| |
| |||||||
Log-Analyse und Auswertung: Ihavenet-Weiterleitung beim FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.12.2012, 15:41
| #1 |
 |  Ihavenet-Weiterleitung beim Firefox Hallo liebe Community, Ich habe mir den Ihavenet-Plagegeist eingefangen. Könnt ihr mir helfen, den wieder loszuwerden? Besten Dank schonmal. Ich bin die Anleitung durchgegangen und habe Defogger und OTL laufen lassen. Den Benutzernamen (weil Realname) habe ich durch "****" ersetzt. Hier die Logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:25 on 17/12/2012 (****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
OTL.txt: Code:
ATTFilter OTL logfile created on: 17.12.2012 15:06:29 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Installation Files\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 69,74% Memory free 12,00 Gb Paging File | 10,13 Gb Available in Paging File | 84,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,87 Gb Total Space | 403,53 Gb Free Space | 87,94% Space Free | Partition Type: NTFS Drive D: | 458,87 Gb Total Space | 395,83 Gb Free Space | 86,26% Space Free | Partition Type: NTFS Drive J: | 465,75 Gb Total Space | 205,92 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Installation Files\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.) PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll () MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Windows\SysWOW64\ZnMacroUIRes.deu () MOD - C:\Program Files (x86)\Nuance\PDF Professional 5\PDFCWordAddin.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NalServ) -- C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=17360310cn07973480l35nh881wl72 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=17360310cn07973480l35nh881wl72 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=17360310cn07973480l35nh881wl72 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{8AAC8D90-62AA-4682-B1FA-C97451B04702}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=17360310cn07973480l35nh881wl72 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1 IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=b11c77d0-000c-11e1-af0b-00262d110c1d&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{8AAC8D90-62AA-4682-B1FA-C97451B04702}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716 IE - HKCU\..\SearchScopes\{E320003E-D304-4F11-AAAC-9263EFA50192}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=8CBA6718-1845-4DD1-B9E2-BC70871C7806&apn_sauid=C7DF71D9-C9BD-478E-94DC-D2D65D9A9DEE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de&source=iglk" FF - prefs.js..extensions.enabledAddons: o2cplayer%40eleco.com:2.0.0.59 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 22:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.12 22:32:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 08:32:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{83D65D9A-9CCA-439B-9E4A-EC1FE481B443}: C:\Program Files (x86)\Copernic Desktop Search - Home\FirefoxConnector [2010.04.07 14:40:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.12 22:32:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.12 22:32:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.21 08:32:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.03.30 08:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.03.30 08:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.12 22:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\blvd88po.default\extensions [2010.08.31 06:52:41 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\blvd88po.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2012.11.22 20:04:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\blvd88po.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.10.04 07:05:06 | 000,000,000 | ---D | M] (O2CPlayer Plugin) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\blvd88po.default\extensions\o2cplayer@eleco.com [2012.11.24 21:44:45 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.07 18:51:10 | 000,000,933 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\searchplugins\11-suche.xml [2012.09.26 09:32:19 | 000,002,299 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\searchplugins\askcom.xml [2012.05.07 18:51:10 | 000,002,419 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\searchplugins\englische-ergebnisse.xml [2012.05.07 18:51:09 | 000,010,525 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\searchplugins\gmx-suche.xml [2012.05.07 18:51:10 | 000,002,457 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\searchplugins\lastminute.