Daniela\Desktop\Ummeldung_Gilla.pdf [2012.12.07 10:12:28 | 004,900,888 | ---- | C] () -- C:\Users\Daniela\Desktop\Michi.JPG [2012.12.07 09:54:16 | 001,354,020 | ---- | C] () -- C:\Users\Daniela\Desktop\ShannonFoto.jpg [2012.08.19 16:15:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.24 19:03:48 | 000,384,844 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods-speeddial.crx [2012.07.24 19:03:47 | 000,031,465 | ---- | C] () -- C:\Users\Daniela\AppData\Local\funmoods.crx [2012.07.21 13:59:00 | 011,632,640 | ---- | C] () -- C:\Users\Daniela\AppData\Roaming\Sandra.mdb [2012.07.21 13:57:56 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.21 13:48:14 | 000,028,672 | ---- | C] () -- C:\Windows\hookdllX.dll [2012.04.21 13:48:14 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll [2012.04.21 13:46:04 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdoinst.dll [2012.04.21 13:46:03 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdocomx.dll [2012.04.21 13:46:03 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoinpa.dll [2012.04.21 13:46:03 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoiesc.dll [2012.04.21 13:46:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdopmui.dll [2012.04.21 13:46:00 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdousb1.dll [2012.04.21 13:45:59 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoserv.dll [2012.04.21 13:45:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoprox.dll [2012.04.21 13:45:58 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdohbn3.dll [2012.04.21 13:45:58 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdolmpm.dll [2012.04.21 13:45:58 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdoih.exe [2012.04.21 13:45:57 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomc.dll [2012.04.21 13:45:57 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocoms.exe [2012.04.21 13:45:57 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocomm.dll [2012.04.21 13:45:56 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdocfg.exe [2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.10.26 00:38:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.10.26 00:38:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.12 21:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.22 16:15:56 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\9500 Series [2012.04.14 11:19:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\AbiSuite [2012.12.13 09:34:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\APP_NAME_NON_STRING [2012.07.24 19:02:06 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Babylon [2012.07.24 19:02:22 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BabylonToolbar [2012.12.17 14:12:11 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BrowserCompanion [2012.07.24 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canneverbe Limited [2012.04.23 06:09:25 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Canon [2012.12.17 08:59:31 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Dropbox [2012.08.16 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoft [2012.08.16 21:18:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.23 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\GHISLER [2012.04.21 16:50:28 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Lexmark Productivity Studio [2012.10.16 21:48:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\NewSoft [2012.12.13 09:40:49 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PDF Architect [2012.12.13 09:33:48 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\pdfforge [2012.04.23 07:07:55 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PhotoScape [2012.08.25 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\STRATO [2012.06.23 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.15 21:04:18 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.07.25 18:54:20 | 000,000,000 | ---D | M] -- C:\Intel [2012.04.21 13:55:24 | 000,000,000 | ---D | M] -- C:\logs [2012.04.14 16:58:21 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.06.23 15:49:11 | 000,000,000 | ---D | M] -- C:\numark DJ Pult Treiber [2012.06.17 19:20:41 | 000,000,000 | ---D | M] -- C:\Patent [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.14 15:30:45 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.17 09:34:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.17 09:35:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.04.09 14:55:42 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.04.09 15:23:12 | 000,000,000 | ---D | M] -- C:\savw_100_sa [2012.12.17 09:33:55 | 000,000,000 | ---D | M] -- C:\setups [2012.12.17 14:10:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.23 14:55:56 | 000,000,000 | ---D | M] -- C:\totalcmd [2012.06.23 16:49:56 | 000,000,000 | ---D | M] -- C:\Traktor nomml [2012.06.23 15:49:19 | 000,000,000 | ---D | M] -- C:\Traktor Pro DJ Software [2012.12.15 21:04:12 | 000,000,000 | R--D | M] -- C:\Users [2012.06.23 17:52:21 | 000,000,000 | ---D | M] -- C:\VDJ2 [2012.06.23 17:53:44 | 000,000,000 | ---D | M] -- C:\VDJ3 [2012.09.01 07:58:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.13 19:13:02 | 000,000,550 | ---- | C] () -- C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.01.26 22:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2012a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.17 14:10:25 | 002,621,440 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat [2012.12.17 14:10:25 | 000,262,144 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG1 [2012.04.09 14:55:52 | 000,000,000 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG2 [2012.04.09 14:58:14 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.04.09 14:58:14 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.09.01 09:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TM.blf [2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000001.regtrans-ms [2012.09.01 09:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{67b64025-f400-11e1-b18c-a726bb4730ce}.TMContainer00000000000000000002.regtrans-ms [2012.04.09 14:55:52 | 000,000,020 | -HS- | M] () -- C:\Users\Daniela\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > [2012.08.16 21:09:56 | 001,750,528 | ---- | M] (Yuna Software) -- C:\Users\Daniela\Local Settings\Temp\Browser_Helper_Companion_DE.exe [2012.07.25 22:26:45 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u34-windows-i586-iftw.exe [2012.08.29 13:07:10 | 000,908,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe [2012.10.01 17:44:51 | 000,912,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Daniela\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe [2012.08.05 08:09:04 | 025,653,936 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Daniela\Local Settings\Temp\SkypeSetup.exe [2012.08.16 21:25:46 | 000,666,272 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\softonic_ssk_conduit.exe [2012.06.23 16:48:47 | 001,873,032 | ---- | M] (215 Apps) -- C:\Users\Daniela\Local Settings\Temp\VidSaver14_20120508.exe [250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.dll > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniela\Local Settings\Temp\FirewallAPI.dll [2012.08.16 21:18:17 | 000,362,029 | ---- | M] () -- C:\Users\Daniela\Local Settings\Temp\sqlite3.dll [250 C:\Users\Daniela\Local Settings\Temp\*.tmp files -> C:\Users\Daniela\Local Settings\Temp\*.tmp -> ] < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
17.12.2012, 14:37
| #5 |
| | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Und hier der aus der Extra.txt Code:
ATTFilter OTL Extras logfile created on: 17.12.2012 14:08:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniela\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,63% Memory free
7,73 Gb Paging File | 5,54 Gb Available in Paging File | 71,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73,14 Gb Total Space | 16,15 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 224,85 Gb Total Space | 154,61 Gb Free Space | 68,76% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5226BC-E4EA-4166-AB8F-521D4645782C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1BF56D3D-5C33-4FC9-A617-421DD7373721}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{522A262B-5BE8-4C3F-AC41-62C2DDCDB6C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E81AC6C-A6A2-456B-A895-66F3C35A61F3}" = lport=139 | protocol=6 | dir=in | app=system |
"{649FB298-7795-4D7E-8D43-40687D597E98}" = lport=445 | protocol=6 | dir=in | app=system |
"{6A595F77-0580-462E-9444-A172D809B294}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E351B74-31BE-4ACB-A546-FB8FEBAF93A3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\rpcagentsrv.exe |
"{76492EDB-4883-448A-97B9-F4A0AA46B752}" = lport=10243 | protocol=6 | dir=in | app=system |
"{767FACEA-91A9-492D-AF21-EFFEB757B43D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{771DCB17-1EE3-45E7-949F-175039E2F370}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C6A87AC-FA87-4A1A-A921-F7E8DFC3EDE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81630A44-89EB-4749-8BD1-1FD6CCF67663}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83DE482F-D082-4334-B515-EB8EFC625059}" = lport=138 | protocol=17 | dir=in | app=system |
"{840B4F4A-4303-48AA-BBD1-A584B80CA947}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8B617B50-FFD9-4C70-B3A0-1247DEC49B4C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2012.sp4c\wnt500x64\rpcsandrasrv.exe |
"{932D09B9-3F8F-4058-88E3-533E4C3A323A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95313063-3A24-401B-A863-D05E828CA303}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B0C97BF-2256-4E52-8EBB-161EF57EE0B6}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D58C05D-0119-42E9-BD86-74C3BA9E54FA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0E0EA2E-5ACE-4A45-B346-480D16B3F07B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A8641D9F-FA8C-4440-8664-0C8837565D24}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BBCFAE4B-F6AF-4F0F-877C-C0F451053F99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DEE1C061-5384-4236-B08C-15FBD2B45DB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E90CA7B5-ADBF-48BD-ABF2-A2D361B7E938}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F4C17FE4-D039-438C-9A0D-C233FCAAC2C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{F72F8E4D-D435-4D3E-B88E-C0DF00DBE561}" = rport=138 | protocol=17 | dir=out | app=system |
"{F7959A64-EF2E-4F85-AA46-3703CDB00649}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0021B6DA-0AF2-4E50-B139-A3E1913977AF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{01D761E7-62FD-490E-A0C0-110BC45CC6E0}" = protocol=6 | dir=out | app=system |
"{137AA8DB-9C7A-4639-B462-5FA11399AAC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{141380F0-D124-4DD2-8390-7B30404C50CC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe |
"{2077D096-0209-4DD4-B341-78847BC4F2F7}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{212C070F-2285-4CC1-99BA-9ECBB514416A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{212C3BCA-F604-4626-803A-2337E27E92FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30657F83-BC65-43AB-A0A8-B5FB8EEFDF68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{31CF9225-D3FF-4C8E-AFF6-42A856FFF5E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{351DC4F3-21DE-4CD8-AF1F-58EEDB1AEC58}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe |
"{450BDF62-E2F3-43D0-97D3-5FFFF0E36264}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47418643-E062-47C7-B0C4-1ED40BF08C4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CB1C86D-934D-4A2B-AA15-BE3E0B7DC813}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EB2F145-0CE4-47C4-AD01-C05BF380727F}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\frun.exe |
"{5409AE5A-67C5-4F80-AB12-353FDA403BE0}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe |
"{571F0524-76D0-4B09-AB27-4C75BF79C576}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{58A6A6E5-6A04-439B-928E-9EE5902FF18C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{599A6D7B-02C2-412A-B0D0-796A96A57362}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdocoms.exe |
"{6548724C-F1AA-492B-88FD-82A2FBC6556E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6925CB2B-EEA8-46ED-919F-4CD89520EC56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6F039D07-152F-44BE-87A1-9A7DE5D9CA5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FF02524-9C51-4F26-A8E5-837FD910509F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe |
"{7B6A70E8-895F-4ACC-99FC-A0C641610C76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7CBABE19-6F7A-4339-9227-39F347DCC95D}" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"{7CEEA206-648C-4D53-BF0B-CE7FAC6239C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdocoms.exe |
"{7F169A79-3EC2-426B-BFA7-8DE615F8F49A}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocfg.exe |
"{8574990B-BCBB-4B4B-8575-4580DEB3DEB3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
"{9ED297B3-32CD-4B91-AA00-4B72D363102B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0058A6D-8099-4E2E-B83C-518A798CB086}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A74BA43F-8FB6-45D1-9586-FE682AAB2027}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AD26D55C-5D73-4F2D-8317-F96809171620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6FFDD5B-3923-4AE1-B9C7-E45CBE3169A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B7B0CCDD-ED41-4082-A091-43EB0C07EE36}" = protocol=17 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"{BA11B601-C57C-43AD-B222-1B9CD17DB057}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB4B2796-3A18-4C04-AF03-D1CB586D7A18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C60F8AE1-B077-47A5-8394-B61CD6E111D3}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{C82FC724-CCB2-417A-97D7-D089A264D809}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdofax.exe |
"{CAA1A207-1B0A-4CE8-AB9C-188153E2464D}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe |
"{D0D585EA-355B-48E4-A700-112A26DB5FF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D533F55B-06CF-441A-9FB7-2DEFA5987B7C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdoamon.exe |
"{DB7F2D53-6D15-4202-9FE0-3A7F58AFFAD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1DBCFDC-4829-4C85-97A8-EE1860974005}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E274C5D3-7F1D-4A1A-8A75-208919B78266}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
"{E89B9EB5-A1AA-430B-BD48-9BA5D726CC27}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9935C7E-C64A-40DD-98BC-8CE2043A6B06}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdopswx.exe |
"{F2B167AB-E071-4828-841D-8DE726F0B751}" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"{F331EF02-EBA7-48C8-B822-6B9758CDF825}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdotime.exe |
"{F8D70D8C-2611-41EC-A766-2FA4D698319B}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{FC232706-0BD5-4B49-A1E0-38CC5DA2829F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdocoms.exe |
"TCP Query User{11AD1681-9EE0-450B-A265-8E0A3815D992}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2D8DFF63-311C-44BC-99E4-BCA116438552}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
"TCP Query User{FDEA5079-5A15-4792-850F-15F29F400A6B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{0F7CF7A3-DB39-4153-BA7B-247B7DA1E9B5}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{24617DDD-98DC-4AEA-BF5E-861C692739FB}C:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniela\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{56679297-EED7-48FF-960A-FAECDFD8F2F6}C:\program files (x86)\lexmark 9500 series\lxdomon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 9500 series\lxdomon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Lexmark 9500 Series" = Lexmark 9500 Series
"Matlab R2012a" = MATLAB R2012a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"USB_AUDIO_DEusb-audio.deNumarkOMNICONTROL" = OMNI CONTROL USB Audio driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C42B0AD-3D32-4721-9665-AFD958AF6523}" = Remote Desktop
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.20
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B79920F8-AB6E-45B2-B257-900BBA969FF7}" = Presto! Forms 3.60.10
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.9.2
"appbario8 Toolbar" = appbario8 Toolbar
"BabylonToolbar" = Babylon toolbar on IE
"BrowserCompanion" = BrowserCompanion
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"funmoods" = Funmoods Web Search
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"PDF Blender" = PDF Blender
"pdfsam" = pdfsam
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SpecialSavings" = SpecialSavings
"STRATO HiDrive" = STRATO HiDrive (remove only)
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite" = Windows Live Essentials
"Wondershare Vivideo_is1" = Wondershare Vivideo(Build 2.0.0.12)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.12.2012 02:17:10 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_windows-live-movie-maker.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 14.12.2012 17:00:19 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\setups\SoftonicDownloader_fuer_wondershare-vivideo.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
Error - 15.12.2012 15:07:01 | Computer Name = Daniela-PC | Source = Sophos Anti-Virus | ID = 2424850
Description = Adware or PUA 'BProtector' was not removed because of errors.
Error - 15.12.2012 15:08:00 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.12.2012 13:08:15 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 04:00:01 | Computer Name = Daniela-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 04:16:43 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: lxdocoms.exe, version: 1.232.15.0, time
stamp: 0x46f2d8ff Faulting module name: lxdohbn3.dll, version: 1.232.15.0, time
stamp: 0x46f2d8d7 Exception code: 0xc0000005 Fault offset: 0x0000000000061053 Faulting
process id: 0x514 Faulting application start time: 0x01cddc2c50f929c0 Faulting application
path: C:\Windows\system32\lxdocoms.exe Faulting module path: C:\Windows\system32\lxdohbn3.dll
Report
Id: 1704df1d-4822-11e2-9cbb-00262d75d392
Error - 17.12.2012 09:07:46 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FRun.exe, version: 1.41.0.0, time stamp:
0x462e566d Faulting module name: lxdoDRS.dll_unloaded, version: 0.0.0.0, time stamp:
0x46e065c4 Exception code: 0xc0000005 Fault offset: 0x0a2c4c97 Faulting process id:
0x858 Faulting application start time: 0x01cddc2ecbd5a4ce Faulting application path:
C:\Program Files (x86)\Lexmark 9500 Series\FRun.exe Faulting module path: lxdoDRS.dll
Report
Id: bfdaee2e-484a-11e2-9cbb-00262d75d392
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.
Error - 17.12.2012 04:16:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
WINDOWS_ERROR_CODE XML Parser fatal error: Validate failed.
Error - 17.12.2012 04:16:37 | Computer Name = Daniela-PC | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
Error - 17.12.2012 04:56:39 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelProtocolDpdMgr::OnTimerExpired File: .\TunnelProtocolDpdMgr.cpp
Line:
277 Invoked Function: CTunnelProtocolDpdMgr::handleExpiredDPD Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS/CDTP
Error - 17.12.2012 05:18:34 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelStatusChange File: .\TunnelStateMgr.cpp
Line:
1309 Invoked Function: Tunnel status change callback status Return Code: -25952246
(0xFE74000A) Description: TUNNELPROTOCOLDPDMGR_ERROR_NO_DPD_RESPONSE:The secure
gateway failed to respond to Dead Peer Detection packets. DTLS
Error - 17.12.2012 06:57:13 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 23: Client PC is going into suspend mode (Sleep,
Hibernate, etc).
Error - 17.12.2012 06:57:26 | Computer Name = Daniela-PC | Source = acvpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\Proxy\BrowserProxy.cpp
Line:
1026 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
cannot find the file specified.