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\searchplugins\startsear.xml [2012.05.07 18:51:09 | 000,005,508 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\blvd88po.default\searchplugins\webde-suche.xml [2012.12.05 14:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.05 14:25:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.05 14:25:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.05 14:25:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.05 14:25:44 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.06.21 06:21:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 08:21:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2012.06.21 06:21:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.14 21:13:34 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012.06.21 06:21:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 06:21:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 06:21:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = hxxp://startsear.ch/?aff=1&src=sp&cf=b11c77d0-000c-11e1-af0b-00262d110c1d&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.12.11 10:22:39 | 000,444,964 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15282 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {70C6E9DE-F30E-4A40-8A6F-9572C2328320} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000313.dll (Copernic Inc.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [Nuance PDF Professional 5-reminder] C:\Program Files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Mit PDF Professional 5.2 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Mit PDF Professional 5.2 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7D22918-4BDC-4DDE-A6C7-74205675A620}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.02.09 13:59:36 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk J:\ O33 - MountPoints2\{4afece68-4fea-11e1-a48b-00262d110c1d}\Shell - "" = AutoRun O33 - MountPoints2\{4afece68-4fea-11e1-a48b-00262d110c1d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4afece78-4fea-11e1-a48b-00262d110c1d}\Shell - "" = AutoRun O33 - MountPoints2\{4afece78-4fea-11e1-a48b-00262d110c1d}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{5ab2c2b9-7459-11df-8206-00262d110c1d}\Shell - "" = AutoRun O33 - MountPoints2\{5ab2c2b9-7459-11df-8206-00262d110c1d}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.12 09:10:05 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 09:10:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 09:10:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 09:10:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 09:10:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 09:10:04 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 09:10:04 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 09:09:41 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.12 09:09:41 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.12 09:09:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.12 09:09:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 09:09:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 09:09:32 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 09:09:32 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 09:09:32 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 09:09:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 09:09:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 09:09:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 09:09:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 09:09:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 09:09:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 09:09:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 09:09:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 09:09:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 09:09:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 09:09:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 09:09:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 09:09:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 09:09:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 09:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 09:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 09:09:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 09:09:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 09:09:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.05 14:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.21 08:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2009.08.14 19:42:43 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.17 14:53:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2730396625-2597032382-1151066258-1001UA.job [2012.12.17 14:46:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.17 14:25:20 | 000,000,168 | ---- | M] () -- C:\Users\****\defogger_reenable [2012.12.17 13:53:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2730396625-2597032382-1151066258-1001Core.job [2012.12.17 13:46:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.17 08:15:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 08:15:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 08:12:14 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.17 08:12:14 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.17 08:12:14 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.17 08:12:14 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.17 08:12:14 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.17 08:07:44 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\urlctpesoy.job [2012.12.17 08:07:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.17 08:07:37 | 536,268,799 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 07:46:35 | 000,423,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.11 10:22:39 | 000,444,964 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.09 10:11:43 | 000,122,880 | RHS- | M] () -- C:\Windows\SysWow64\KBDALT.