[ System Events ]
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 04:06:58 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 07.10.2012 04:08:11 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description =
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = PNRPSvc | ID = 102
Description =
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535
Error - 07.10.2012 05:16:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535
Error - 07.10.2012 05:16:09 | Computer Name = Daniela-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
17.12.2012, 15:52
| #6 |
| /// Malware-holic | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden |
|
17.12.2012, 16:32
| #7 |
| | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hallo hier das Ergebnis: Code:
ATTFilter 16:21:20.0685 5784 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:21:21.0013 5784 ============================================================
16:21:21.0013 5784 Current date / time: 2012/12/17 16:21:21.0013
16:21:21.0013 5784 SystemInfo:
16:21:21.0013 5784
16:21:21.0013 5784 OS Version: 6.1.7601 ServicePack: 1.0
16:21:21.0013 5784 Product type: Workstation
16:21:21.0013 5784 ComputerName: DANIELA-PC
16:21:21.0013 5784 UserName: Daniela
16:21:21.0013 5784 Windows directory: C:\Windows
16:21:21.0013 5784 System windows directory: C:\Windows
16:21:21.0013 5784 Running under WOW64
16:21:21.0013 5784 Processor architecture: Intel x64
16:21:21.0013 5784 Number of processors: 4
16:21:21.0013 5784 Page size: 0x1000
16:21:21.0013 5784 Boot type: Normal boot
16:21:21.0013 5784 ============================================================
16:21:22.0542 5784 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:22.0542 5784 ============================================================
16:21:22.0542 5784 \Device\Harddisk0\DR0:
16:21:22.0542 5784 MBR partitions:
16:21:22.0542 5784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:21:22.0542 5784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x924A000
16:21:22.0542 5784 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x927C800, BlocksNum 0x1C1B1800
16:21:22.0542 5784 ============================================================
16:21:22.0573 5784 C: <-> \Device\Harddisk0\DR0\Partition2
16:21:22.0604 5784 D: <-> \Device\Harddisk0\DR0\Partition3
16:21:22.0604 5784 ============================================================
16:21:22.0604 5784 Initialize success
16:21:22.0604 5784 ============================================================
16:22:02.0852 3776 ============================================================
16:22:02.0852 3776 Scan started
16:22:02.0852 3776 Mode: Manual; SigCheck; TDLFS;
16:22:02.0852 3776 ============================================================
16:22:08.0983 3776 ================ Scan system memory ========================
16:22:08.0983 3776 System memory - ok
16:22:08.0983 3776 ================ Scan services =============================
16:22:09.0123 3776 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:22:09.0232 3776 1394ohci - ok
16:22:09.0264 3776 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:22:09.0295 3776 ACPI - ok
16:22:09.0326 3776 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:22:09.0435 3776 AcpiPmi - ok
16:22:09.0513 3776 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
16:22:09.0732 3776 acsock - ok
16:22:09.0778 3776 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:22:09.0810 3776 adp94xx - ok
16:22:09.0856 3776 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:22:09.0888 3776 adpahci - ok
16:22:09.0903 3776 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:22:09.0934 3776 adpu320 - ok
16:22:09.0966 3776 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:22:10.0371 3776 AeLookupSvc - ok
16:22:10.0418 3776 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:22:10.0480 3776 AFD - ok
16:22:10.0512 3776 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:22:10.0543 3776 agp440 - ok
16:22:10.0590 3776 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:22:10.0683 3776 ALG - ok
16:22:10.0714 3776 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:22:10.0730 3776 aliide - ok
16:22:10.0761 3776 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:22:10.0886 3776 AMD External Events Utility - ok
16:22:10.0917 3776 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:22:10.0933 3776 amdide - ok
16:22:10.0980 3776 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:22:11.0011 3776 AmdK8 - ok
16:22:11.0245 3776 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:22:11.0572 3776 amdkmdag - ok
16:22:11.0604 3776 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:22:11.0635 3776 amdkmdap - ok
16:22:11.0666 3776 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:22:11.0713 3776 AmdPPM - ok
16:22:11.0760 3776 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:22:11.0791 3776 amdsata - ok
16:22:11.0822 3776 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:22:11.0853 3776 amdsbs - ok
16:22:11.0869 3776 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:22:11.0900 3776 amdxata - ok
16:22:11.0916 3776 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:22:12.0087 3776 AppID - ok
16:22:12.0103 3776 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:22:12.0181 3776 AppIDSvc - ok
16:22:12.0212 3776 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:22:12.0274 3776 Appinfo - ok
16:22:12.0337 3776 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:22:12.0384 3776 AppMgmt - ok
16:22:12.0399 3776 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:22:12.0430 3776 arc - ok
16:22:12.0462 3776 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:22:12.0493 3776 arcsas - ok
16:22:12.0649 3776 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:22:12.0680 3776 aspnet_state - ok
16:22:12.0727 3776 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:22:12.0789 3776 AsyncMac - ok
16:22:12.0836 3776 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:22:12.0852 3776 atapi - ok
16:22:12.0945 3776 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:22:13.0023 3776 athr - ok
16:22:13.0086 3776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:22:13.0195 3776 AudioEndpointBuilder - ok
16:22:13.0210 3776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:22:13.0288 3776 AudioSrv - ok
16:22:13.0320 3776 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:22:13.0413 3776 AxInstSV - ok
16:22:13.0460 3776 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:22:13.0522 3776 b06bdrv - ok
16:22:13.0554 3776 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:22:13.0585 3776 b57nd60a - ok
16:22:13.0819 3776 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:22:13.0850 3776 BBSvc - ok
16:22:13.0959 3776 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:22:13.0990 3776 BBUpdate - ok
16:22:14.0022 3776 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:22:14.0084 3776 BDESVC - ok
16:22:14.0131 3776 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:22:14.0193 3776 Beep - ok
16:22:14.0256 3776 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:22:14.0349 3776 BFE - ok
16:22:14.0396 3776 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:22:14.0505 3776 BITS - ok
16:22:14.0552 3776 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:22:14.0568 3776 blbdrive - ok
16:22:14.0599 3776 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:22:14.0646 3776 bowser - ok
16:22:14.0661 3776 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:22:14.0724 3776 BrFiltLo - ok
16:22:14.0724 3776 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:22:14.0739 3776 BrFiltUp - ok
16:22:14.0770 3776 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:22:14.0817 3776 Browser - ok
16:22:14.0833 3776 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:22:14.0895 3776 Brserid - ok
16:22:14.0895 3776 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:22:14.0926 3776 BrSerWdm - ok
16:22:14.0942 3776 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:22:14.0973 3776 BrUsbMdm - ok
16:22:14.0973 3776 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:22:15.0004 3776 BrUsbSer - ok
16:22:15.0004 3776 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:22:15.0036 3776 BTHMODEM - ok
16:22:15.0082 3776 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:22:15.0145 3776 bthserv - ok
16:22:15.0160 3776 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:22:15.0223 3776 cdfs - ok
16:22:15.0270 3776 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:22:15.0316 3776 cdrom - ok
16:22:15.0410 3776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:22:15.0535 3776 CertPropSvc - ok
16:22:15.0582 3776 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:22:15.0613 3776 circlass - ok
16:22:15.0628 3776 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:22:15.0675 3776 CLFS - ok
16:22:15.0722 3776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:22:15.0800 3776 clr_optimization_v2.0.50727_32 - ok
16:22:15.0847 3776 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:22:15.0878 3776 clr_optimization_v2.0.50727_64 - ok
16:22:15.0940 3776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:22:16.0050 3776 clr_optimization_v4.0.30319_32 - ok
16:22:16.0050 3776 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:22:16.0081 3776 clr_optimization_v4.0.30319_64 - ok
16:22:16.0128 3776 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:22:16.0159 3776 CmBatt - ok
16:22:16.0174 3776 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:22:16.0206 3776 cmdide - ok
16:22:16.0237 3776 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:22:16.0284 3776 CNG - ok
16:22:16.0299 3776 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:22:16.0330 3776 Compbatt - ok
16:22:16.0346 3776 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:22:16.0377 3776 CompositeBus - ok
16:22:16.0393 3776 COMSysApp - ok
16:22:16.0408 3776 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:22:16.0424 3776 crcdisk - ok
16:22:16.0471 3776 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:22:16.0518 3776 CryptSvc - ok
16:22:16.0564 3776 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:22:16.0642 3776 CSC - ok
16:22:16.0689 3776 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:22:16.0736 3776 CscService - ok
16:22:16.0783 3776 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
16:22:16.0814 3776 CVirtA - ok
16:22:16.0876 3776 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:22:17.0126 3776 CVPND - ok
16:22:17.0173 3776 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
16:22:17.0188 3776 CVPNDRVA - ok
16:22:17.0251 3776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:22:17.0313 3776 DcomLaunch - ok
16:22:17.0344 3776 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:22:17.0438 3776 defragsvc - ok
16:22:17.0469 3776 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:22:17.0532 3776 DfsC - ok
16:22:17.0563 3776 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:22:17.0625 3776 Dhcp - ok
16:22:17.0641 3776 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:22:17.0703 3776 discache - ok
16:22:17.0750 3776 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:22:17.0766 3776 Disk - ok
16:22:17.0812 3776 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:22:17.0859 3776 dmvsc - ok
16:22:17.0906 3776 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
16:22:17.0922 3776 DNE - ok
16:22:17.0968 3776 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:22:18.0031 3776 Dnscache - ok
16:22:18.0062 3776 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:22:18.0124 3776 dot3svc - ok
16:22:18.0140 3776 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:22:18.0218 3776 DPS - ok
16:22:18.0249 3776 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:22:18.0296 3776 drmkaud - ok
16:22:18.0327 3776 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:22:18.0405 3776 DXGKrnl - ok
16:22:18.0436 3776 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:22:18.0514 3776 EapHost - ok
16:22:18.0592 3776 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:22:18.0686 3776 ebdrv - ok
16:22:18.0717 3776 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:22:18.0780 3776 EFS - ok
16:22:18.0858 3776 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:22:18.0920 3776 ehRecvr - ok
16:22:18.0936 3776 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:22:18.0967 3776 ehSched - ok
16:22:18.0998 3776 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
16:22:19.0029 3776 ElbyCDIO - ok
16:22:19.0076 3776 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:22:19.0107 3776 elxstor - ok
16:22:19.0123 3776 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:22:19.0154 3776 ErrDev - ok
16:22:19.0201 3776 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:22:19.0263 3776 EventSystem - ok
16:22:19.0279 3776 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:22:19.0341 3776 exfat - ok
16:22:19.0372 3776 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:22:19.0435 3776 fastfat - ok
16:22:19.0466 3776 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:22:19.0528 3776 Fax - ok
16:22:19.0544 3776 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:22:19.0575 3776 fdc - ok
16:22:19.0591 3776 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:22:19.0638 3776 fdPHost - ok
16:22:19.0653 3776 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:22:19.0716 3776 FDResPub - ok
16:22:19.0747 3776 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:22:19.0778 3776 FileInfo - ok
16:22:19.0794 3776 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:22:19.0840 3776 Filetrace - ok
16:22:19.0840 3776 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:22:19.0872 3776 flpydisk - ok
16:22:19.0887 3776 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:22:19.0903 3776 FltMgr - ok
16:22:19.0950 3776 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
16:22:20.0043 3776 FontCache - ok
16:22:20.0106 3776 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:22:20.0152 3776 FontCache3.0.0.0 - ok
16:22:20.0168 3776 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:22:20.0199 3776 FsDepends - ok
16:22:20.0230 3776 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:22:20.0246 3776 Fs_Rec - ok
16:22:20.0277 3776 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:22:20.0308 3776 fvevol - ok
16:22:20.0324 3776 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:22:20.0355 3776 gagp30kx - ok
16:22:20.0386 3776 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:22:20.0464 3776 gpsvc - ok
16:22:20.0480 3776 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:22:20.0558 3776 hcw85cir - ok
16:22:20.0574 3776 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:22:20.0636 3776 HdAudAddService - ok
16:22:20.0667 3776 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:22:20.0714 3776 HDAudBus - ok
16:22:20.0776 3776 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:22:20.0792 3776 HECIx64 - ok
16:22:20.0808 3776 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:22:20.0854 3776 HidBatt - ok
16:22:20.0854 3776 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:22:20.0932 3776 HidBth - ok
16:22:20.0932 3776 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:22:20.0964 3776 HidIr - ok
16:22:20.0995 3776 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:22:21.0057 3776 hidserv - ok
16:22:21.0088 3776 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:22:21.0120 3776 HidUsb - ok
16:22:21.0151 3776 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:22:21.0260 3776 hkmsvc - ok
16:22:21.0276 3776 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:22:21.0354 3776 HomeGroupListener - ok
16:22:21.0385 3776 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:22:21.0432 3776 HomeGroupProvider - ok
16:22:21.0478 3776 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:22:21.0494 3776 HpSAMD - ok
16:22:21.0541 3776 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:22:21.0634 3776 HTTP - ok
16:22:21.0650 3776 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:22:21.0681 3776 hwpolicy - ok
16:22:21.0697 3776 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:22:21.0728 3776 i8042prt - ok
16:22:21.0775 3776 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:22:21.0806 3776 iaStorV - ok
16:22:21.0868 3776 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:22:21.0993 3776 idsvc - ok
16:22:22.0009 3776 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:22:22.0024 3776 iirsp - ok
16:22:22.0071 3776 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:22:22.0165 3776 IKEEXT - ok
16:22:22.0212 3776 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
16:22:22.0243 3776 Impcd - ok
16:22:22.0274 3776 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:22:22.0290 3776 intelide - ok
16:22:22.0321 3776 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:22:22.0352 3776 intelppm - ok
16:22:22.0383 3776 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:22:22.0446 3776 IPBusEnum - ok
16:22:22.0461 3776 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:22:22.0524 3776 IpFilterDriver - ok
16:22:22.0570 3776 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:22:22.0617 3776 iphlpsvc - ok
16:22:22.0648 3776 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:22:22.0695 3776 IPMIDRV - ok
16:22:22.0711 3776 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:22:22.0789 3776 IPNAT - ok
16:22:22.0804 3776 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:22:22.0836 3776 IRENUM - ok
16:22:22.0851 3776 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:22:22.0867 3776 isapnp - ok
16:22:22.0898 3776 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:22:22.0914 3776 iScsiPrt - ok
16:22:22.0960 3776 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
16:22:22.0992 3776 k57nd60a - ok
16:22:23.0023 3776 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:22:23.0054 3776 kbdclass - ok
16:22:23.0070 3776 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:22:23.0101 3776 kbdhid - ok
16:22:23.0116 3776 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:22:23.0148 3776 KeyIso - ok
16:22:23.0194 3776 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:22:23.0210 3776 KSecDD - ok
16:22:23.0226 3776 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:22:23.0241 3776 KSecPkg - ok
16:22:23.0288 3776 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:22:23.0350 3776 ksthunk - ok
16:22:23.0397 3776 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:22:23.0460 3776 KtmRm - ok
16:22:23.0491 3776 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:22:23.0553 3776 LanmanServer - ok
16:22:23.0584 3776 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:23.0647 3776 LanmanWorkstation - ok
16:22:23.0678 3776 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:22:23.0740 3776 lltdio - ok
16:22:23.0772 3776 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:22:23.0865 3776 lltdsvc - ok
16:22:23.0881 3776 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:22:23.0928 3776 lmhosts - ok
16:22:23.0990 3776 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:22:24.0099 3776 LMS - ok
16:22:24.0146 3776 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:22:24.0177 3776 LSI_FC - ok
16:22:24.0193 3776 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:22:24.0208 3776 LSI_SAS - ok
16:22:24.0224 3776 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:22:24.0255 3776 LSI_SAS2 - ok
16:22:24.0271 3776 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:22:24.0286 3776 LSI_SCSI - ok
16:22:24.0302 3776 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:22:24.0364 3776 luafv - ok
16:22:24.0505 3776 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
16:22:24.0645 3776 LVUVC64 - ok
16:22:24.0692 3776 [ 741083526BA1C6217D7E664BB86CFA62 ] lxdoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe
16:22:24.0754 3776 lxdoCATSCustConnectService - ok
16:22:24.0801 3776 lxdo_device - ok
16:22:24.0817 3776 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:22:24.0864 3776 Mcx2Svc - ok
16:22:24.0895 3776 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:22:24.0910 3776 megasas - ok
16:22:24.0942 3776 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:22:24.0973 3776 MegaSR - ok
16:22:25.0066 3776 Microsoft SharePoint Workspace Audit Service - ok
16:22:25.0098 3776 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:22:25.0160 3776 MMCSS - ok
16:22:25.0191 3776 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:22:25.0238 3776 Modem - ok