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.17 14:25:20 | 000,000,168 | ---- | C] () -- C:\Users\****\defogger_reenable [2012.12.09 10:11:43 | 000,122,880 | RHS- | C] () -- C:\Windows\SysWow64\KBDALT.dll [2012.12.09 10:11:43 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\urlctpesoy.job [2012.08.24 12:09:00 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.19 19:59:42 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.06.15 13:21:20 | 000,000,012 | ---- | C] () -- C:\Windows\Recorder.dat [2011.07.09 16:10:44 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.05.08 14:18:51 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.05.08 14:18:51 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.05.08 14:17:55 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2011.05.08 14:17:55 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011.05.08 14:17:55 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2010.11.09 11:26:17 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.04.09 09:28:11 | 000,007,650 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2010.04.01 09:51:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > Code:
ATTFilter
OTL Extras logfile created on: 17.12.2012 15:06:29 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Installation Files\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 69,74% Memory free
12,00 Gb Paging File | 10,13 Gb Available in Paging File | 84,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 403,53 Gb Free Space | 87,94% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 395,83 Gb Free Space | 86,26% Space Free | Partition Type: NTFS
Drive J: | 465,75 Gb Total Space | 205,92 Gb Free Space | 44,21% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E791E8-DF66-4C01-87F9-5FDD13A08526}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{08435B6B-A3BE-48A3-8E50-22570B7CDDC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{194753E9-838F-4BA5-AD36-ED4CCC6164E2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ABCA597-F379-4BA7-B6E5-32A76C5D55CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25758A4F-BAD5-48A4-A651-96A1F318BAEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{370BD5FE-D6E1-471F-B44F-FF4F03AD8FEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4306FEAE-1972-468F-A392-C22268CFCEB0}" = lport=138 | protocol=17 | dir=in | app=system |
"{4AFF00AC-D805-4144-9915-1296CF222548}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B3941E8-659F-4E93-A770-CC0F9E89CA4D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5C8A5958-193C-4C8C-BB18-54930A6F5977}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{610EA02A-3846-4B6C-8977-CB6545F29109}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78C56A0B-C420-4598-A2DA-4051D28C4289}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D9F4BE2-42C2-48A6-AE5A-C965E0EB52A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E03DC10-7E36-42E1-9101-AD2C7F1C01FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{83C9C895-4F5D-44DC-9507-2D55FEB614F9}" = lport=445 | protocol=6 | dir=in | app=system |
"{854E0875-1744-49AE-A4C5-24009292AAEB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{874C4A7D-12D4-4E0D-BE20-6F146F5081C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9095CE41-28B2-474D-AF0E-BDBE38246ED2}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{A2916F94-8270-4D9E-B9DD-C49BC8EE4FDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6CE2EAD-C88D-4396-8C90-D3870807AA03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B95A7457-7EE9-4753-BD9E-238B3C6853CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{BAC07CD5-DAE3-4C9A-A6EA-D4981FB92A4D}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{BDA36C4C-7780-4A17-8188-3EE2BD35F16E}" = lport=137 | protocol=17 | dir=in | app=system |
"{C7F87BB4-2115-4A26-A57E-81833BDC6B3E}" = lport=139 | protocol=6 | dir=in | app=system |
"{CE9452BF-0DDA-40AB-88F5-DD0FDEBA2C3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA0E686B-600A-41AA-AD28-9E47837208A0}" = rport=137 | protocol=17 | dir=out | app=system |