16:22:25.0285 3776 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:22:25.0316 3776 monitor - ok
16:22:25.0347 3776 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:22:25.0363 3776 mouclass - ok
16:22:25.0378 3776 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:22:25.0410 3776 mouhid - ok
16:22:25.0425 3776 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:22:25.0456 3776 mountmgr - ok
16:22:25.0519 3776 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:22:25.0581 3776 MozillaMaintenance - ok
16:22:25.0628 3776 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:22:25.0659 3776 mpio - ok
16:22:25.0706 3776 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:22:25.0753 3776 mpsdrv - ok
16:22:26.0002 3776 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:22:26.0065 3776 MpsSvc - ok
16:22:26.0096 3776 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:22:26.0127 3776 MRxDAV - ok
16:22:26.0158 3776 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:26.0221 3776 mrxsmb - ok
16:22:26.0252 3776 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:26.0268 3776 mrxsmb10 - ok
16:22:26.0283 3776 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:26.0314 3776 mrxsmb20 - ok
16:22:26.0330 3776 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:22:26.0361 3776 msahci - ok
16:22:26.0377 3776 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:22:26.0408 3776 msdsm - ok
16:22:26.0424 3776 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:22:26.0470 3776 MSDTC - ok
16:22:26.0486 3776 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:22:26.0533 3776 Msfs - ok
16:22:26.0564 3776 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:22:26.0626 3776 mshidkmdf - ok
16:22:26.0642 3776 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:22:26.0673 3776 msisadrv - ok
16:22:26.0689 3776 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:22:26.0782 3776 MSiSCSI - ok
16:22:26.0782 3776 msiserver - ok
16:22:26.0814 3776 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:22:26.0876 3776 MSKSSRV - ok
16:22:26.0907 3776 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:26.0970 3776 MSPCLOCK - ok
16:22:26.0985 3776 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:22:27.0048 3776 MSPQM - ok
16:22:27.0063 3776 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:22:27.0094 3776 MsRPC - ok
16:22:27.0126 3776 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:22:27.0141 3776 mssmbios - ok
16:22:27.0172 3776 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:22:27.0250 3776 MSTEE - ok
16:22:27.0250 3776 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:22:27.0282 3776 MTConfig - ok
16:22:27.0297 3776 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:22:27.0328 3776 Mup - ok
16:22:27.0360 3776 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:22:27.0438 3776 napagent - ok
16:22:27.0469 3776 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:22:27.0516 3776 NativeWifiP - ok
16:22:27.0578 3776 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:22:27.0640 3776 NDIS - ok
16:22:27.0672 3776 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:27.0718 3776 NdisCap - ok
16:22:27.0750 3776 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:27.0796 3776 NdisTapi - ok
16:22:27.0828 3776 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:27.0890 3776 Ndisuio - ok
16:22:27.0921 3776 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:27.0968 3776 NdisWan - ok
16:22:27.0999 3776 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:22:28.0046 3776 NDProxy - ok
16:22:28.0062 3776 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:22:28.0124 3776 NetBIOS - ok
16:22:28.0140 3776 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:22:28.0202 3776 NetBT - ok
16:22:28.0233 3776 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:22:28.0249 3776 Netlogon - ok
16:22:28.0296 3776 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:22:28.0374 3776 Netman - ok
16:22:28.0421 3776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0499 3776 NetMsmqActivator - ok
16:22:28.0499 3776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0577 3776 NetPipeActivator - ok
16:22:28.0608 3776 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:22:28.0701 3776 netprofm - ok
16:22:28.0701 3776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0779 3776 NetTcpActivator - ok
16:22:28.0795 3776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:28.0873 3776 NetTcpPortSharing - ok
16:22:28.0904 3776 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:22:28.0935 3776 nfrd960 - ok
16:22:28.0967 3776 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:22:29.0013 3776 NlaSvc - ok
16:22:29.0029 3776 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:22:29.0091 3776 Npfs - ok
16:22:29.0107 3776 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:22:29.0169 3776 nsi - ok
16:22:29.0185 3776 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:22:29.0263 3776 nsiproxy - ok
16:22:29.0325 3776 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:22:29.0419 3776 Ntfs - ok
16:22:29.0435 3776 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:22:29.0497 3776 Null - ok
16:22:29.0559 3776 [ AF01555FCE33E082620FBCAD1FE94659 ] NUMARK_OMNICONTROL C:\Windows\system32\Drivers\nkc2_usb.sys
16:22:29.0591 3776 NUMARK_OMNICONTROL - ok
16:22:29.0622 3776 [ 971EFC2F6B5B0211B6A72DE9B8FA592C ] NUMARK_OMNICONTROL_MIDI C:\Windows\system32\drivers\nkc2midi.sys
16:22:29.0653 3776 NUMARK_OMNICONTROL_MIDI - ok
16:22:29.0700 3776 [ 32AE97717A9876390FFC1632A6E5D93C ] NUMARK_OMNICONTROL_WDM C:\Windows\system32\drivers\nkc2_wdm.sys
16:22:29.0715 3776 NUMARK_OMNICONTROL_WDM - ok
16:22:29.0762 3776 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:22:29.0778 3776 nvraid - ok
16:22:29.0809 3776 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:22:29.0825 3776 nvstor - ok
16:22:29.0840 3776 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:22:29.0871 3776 nv_agp - ok
16:22:29.0887 3776 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:22:29.0903 3776 ohci1394 - ok
16:22:29.0981 3776 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:22:30.0012 3776 ose64 - ok
16:22:30.0168 3776 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:22:30.0683 3776 osppsvc - ok
16:22:30.0792 3776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:22:30.0854 3776 p2pimsvc - ok
16:22:30.0885 3776 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:22:30.0917 3776 p2psvc - ok
16:22:30.0932 3776 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:22:30.0963 3776 Parport - ok
16:22:31.0026 3776 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:22:31.0057 3776 partmgr - ok
16:22:31.0073 3776 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:22:31.0119 3776 PcaSvc - ok
16:22:31.0135 3776 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:22:31.0166 3776 pci - ok
16:22:31.0182 3776 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:22:31.0213 3776 pciide - ok
16:22:31.0229 3776 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:22:31.0260 3776 pcmcia - ok
16:22:31.0275 3776 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:22:31.0291 3776 pcw - ok
16:22:31.0400 3776 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
16:22:31.0931 3776 PDF Architect Helper Service - ok
16:22:32.0040 3776 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
16:22:32.0102 3776 PDF Architect Service - ok
16:22:32.0133 3776 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:22:32.0180 3776 PEAUTH - ok
16:22:32.0227 3776 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:22:32.0321 3776 PeerDistSvc - ok
16:22:32.0430 3776 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:22:32.0461 3776 PerfHost - ok
16:22:32.0523 3776 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:22:32.0617 3776 pla - ok
16:22:32.0648 3776 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:22:32.0711 3776 PlugPlay - ok
16:22:32.0742 3776 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:22:32.0773 3776 PNRPAutoReg - ok
16:22:32.0851 3776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:22:32.0867 3776 PNRPsvc - ok
16:22:32.0913 3776 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:22:32.0991 3776 PolicyAgent - ok
16:22:33.0023 3776 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:22:33.0085 3776 Power - ok
16:22:33.0116 3776 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:22:33.0194 3776 PptpMiniport - ok
16:22:33.0210 3776 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:22:33.0257 3776 Processor - ok
16:22:33.0288 3776 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:22:33.0350 3776 ProfSvc - ok
16:22:33.0350 3776 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:22:33.0381 3776 ProtectedStorage - ok
16:22:33.0397 3776 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:22:33.0459 3776 Psched - ok
16:22:33.0522 3776 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:22:33.0584 3776 ql2300 - ok
16:22:33.0600 3776 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:22:33.0615 3776 ql40xx - ok
16:22:33.0647 3776 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:22:33.0678 3776 QWAVE - ok
16:22:33.0693 3776 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:22:33.0740 3776 QWAVEdrv - ok
16:22:33.0756 3776 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:22:33.0803 3776 RasAcd - ok
16:22:33.0849 3776 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:33.0896 3776 RasAgileVpn - ok
16:22:33.0912 3776 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:22:34.0005 3776 RasAuto - ok
16:22:34.0021 3776 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:34.0099 3776 Rasl2tp - ok
16:22:34.0130 3776 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:22:34.0193 3776 RasMan - ok
16:22:34.0208 3776 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:34.0271 3776 RasPppoe - ok
16:22:34.0286 3776 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:22:34.0349 3776 RasSstp - ok
16:22:34.0364 3776 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:22:34.0442 3776 rdbss - ok
16:22:34.0473 3776 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:22:34.0505 3776 rdpbus - ok