"{E1657B67-E16F-491E-90D8-42E09CF5D7B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E848A259-DCEE-41FB-81AC-9FD732A222D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F9536D-9443-41DA-B65D-816358638C61}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{02FD8E36-1976-46B9-AEA0-5C87B16F78BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06D5AF21-02A4-436E-9BE1-E99ABF66440E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BED579C-8C38-4229-AE11-BDF08A3566BC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{109C9F14-9B68-4BE1-BF27-51217A1E91BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{23FDEF6D-4E46-4677-8AFB-466ACDC96C7E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{28F50812-7ABC-40F5-B6F2-FF27E265696C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3C99F234-4C7E-405F-B7FC-3BEBC9D89185}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3F3C866B-66BA-432C-AC8D-76E16253D5FF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43E97F67-8EDA-4034-A8B6-4511163AE51B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43EFE6E8-218D-4AAD-B149-4464DDF7FB57}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{590DC873-8EA3-4320-B6D9-64A14767C16F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{5AB472FA-B511-4138-B65A-8E2D47890034}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C76A09F-34E6-4126-9C91-376309807CA9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{65550D5B-9B87-4DF6-A7AC-71F177D07854}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E001CF0-8593-419A-ADE8-86462F11B51F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{6E43ABF9-5D1E-4EEB-842A-A9AD0981CD46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7450ADB9-FBB6-4DF2-9270-C99ECA5AEA03}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76FE4079-17F5-4A01-89F8-8CFC9A7ABA5A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7737346E-5B6E-4CF6-8CC0-346CBE3213BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{79D018B4-556F-475E-80FB-ADB6CDBE9ACE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{895023FE-DB97-40C5-872E-7651587986A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98668517-B70A-4C09-BB88-611E7832B783}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DC0857D-3823-4B75-B0F3-EADCAA69B3FF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E939072-7FFA-4FFD-AC98-C7540506507B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A1347D81-6C7A-4853-B82D-289C75553F9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A341FA8A-3EFA-4E5F-8182-DFDA29A9C5C5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3967BDA-A0AE-435B-B4A3-DAAA6D204487}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A3EB8C6C-8EB8-4B46-B79F-5DEAC82CA24D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A6D9A976-3381-47CA-80F1-BF9401630099}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AAFBEB44-A2EF-44AC-8252-A47504B43694}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD86633F-C096-4C71-B1F9-DB9F6278D6F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE4CBEC2-070F-40E7-910E-5576263B053C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B0A11394-6379-4E7A-BD5D-E346B7830134}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B9EE31EE-4719-4F4F-B80C-95851A5E76C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BF8621CA-7AAC-40BE-8545-227BFC08CAC4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C3D0999B-5F15-4585-9056-D26934BF4927}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C6D8BDD4-6279-4B9C-8E67-6E8D85718792}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CCC52237-B454-4D94-95E8-38C67752EDCE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1740DE3-EF1F-4ACA-9357-5B74A65056BD}" = protocol=6 | dir=out | app=system |
"{DA482CF6-C37D-487D-A536-A12BF44850E7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DBB8B1DA-743F-4D37-80A2-E27C964DA987}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC128E16-905A-41E7-B71A-8A127B124ECB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DEAEADB0-C5F5-48C3-88B5-D6F1D940E067}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E309FAA1-58EE-4F60-BCBA-0BD6DD226E13}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E36450F3-2C4A-41FB-8BED-3A9CCD420B40}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8875C55-EAA7-4CCF-B6D9-4A556448D19A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{EC6E9322-E5F4-493B-A359-70CAB41658B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F042C2F0-EF0B-48EA-B81B-E3620182A96C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F12231A8-FC31-444A-BC49-A2B740E79304}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3DC86D4-D84C-49EE-85A5-15BF938AD7D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5771316-66BA-4987-92DF-18A5ED3A85F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FE5121C9-0D5F-495C-9CEA-9C17D2968CCB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0F14EC40-90FB-4A7F-8B77-1E8DB1D9A7E9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{1C83B7D8-6A3E-4F2C-8933-0090704182F5}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{3C593B8D-DE98-4461-80E4-9D08D993F338}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{77BA3479-C02E-40CC-BED1-71F8BCA2F76F}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{AD087CCC-11BC-4882-B0FD-14F77028A00E}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{D0002FB2-9EF8-4C74-8109-E7C3478326D4}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{EB3DA1C8-0FC3-4B28-8AA8-B8C4BBF8BB94}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{F6F60AAC-81CF-48A4-85DC-D5F97810C894}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe |
"UDP Query User{0B475B11-5372-4333-AB38-EC0E0AA0E1ED}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{2CC52151-7871-412E-977B-FD37C166533E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{7A6CC913-F502-403E-90BA-8A929FF25544}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{8252400F-2FD7-4909-912C-88E0851A36ED}C:\program files (x86)\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ftp commander\ftpcomm.exe |
"UDP Query User{A76FC046-248E-4840-B0B0-5952533AF1A9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DEFD99F2-E467-44DA-8549-CC9A79868A34}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{ECEA29C6-8B54-4138-9925-042852E13E1F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{FD337635-81C6-412B-9F96-A81A2C7981C2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}" = ATI Catalyst Install Manager
"{454E6AF1-043E-4F8D-A40A-A38151B6AC0E}" = Nuance PDF Professional 5
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{EBAE9144-AF3E-4AF5-B45F-64896D651E27}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03E830A5-822B-D6FB-3257-E1E6A188CF22}" = Catalyst Control Center Graphics Full Existing
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B30D22F-AB4F-9379-CDE1-3019D68D72B7}" = CCC Help Chinese Traditional
"{0E4AD541-61D5-0DF8-44C9-797C3EEBDE2C}" = CCC Help English
"{15F83A23-1C45-4914-BF72-F3B9D444744D}_is1" = PractiCount and Invoice 3.1 (Standard)
"{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
"{17B5E42B-670F-BE6A-7CBE-B9DFF74D81DC}" = CCC Help Norwegian
"{1D359627-1E53-8D9B-46A6-242B1D7A8B9D}" = CCC Help Turkish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212062FE-9FEF-457F-980F-6B25270CC99D}" = SDL MultiTerm 2011 SP2 Convert
"{21943449-0fec-4cad-9073-b9791cbc820b}" = Nero 9 Lite
"{21C205CD-3770-9454-ECC1-88BB0E2AD807}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{244C6FE3-82BC-D9F0-91F9-D9909E926FCE}" = CCC Help Greek
"{257F2279-6843-433E-9060-15BAB966F20D}" = Steuer-Spar-Erklärung Plus 2011
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E941CF-3D09-C540-07FF-81FDB66E8BC9}" = CCC Help Swedish
"{2C4A0A98-66EA-427A-46B4-FED4A141E4CE}" = Catalyst Control Center Graphics Full New
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{32F898BE-7D45-EBC2-29F3-B0B704CC8FBB}" = ccc-core-static
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3BCDCC6A-3A47-4883-8A0C-55AC061316CB}" = Steuer-Spar-Erklärung Plus 2012
"{41ACCBEB-F6BD-B9DF-8CCE-32A70F14432B}" = Catalyst Control Center Graphics Previews Vista
"{43BD0C58-6E6E-4500-AFB0-263423319604}" = SDL Trados 2007 Freelance
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5FF1B1-7C05-19F4-17D7-B1809CDFA0CD}" = CCC Help Polish
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D6873BC-73C0-487D-A4B4-BA78D9EF465C}" = Catalyst Control Center - Branding
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ebfd455-c0dd-4d75-8914-a6081efeb8e8}" = Nero 9 Essentials
"{627163CD-8116-4982-9AC1-8C6DE4A499A0}" = SDL Passolo Essential 2011 SP6
"{6664CA13-C9B1-4488-881E-4AC14CE0F260}" = SDL MultiTerm 2011 SP2 Core
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{704E5231-BBD5-46E5-B0E3-E144E38B5D47}" = SDLX
"{708FC368-197E-1AAB-8018-49AC1BA28B34}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7205B6D1-2975-4DDC-85D4-30AECFBFC138}" = SDL Trados Studio 2011 SP2
"{764182F2-8B5E-5B6B-A439-02D06550F663}" = CCC Help Dutch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{777BE1C2-F665-42E2-90DD-157A67715710}" = SDL MultiTerm 2011 SP2 Desktop
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{7C21542D-7618-42D4-990D-9B458DCDE71E}" = SDL MultiTerm 2011 SP2 Word Integration
"{7E62742F-1EEF-4532-B7FF-2D58004BDEAE}" = SDL Trados Synergy 2007
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82436073-5B66-4DD4-A815-437244503120}" = Steuer-Spar-Erklärung Plus 2010
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CE7117-D736-8108-AD6A-4F0D117E94B6}" = CCC Help Spanish
"{888934B4-09FC-4CB3-2AA4-87C2F5030C79}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C617D96-CDAA-9025-AAEA-659B477B4B7C}" = CCC Help Czech
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E5F54C-888C-51E5-A388-7B360B174311}" = CCC Help Russian
"{952D22C8-CA9F-65ED-B7C3-7CEDC08121E7}" = Catalyst Control Center Core Implementation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A018A4CE-0D6F-BEB5-EDC2-D9386B2BF1B3}" = Catalyst Control Center Graphics Light
"{A04C1E78-8EC0-7A07-FDA7-843920FE9D36}" = CCC Help Japanese
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A39878-C21D-D6D5-0F34-A01FF3E79B7F}" = CCC Help Korean
"{A7CD6CCE-C2BC-3B61-F0CC-A842F02FB6C0}" = CCC Help Italian
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B1898A20-BDE1-43C1-870D-E53C52EA974C}" = SDL XLIFF Converter for Microsoft Office
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3576D1B-5763-4E8C-43CE-1B6908D0B22D}" = CCC Help German
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{B951569A-7EC8-CF90-74AF-53610BC15097}" = CCC Help Chinese Standard
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}" = Brother MFL-Pro Suite MFC-7820N
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C68F1F36-9B04-2CC8-15A4-DC9606E760EB}" = CCC Help Danish
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE98383B-7BB4-457C-AEAB-D89E9537628F}" = SDLX