16:22:34.0520 3776 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:22:34.0583 3776 RDPCDD - ok
16:22:34.0629 3776 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:22:34.0661 3776 RDPDR - ok
16:22:34.0676 3776 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:22:34.0739 3776 RDPENCDD - ok
16:22:34.0785 3776 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:22:34.0832 3776 RDPREFMP - ok
16:22:34.0863 3776 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:22:34.0895 3776 RDPWD - ok
16:22:34.0926 3776 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:22:34.0957 3776 rdyboost - ok
16:22:34.0973 3776 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:22:35.0035 3776 RemoteAccess - ok
16:22:35.0066 3776 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:22:35.0113 3776 RemoteRegistry - ok
16:22:35.0129 3776 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:22:35.0191 3776 RpcEptMapper - ok
16:22:35.0207 3776 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:22:35.0238 3776 RpcLocator - ok
16:22:35.0253 3776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:22:35.0300 3776 RpcSs - ok
16:22:35.0347 3776 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:22:35.0394 3776 rspndr - ok
16:22:35.0425 3776 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:22:35.0456 3776 s3cap - ok
16:22:35.0472 3776 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:22:35.0503 3776 SamSs - ok
16:22:35.0597 3776 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\Sandra.sys
16:22:35.0628 3776 SANDRA - ok
16:22:35.0659 3776 [ 6858620E6EF1DF704366ACD45A317AD2 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe
16:22:35.0721 3776 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
16:22:35.0721 3776 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
16:22:35.0799 3776 [ 4DCFF3FC0FB89384D22AE35144B44D8A ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
16:22:35.0831 3776 SAVAdminService - ok
16:22:35.0862 3776 [ C3999EF390EB460A636E9FFBA040BF8A ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
16:22:35.0893 3776 SAVOnAccess - ok
16:22:35.0909 3776 [ D31E18B53B0E52C234568BB61EEC7940 ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
16:22:35.0940 3776 SAVService - ok
16:22:35.0955 3776 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:22:35.0987 3776 sbp2port - ok
16:22:36.0018 3776 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:22:36.0065 3776 SCardSvr - ok
16:22:36.0096 3776 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:22:36.0158 3776 scfilter - ok
16:22:36.0189 3776 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:22:36.0299 3776 Schedule - ok
16:22:36.0330 3776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:22:36.0377 3776 SCPolicySvc - ok
16:22:36.0408 3776 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
16:22:36.0423 3776 sdcfilter - ok
16:22:36.0455 3776 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:22:36.0517 3776 SDRSVC - ok
16:22:36.0548 3776 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:22:36.0611 3776 secdrv - ok
16:22:36.0626 3776 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:22:36.0673 3776 seclogon - ok
16:22:36.0689 3776 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:22:36.0751 3776 SENS - ok
16:22:36.0767 3776 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:22:36.0829 3776 SensrSvc - ok
16:22:36.0829 3776 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:22:36.0876 3776 Serenum - ok
16:22:36.0907 3776 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:22:36.0938 3776 Serial - ok
16:22:36.0954 3776 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:22:36.0969 3776 sermouse - ok
16:22:37.0001 3776 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:22:37.0063 3776 SessionEnv - ok
16:22:37.0063 3776 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:22:37.0094 3776 sffdisk - ok
16:22:37.0110 3776 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:22:37.0141 3776 sffp_mmc - ok
16:22:37.0141 3776 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:22:37.0172 3776 sffp_sd - ok
16:22:37.0172 3776 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:22:37.0203 3776 sfloppy - ok
16:22:37.0235 3776 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:22:37.0578 3776 SharedAccess - ok
16:22:37.0749 3776 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:37.0812 3776 ShellHWDetection - ok
16:22:37.0859 3776 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:22:37.0890 3776 SiSRaid2 - ok
16:22:37.0905 3776 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:22:37.0937 3776 SiSRaid4 - ok
16:22:37.0999 3776 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:22:38.0202 3776 SkypeUpdate - ok
16:22:38.0217 3776 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:22:38.0264 3776 Smb - ok
16:22:38.0311 3776 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:22:38.0358 3776 SNMPTRAP - ok
16:22:38.0420 3776 [ 3F04E2F60FEAAF96D144C9462575FD24 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
16:22:38.0451 3776 Sophos AutoUpdate Service - ok
16:22:38.0498 3776 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
16:22:38.0576 3776 Sophos Web Control Service - ok
16:22:38.0607 3776 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
16:22:38.0623 3776 SophosBootDriver - ok
16:22:38.0639 3776 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:22:38.0670 3776 spldr - ok
16:22:38.0717 3776 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:22:38.0763 3776 Spooler - ok
16:22:38.0873 3776 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:22:39.0153 3776 sppsvc - ok
16:22:39.0216 3776 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:22:39.0341 3776 sppuinotify - ok
16:22:39.0512 3776 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:22:39.0575 3776 srv - ok
16:22:39.0590 3776 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:22:39.0637 3776 srv2 - ok
16:22:39.0684 3776 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:22:39.0699 3776 srvnet - ok
16:22:39.0746 3776 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:22:39.0809 3776 SSDPSRV - ok
16:22:39.0824 3776 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:22:39.0871 3776 SstpSvc - ok
16:22:39.0902 3776 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:22:39.0933 3776 stexstor - ok
16:22:39.0965 3776 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:22:39.0996 3776 stisvc - ok
16:22:40.0027 3776 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:22:40.0043 3776 storflt - ok
16:22:40.0074 3776 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:22:40.0121 3776 StorSvc - ok
16:22:40.0167 3776 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:22:40.0183 3776 storvsc - ok
16:22:40.0261 3776 [ DD7F11E64E90043B895724DBDC668CD7 ] STRATO HiDrive Service C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
16:22:40.0277 3776 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - warning
16:22:40.0277 3776 STRATO HiDrive Service - detected UnsignedFile.Multi.Generic (1)
16:22:40.0308 3776 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:22:40.0323 3776 swenum - ok
16:22:40.0433 3776 [ 4402D541DA0413CB128D0455E9753B60 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
16:22:40.0854 3776 swi_service - ok
16:22:40.0947 3776 [ 79FF2406BB7EB7DACB12EE3DBF8F91AE ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
16:22:41.0072 3776 swi_update_64 - ok
16:22:41.0088 3776 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:22:41.0166 3776 swprv - ok
16:22:41.0213 3776 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:22:41.0337 3776 SysMain - ok
16:22:41.0369 3776 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:41.0400 3776 TabletInputService - ok
16:22:41.0431 3776 [ BCD6A90D6FD757CE9C29DDC850F7F231 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
16:22:41.0478 3776 tap0901 - ok
16:22:41.0509 3776 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:22:41.0571 3776 TapiSrv - ok
16:22:41.0587 3776 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:22:41.0634 3776 TBS - ok
16:22:41.0712 3776 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:22:41.0821 3776 Tcpip - ok
16:22:41.0868 3776 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:22:41.0930 3776 TCPIP6 - ok
16:22:41.0977 3776 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:22:42.0008 3776 tcpipreg - ok
16:22:42.0024 3776 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:22:42.0086 3776 TDPIPE - ok
16:22:42.0117 3776 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:22:42.0149 3776 TDTCP - ok
16:22:42.0164 3776 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:22:42.0211 3776 tdx - ok
16:22:42.0227 3776 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:22:42.0258 3776 TermDD - ok
16:22:42.0289 3776 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:22:42.0383 3776 TermService - ok
16:22:42.0398 3776 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:22:42.0414 3776 Themes - ok
16:22:42.0429 3776 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:22:42.0492 3776 THREADORDER - ok
16:22:42.0492 3776 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:22:42.0570 3776 TrkWks - ok
16:22:42.0617 3776 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:42.0679 3776 TrustedInstaller - ok
16:22:42.0710 3776 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:22:42.0773 3776 tssecsrv - ok
16:22:42.0788 3776 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:22:42.0819 3776 TsUsbFlt - ok
16:22:42.0835 3776 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:22:42.0866 3776 TsUsbGD - ok
16:22:42.0897 3776 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:22:42.0960 3776 tunnel - ok
16:22:42.0975 3776 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:22:42.0991 3776 uagp35 - ok
16:22:43.0007 3776 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:22:43.0069 3776 udfs - ok
16:22:43.0116 3776 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:22:43.0131 3776 UI0Detect - ok
16:22:43.0147 3776 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:22:43.0163 3776 uliagpkx - ok
16:22:43.0194 3776 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:22:43.0225 3776 umbus - ok
16:22:43.0241 3776 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:22:43.0272 3776 UmPass - ok