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E647D018-2209-C4B6-493F-ECB57E6620D1}" = CCC Help French
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF2E00AB-F454-C823-0408-8F2098F2CDCB}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F9EB0701-776E-BF9F-5B57-760A16422520}" = CCC Help Thai
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 4.65
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMP WinOFF" = AMP WinOFF
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"DAEMON Tools Lite" = DAEMON Tools Lite
"FTP Commander" = FTP Commander
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"IDW-Verlag IDW PS" = IDW Prüfungsstandards
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multiterm2011" = SDL MultiTerm 2011 SP2 - Remove suite of products
"STANDARDR" = Microsoft Office Standard 2007
"TranslationStudio2011" = SDL Trados 2011 SP2 - Remove suite of products
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2012 09:52:05 | Computer Name = ****-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 13.03.2012 09:52:39 | Computer Name = ****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 13.03.2012 14:00:01 | Computer Name = ****-PC | Source = Windows Backup | ID = 4103
Description =
Error - 14.03.2012 04:29:32 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.03.2012 04:29:35 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.03.2012 04:29:44 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.03.2012 04:29:45 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.03.2012 04:29:47 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.03.2012 04:29:57 | Computer Name = ****-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 14.03.2012 09:08:58 | Computer Name = ****-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.03.2012 09:09:33 | Computer Name = ****-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 14.03.2012 14:53:46 | Computer Name = ****-PC | Source = Windows Backup | ID = 4103
Description =
Error - 14.03.2012 15:03:39 | Computer Name = ****-PC | Source = Windows Backup | ID = 4103
Description =
[ OSession Events ]
Error - 17.02.2012 16:09:12 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.02.2012 16:10:31 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.03.2012 04:32:55 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 154
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.06.2012 02:54:56 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.06.2012 09:12:43 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16618
seconds with 5340 seconds of active time. This session ended with a crash.
Error - 11.07.2012 16:23:19 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17473
seconds with 60 seconds of active time. This session ended with a crash.
Error - 05.10.2012 10:31:01 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19896
seconds with 5700 seconds of active time. This session ended with a crash.
Error - 05.10.2012 10:45:52 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 784
seconds with 300 seconds of active time. This session ended with a crash.
Error - 05.10.2012 11:18:40 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1846
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 12.12.2012 09:41:17 | Computer Name = ****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 19195
seconds with 4440 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.12.2012 14:53:46 | Computer Name = ****-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 16.12.2012 14:53:46 | Computer Name = ****-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 17.12.2012 03:07:41 | Computer Name = ****-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.12.2012 03:07:41 | Computer Name = ****-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.12.2012 03:07:47 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 17.12.2012 03:09:23 | Computer Name = ****-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 17.12.2012 03:09:23 | Computer Name = ****-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 17.12.2012 08:33:48 | Computer Name = ****-PC | Source = bowser | ID = 8003
Description =
Error - 17.12.2012 09:00:49 | Computer Name = ****-PC | Source = bowser | ID = 8003
Description =
Error - 17.12.2012 09:11:19 | Computer Name = ****-PC | Source = bowser | ID = 8003
Description =
< End of report >
|
|
17.12.2012, 15:47
| #2 |
| /// Malware-holic   | Ihavenet-Weiterleitung beim Firefox hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.09 10:11:43 | 000,122,880 | RHS- | M] () -- C:\Windows\SysWow64\KBDALT.dll
[2012.12.17 08:07:44 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\urlctpesoy.job
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht. Es müsste so um den 09.12 gewesen sein, laut Datum der Malware
__________________ |
|
17.12.2012, 16:10
| #3 |
| | Ihavenet-Weiterleitung beim Firefox Hi Markus,
__________________danke für die schnelle Reaktion. Hier der Inhalt der Textdatei: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Windows\SysWOW64\KBDALT.dll moved successfully.