16:22:43.0303 3776 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:22:43.0350 3776 UmRdpService - ok
16:22:43.0412 3776 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:22:43.0459 3776 UMVPFSrv - ok
16:22:43.0584 3776 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:22:43.0943 3776 UNS - ok
16:22:43.0974 3776 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:22:44.0021 3776 upnphost - ok
16:22:44.0083 3776 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:22:44.0114 3776 usbaudio - ok
16:22:44.0145 3776 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:22:44.0177 3776 usbccgp - ok
16:22:44.0223 3776 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:22:44.0255 3776 usbcir - ok
16:22:44.0255 3776 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:22:44.0301 3776 usbehci - ok
16:22:44.0333 3776 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:22:44.0379 3776 usbhub - ok
16:22:44.0411 3776 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:22:44.0442 3776 usbohci - ok
16:22:44.0473 3776 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:22:44.0520 3776 usbprint - ok
16:22:44.0551 3776 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:22:44.0567 3776 usbscan - ok
16:22:44.0613 3776 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:22:44.0676 3776 USBSTOR - ok
16:22:44.0707 3776 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:22:44.0754 3776 usbuhci - ok
16:22:44.0785 3776 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:22:44.0816 3776 usbvideo - ok
16:22:44.0847 3776 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:22:44.0910 3776 UxSms - ok
16:22:44.0925 3776 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:22:44.0941 3776 VaultSvc - ok
16:22:44.0972 3776 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
16:22:45.0019 3776 VClone - ok
16:22:45.0050 3776 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:22:45.0081 3776 vdrvroot - ok
16:22:45.0113 3776 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:22:45.0191 3776 vds - ok
16:22:45.0206 3776 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:22:45.0237 3776 vga - ok
16:22:45.0253 3776 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:22:45.0315 3776 VgaSave - ok
16:22:45.0347 3776 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:22:45.0362 3776 vhdmp - ok
16:22:45.0378 3776 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:22:45.0409 3776 viaide - ok
16:22:45.0440 3776 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:22:45.0471 3776 vmbus - ok
16:22:45.0487 3776 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:22:45.0518 3776 VMBusHID - ok
16:22:45.0534 3776 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:22:45.0549 3776 volmgr - ok
16:22:45.0581 3776 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:22:45.0612 3776 volmgrx - ok
16:22:45.0627 3776 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:22:45.0659 3776 volsnap - ok
16:22:45.0721 3776 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
16:22:45.0768 3776 vpnagent - ok
16:22:45.0799 3776 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
16:22:45.0815 3776 vpnva - ok
16:22:45.0908 3776 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:22:45.0939 3776 vsmraid - ok
16:22:46.0002 3776 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:22:46.0111 3776 VSS - ok
16:22:46.0127 3776 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:22:46.0173 3776 vwifibus - ok
16:22:46.0189 3776 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:22:46.0236 3776 vwififlt - ok
16:22:46.0267 3776 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:22:46.0329 3776 W32Time - ok
16:22:46.0345 3776 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:22:46.0392 3776 WacomPen - ok
16:22:46.0423 3776 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:22:46.0485 3776 WANARP - ok
16:22:46.0485 3776 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:22:46.0548 3776 Wanarpv6 - ok
16:22:46.0626 3776 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:22:46.0860 3776 WatAdminSvc - ok
16:22:46.0922 3776 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:22:47.0000 3776 wbengine - ok
16:22:47.0016 3776 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:22:47.0047 3776 WbioSrvc - ok
16:22:47.0063 3776 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:22:47.0109 3776 wcncsvc - ok
16:22:47.0141 3776 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:47.0172 3776 WcsPlugInService - ok
16:22:47.0203 3776 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:22:47.0219 3776 Wd - ok
16:22:47.0265 3776 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:22:47.0328 3776 Wdf01000 - ok
16:22:47.0359 3776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:22:47.0453 3776 WdiServiceHost - ok
16:22:47.0453 3776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:22:47.0468 3776 WdiSystemHost - ok
16:22:47.0499 3776 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:22:47.0531 3776 WebClient - ok
16:22:47.0546 3776 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:22:47.0624 3776 Wecsvc - ok
16:22:47.0640 3776 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:22:47.0733 3776 wercplsupport - ok
16:22:47.0749 3776 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:22:47.0796 3776 WerSvc - ok
16:22:47.0827 3776 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:22:47.0874 3776 WfpLwf - ok
16:22:47.0889 3776 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:22:47.0921 3776 WIMMount - ok
16:22:47.0921 3776 WinDefend - ok
16:22:47.0936 3776 WinHttpAutoProxySvc - ok
16:22:47.0983 3776 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:22:48.0045 3776 Winmgmt - ok
16:22:48.0092 3776 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:22:48.0217 3776 WinRM - ok
16:22:48.0295 3776 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:22:48.0311 3776 WinUsb - ok
16:22:48.0357 3776 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:22:48.0435 3776 Wlansvc - ok
16:22:48.0560 3776 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:22:48.0685 3776 wlidsvc - ok
16:22:48.0732 3776 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:22:48.0763 3776 WmiAcpi - ok
16:22:48.0794 3776 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:22:48.0841 3776 wmiApSrv - ok
16:22:48.0872 3776 WMPNetworkSvc - ok
16:22:48.0888 3776 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:22:48.0935 3776 WPCSvc - ok
16:22:48.0950 3776 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:22:48.0966 3776 WPDBusEnum - ok
16:22:48.0997 3776 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:22:49.0044 3776 ws2ifsl - ok
16:22:49.0059 3776 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:22:49.0106 3776 wscsvc - ok
16:22:49.0106 3776 WSearch - ok
16:22:49.0184 3776 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:22:49.0262 3776 wuauserv - ok
16:22:49.0309 3776 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:22:49.0356 3776 WudfPf - ok
16:22:49.0403 3776 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:49.0434 3776 WUDFRd - ok
16:22:49.0449 3776 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:22:49.0496 3776 wudfsvc - ok
16:22:49.0527 3776 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:22:49.0574 3776 WwanSvc - ok
16:22:49.0590 3776 ================ Scan global ===============================
16:22:49.0621 3776 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:22:49.0652 3776 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:22:49.0668 3776 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
16:22:49.0699 3776 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:22:49.0715 3776 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:22:49.0730 3776 [Global] - ok
16:22:49.0730 3776 ================ Scan MBR ==================================
16:22:49.0730 3776 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:22:50.0042 3776 \Device\Harddisk0\DR0 - ok
16:22:50.0042 3776 ================ Scan VBR ==================================
16:22:50.0042 3776 [ 735BB88FCCDA8BAD577C2EA8634FEA12 ] \Device\Harddisk0\DR0\Partition1
16:22:50.0042 3776 \Device\Harddisk0\DR0\Partition1 - ok
16:22:50.0073 3776 [ 1CF061B5F50898AB2EF5F4C56B1429D1 ] \Device\Harddisk0\DR0\Partition2
16:22:50.0073 3776 \Device\Harddisk0\DR0\Partition2 - ok
16:22:50.0089 3776 [ C386196624BF0EAECD0DA9BCF79B3CCC ] \Device\Harddisk0\DR0\Partition3
16:22:50.0105 3776 \Device\Harddisk0\DR0\Partition3 - ok
16:22:50.0105 3776 ============================================================
16:22:50.0105 3776 Scan finished
16:22:50.0105 3776 ============================================================
16:22:50.0105 2004 Detected object count: 2
16:22:50.0105 2004 Actual detected object count: 2
16:23:01.0976 2004 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:01.0976 2004 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:01.0992 2004 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:01.0992 2004 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.12.2012, 17:53
| #8 | |
| /// Malware-holic | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 09:21
| #9 |
| | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hier die Meldung: Code:
ATTFilter ComboFix 12-12-17.02 - Daniela 18.12.2012 8:56.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.3956.1441 [GMT 1:00]
ausgeführt von:: c:\users\Daniela\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\blabbers-ch.crx
c:\program files (x86)\BrowserCompanion\blabbers-ff-full.xpi
c:\program files (x86)\BrowserCompanion\jsloader.dll
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
c:\program files (x86)\BrowserCompanion\terms.lnk.url
c:\program files (x86)\BrowserCompanion\toolbar.dll
c:\program files (x86)\BrowserCompanion\uninstall.exe
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
c:\program files (x86)\BrowserCompanion\updater.ini
c:\program files (x86)\BrowserCompanion\widgetserv.exe
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Uninstall.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.dll
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Daniela\AppData\Local\Vid-Saver
c:\users\Daniela\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-18 bis 2012-12-18 ))))))))))))))))))))))))))))))
.
.
2012-12-18 08:02 . 2012-12-18 08:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 07:53 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24676217-802E-4D4A-A5D7-42DC1A13FA78}\mpengine.dll
2012-12-17 08:35 . 2012-12-17 08:35 -------- d-----w- c:\users\Daniela\AppData\Roaming\Malwarebytes
2012-12-17 08:35 . 2012-12-17 08:35 -------- d-----w- c:\programdata\Malwarebytes
2012-12-17 08:34 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-17 08:34 . 2012-12-17 08:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-16 00:22 . 2012-12-16 00:22 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-12-15 20:04 . 2012-12-15 20:04 -------- d-----w- c:\users\Guest
2012-12-14 18:37 . 2012-12-14 18:37 73728 ----a-r- c:\users\Daniela\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-14 18:37 . 2012-12-14 18:37 73728 ----a-r- c:\users\Daniela\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-14 18:37 . 2012-12-14 18:37 73728 ----a-r- c:\users\Daniela\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-14 14:30 . 2012-12-14 14:30 -------- d-----w- c:\program files\7-Zip
2012-12-14 13:47 . 2012-12-14 13:47 -------- d-----w- c:\program files (x86)\Common Files\Sophos
2012-12-14 13:45 . 2012-12-14 13:45 154952 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2012-12-13 08:44 . 2012-12-13 08:44 -------- d-----w- c:\programdata\PDF Architect
2012-12-13 08:40 . 2012-12-13 08:40 -------- d-----w- c:\users\Daniela\AppData\Roaming\PDF Architect
2012-12-13 08:34 . 2012-12-13 08:34 -------- d-----w- c:\users\Daniela\AppData\Roaming\APP_NAME_NON_STRING
2012-12-13 08:34 . 2012-12-13 08:34 -------- d-----w- c:\program files (x86)\PDF Architect
2012-12-13 08:33 . 2012-12-13 08:33 -------- d-----w- c:\users\Daniela\AppData\Roaming\pdfforge
2012-12-13 08:33 . 2012-05-05 09:54 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-12-13 08:33 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-12-13 08:33 . 2012-05-05 09:54 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-12-13 08:33 . 2012-10-28 17:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2012-12-13 08:33 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-12-13 08:33 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-12-13 08:33 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-12-13 08:33 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-12-13 08:33 . 2012-12-13 08:34 -------- d-----w- c:\program files (x86)\PDFCreator
2012-12-13 08:32 . 2012-12-13 08:32 -------- d-----w- c:\users\Daniela\AppData\Local\Programs
2012-12-13 08:01 . 2012-12-13 08:01 -------- d-----w- c:\program files (x86)\PDF Blender
2012-12-13 06:26 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 06:26 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 06:26 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 06:26 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 06:26 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 06:26 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 06:26 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 06:26 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-22 18:24 . 2012-11-22 18:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-22 18:24 . 2012-11-22 18:24 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 13:42 . 2012-04-09 14:26 37440 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-10-16 08:38 . 2012-11-28 20:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 07:25 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 07:25 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 07:25 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 07:25 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 06:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 07:24 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 07:24 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 07:24 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 07:24 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 07:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 07:24 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 07:24 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 07:24 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 07:24 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 07:24 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 07:24 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-26 14:56 . 2012-09-26 14:56 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-09-26 14:56 . 2012-09-26 14:56 33272 ----a-w- c:\windows\SysWow64\vpnevents.dll
2012-09-26 14:45 . 2012-09-26 14:45 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys
2012-09-25 22:47 . 2012-11-15 07:24 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 07:24 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 14:32 . 2012-09-18 05:52 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32 . 2012-04-13 16:49 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\appbario8\prxtbappb.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-22 16:05 91784 ----a-w- c:\program files (x86)\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files (x86)\PDF Architect\PDFIEPlugin.dll" [2012-11-22 731784]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-12-14 928832]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniela\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
tbhcn.lnk - c:\users\Daniela\AppData\Roaming\BrowserCompanion\tbhcn.exe [2012-7-2 695448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe [2007-09-20 1039360]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdoserv.exe [2007-07-17 28672]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-12-14 2010688]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 NUMARK_OMNICONTROL;Numark OMNI CONTROL USB driver;c:\windows\system32\Drivers\nkc2_usb.sys [2010-04-22 399936]
R3 NUMARK_OMNICONTROL_MIDI;Numark OMNI CONTROL WDM MIDI Device;c:\windows\system32\drivers\nkc2midi.sys [2010-04-22 31296]
R3 NUMARK_OMNICONTROL_WDM;Numark OMNI CONTROL WDM;c:\windows\system32\drivers\nkc2_wdm.sys [2010-04-22 50240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe [2009-06-13 68760]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-10-01 36640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-03 1255736]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-08-25 25608]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-12-14 154952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-11-22 1522312]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-11-22 905864]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-12-14 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-12-14 159296]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-06-07 357400]
S2 STRATO HiDrive Service;STRATO HiDrive Service;c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [2011-11-14 32768]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-14 2878016]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-09-26 479224]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-09-26 107432]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2012-07-25 151936]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67909608
*NewlyCreated* - ACSOCK
*Deregistered* - 67909608
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-17 c:\windows\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2012-04-13 01:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Daniela\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files (x86)\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files (x86)\Lexmark 9500 Series\lxdoamon.exe" [2007-08-10 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
mStart Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Daniela\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.178.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -
FF - ProfilePath - c:\users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aea5bcf1000000000000701a04b1ba1e&tlver=1.5.29.1&instlRef=sst&babTrack&q=
FF - ExtSQL: 2012-12-06 16:13; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-06 16:13; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-13 09:34; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
FF - ExtSQL: 2012-12-14 14:36; toolbar@web.de; c:\users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\4ohvftw3.default\extensions\toolbar@web.de.xpi
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=3012_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - aea5bcf1000000000000701a04b1ba1e
FF - user.js: extensions.BabylonToolbar.instlDay - 15545
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:02
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzuyBtDtC0AtDyE0BtC0B0AtC0E0B0C0FtCtN0D0Tzu0CtBtDyCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1853971583&q=
FF - user.js: extensions.funmoods.id - 701A04B1BA1EBCF1
FF - user.js: extensions.funmoods.instlDay - 15545
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:3:43
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - sware
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - sware
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files (x86)\BrowserCompanion\jsloader.dll
BHO-{11111111-1111-1111-1111-110011341191} - c:\program files (x86)\Vid-Saver\Vid-Saver.dll
WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-funmoods - c:\progra~2\Funmoods\1.5.23.22\uninstall.exe
AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe
AddRemove-WinLiveSuite - c:\program files (x86)\Windows Live\Installer\wlarp.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-18 09:05:23
ComboFix-quarantined-files.txt 2012-12-18 08:05
.
Vor Suchlauf: 17.154.818.048 bytes free
Nach Suchlauf: 18.602.905.600 bytes free
.
- - End Of File - - 23B56FCBB1B8275D59A873CC844AD85A
|
|
18.12.2012, 15:34
| #10 |
| /// Malware-holic | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hi, jetzt bitte Malwarebytes, über die Registerkarte aktualisieren, updaten. Dann vollständiger Scan, log posten, Funde vorher löschen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 00:10
| #11 |
| | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefundenCode:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniela :: DANIELA-PC [Administrator] 18.12.2012 20:08:48 mbam-log-2012-12-18 (20-08-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 546125 Laufzeit: 1 Stunde(n), 13 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Daten: Vid-Saver -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Guest\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Guest\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 85 C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Daniela\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\24fa30cb8996e4692833571384ae36d6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\62fa933b365328fcb12137e9bf074578_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\64f2ffe99c9841c0ce284e2ab27fd525_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\712c46454ce7a9ba511c8f02a771e538_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\9803c283e94e743374151c4bbe60a5df_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\b2b4e8937fa404b876cf8c88c3fe6329_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ba5a261c6565bfb443aa6cbf828a753d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\cc21b9897ac8dfabd1e4dbf701784924_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d87d174554b51fe072af6ad3a7a42f28_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e3d0cf0d14d2e30505e2786e48906be4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\Daniela\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\Program Files (x86)\Vid-Saver\Uninstall.exe.vir (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.12.2012, 00:27
| #12 |
| /// Malware-holic | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Hi Hast du die Funde gelöscht? Falls nein, musst du es tun. Dann neustarten bitte. lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 10:21
| #13 |
| | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Löschen im Sinne von "Logdatein löschen" oder die gefundenen Datein anklicken und "Entfernen"? Danke!!! |
|
19.12.2012, 13:58
| #14 |
| /// Malware-holic | C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden Na, das löschen der Logs bringts wohl nicht :-) Bitte alles gefundene anklicken, und entfernen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu C:\ProgramData\PC Performer Manager\ und Prozess tbhcn.exe und weitere infizierte Objekte gefunden |
| administrator, anti-malware, appdata, autostart, browser, code, dateien, entfernen, ergebnis, explorer, fix, folge, forum, funktioniert, google, helper, ibupdaterservice, infizierte, install.exe, jquery, malwarebytes, microsoft, pc performer, performer, probleme, prozess, software, sophos, temp, viren |
Linear-Darstellung