C:\Windows\Tasks\urlctpesoy.job moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: AppData
User: Default
User: Default User
User: Public
User: ****
->Flash cache emptied: 619 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: ****
->Temp folder emptied: 29673442 bytes
->Temporary Internet Files folder emptied: 622418048 bytes
->Java cache emptied: 7017472 bytes
->FireFox cache emptied: 75955481 bytes
->Google Chrome cache emptied: 162016217 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 10320 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12114306 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 598391033 bytes
Total Files Cleaned = 1.438,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12172012_155454
Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0478.tmp not found!
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0544.tmp not found!
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0583.tmp not found!
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{3082DF9E-4220-402B-8762-68960E056ECE}.tmp not found!
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{341E47F8-8C7F-4B5B-9BD6-67430BC57122}.tmp not found!
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5BBB9A96-1A23-41CA-A1EF-9EE5A677AAB5}.tmp not found!
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E10F6942-9029-4BCB-B0AC-B721027DC98A}.tmp not found!
File\Folder C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EB0376A9-A549-4D98-B7EE-D2FCA0BF3712}.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
GetInfo hab ich auch runtergeladen, die summaryinfo.txt wurde auche rstellt. Soll ich die auch hier posten? Du kriegst gleich PN gandalf |
|
17.12.2012, 18:47
| #4 |
| /// Malware-holic | Ihavenet-Weiterleitung beim Firefox Hiho, die Geinfo hätte ich bitte gern auch noch :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2012, 18:50
| #5 | |
| | Ihavenet-Weiterleitung beim FirefoxZitat:
Code:
ATTFilter System volume information: dwHighDateTime = 0x1c9fed0,dwLowDateTime = 0xbca73080
System32: dwHighDateTime = 0x1c7c427,dwLowDateTime = 0x1f6db2c0
dwSerialNumber = 0xa4572170
|
|
18.12.2012, 13:02
| #6 |
| /// Malware-holic | Ihavenet-Weiterleitung beim Firefox Dankke, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Ihavenet-Weiterleitung beim Firefox |
|
18.12.2012, 13:28
| #7 |
| | Ihavenet-Weiterleitung beim Firefox Autsch, 4 threats gefunden: Code:
ATTFilter 13:21:05.0407 4036 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:21:05.0688 4036 ============================================================
13:21:05.0688 4036 Current date / time: 2012/12/18 13:21:05.0688
13:21:05.0688 4036 SystemInfo:
13:21:05.0688 4036
13:21:05.0688 4036 OS Version: 6.1.7601 ServicePack: 1.0
13:21:05.0688 4036 Product type: Workstation
13:21:05.0688 4036 ComputerName: ****-PC
13:21:05.0688 4036 UserName: ****
13:21:05.0688 4036 Windows directory: C:\Windows
13:21:05.0688 4036 System windows directory: C:\Windows
13:21:05.0688 4036 Running under WOW64
13:21:05.0688 4036 Processor architecture: Intel x64
13:21:05.0688 4036 Number of processors: 4
13:21:05.0688 4036 Page size: 0x1000
13:21:05.0688 4036 Boot type: Normal boot
13:21:05.0688 4036 ============================================================
13:21:06.0421 4036 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:06.0421 4036 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:21:13.0020 4036 ============================================================
13:21:13.0020 4036 \Device\Harddisk0\DR0:
13:21:13.0020 4036 MBR partitions:
13:21:13.0020 4036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
13:21:13.0020 4036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x395BD800
13:21:13.0020 4036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B148000, BlocksNum 0x395BE5B0
13:21:13.0020 4036 \Device\Harddisk3\DR3:
13:21:13.0020 4036 MBR partitions:
13:21:13.0020 4036 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
13:21:13.0020 4036 ============================================================
13:21:13.0035 4036 C: <-> \Device\Harddisk0\DR0\Partition2
13:21:13.0067 4036 D: <-> \Device\Harddisk0\DR0\Partition3
13:21:13.0098 4036 J: <-> \Device\Harddisk3\DR3\Partition1
13:21:13.0098 4036 ============================================================
13:21:13.0098 4036 Initialize success
13:21:13.0098 4036 ============================================================
13:21:55.0280 1800 ============================================================
13:21:55.0280 1800 Scan started
13:21:55.0280 1800 Mode: Manual; SigCheck; TDLFS;
13:21:55.0280 1800 ============================================================
13:21:55.0748 1800 ================ Scan system memory ========================
13:21:55.0748 1800 System memory - ok
13:21:55.0748 1800 ================ Scan services =============================
13:21:55.0889 1800 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:21:55.0967 1800 1394ohci - ok
13:21:56.0029 1800 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
13:21:56.0060 1800 AAV UpdateService - ok
13:21:56.0060 1800 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:21:56.0076 1800 ACPI - ok
13:21:56.0107 1800 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:21:56.0154 1800 AcpiPmi - ok
13:21:56.0201 1800 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:21:56.0232 1800 AdobeARMservice - ok
13:21:56.0263 1800 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:21:56.0294 1800 adp94xx - ok
13:21:56.0294 1800 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:21:56.0325 1800 adpahci - ok
13:21:56.0341 1800 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:21:56.0341 1800 adpu320 - ok
13:21:56.0372 1800 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:21:56.0419 1800 AeLookupSvc - ok
13:21:56.0466 1800 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:21:56.0513 1800 AFD - ok
13:21:56.0528 1800 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:21:56.0544 1800 agp440 - ok
13:21:56.0559 1800 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:21:56.0606 1800 ALG - ok
13:21:56.0622 1800 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:21:56.0637 1800 aliide - ok
13:21:56.0669 1800 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:21:56.0731 1800 AMD External Events Utility - ok
13:21:56.0747 1800 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:21:56.0762 1800 amdide - ok
13:21:56.0778 1800 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:21:56.0825 1800 AmdK8 - ok
13:21:56.0840 1800 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:21:56.0871 1800 AmdPPM - ok
13:21:56.0903 1800 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:21:56.0918 1800 amdsata - ok
13:21:56.0934 1800 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:21:56.0949 1800 amdsbs - ok
13:21:56.0965 1800 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:21:56.0981 1800 amdxata - ok
13:21:57.0027 1800 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:21:57.0059 1800 AntiVirSchedulerService - ok
13:21:57.0074 1800 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:21:57.0090 1800 AntiVirService - ok
13:21:57.0121 1800 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:21:57.0183 1800 AppID - ok
13:21:57.0215 1800 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:21:57.0293 1800 AppIDSvc - ok
13:21:57.0324 1800 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:21:57.0402 1800 Appinfo - ok
13:21:57.0417 1800 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:21:57.0433 1800 arc - ok
13:21:57.0449 1800 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:21:57.0464 1800 arcsas - ok
13:21:57.0542 1800 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:21:57.0558 1800 aspnet_state - ok
13:21:57.0589 1800 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:57.0620 1800 AsyncMac - ok
13:21:57.0651 1800 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:21:57.0667 1800 atapi - ok
13:21:57.0698 1800 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
13:21:57.0745 1800 AtiHdmiService - ok
13:21:57.0854 1800 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:21:58.0041 1800 atikmdag - ok
13:21:58.0073 1800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:21:58.0119 1800 AudioEndpointBuilder - ok
13:21:58.0135 1800 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:21:58.0166 1800 AudioSrv - ok
13:21:58.0197 1800 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:21:58.0197 1800 avgntflt - ok
13:21:58.0229 1800 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:21:58.0244 1800 avipbb - ok
13:21:58.0275 1800 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:21:58.0291 1800 avkmgr - ok
13:21:58.0322 1800 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:21:58.0416 1800 AxInstSV - ok
13:21:58.0478 1800 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:21:58.0541 1800 b06bdrv - ok
13:21:58.0572 1800 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:21:58.0634 1800 b57nd60a - ok
13:21:58.0665 1800 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:21:58.0712 1800 BDESVC - ok
13:21:58.0743 1800 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:21:58.0821 1800 Beep - ok
13:21:58.0868 1800 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:21:58.0915 1800 BFE - ok
13:21:58.0946 1800 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:21:59.0024 1800 BITS - ok
13:21:59.0040 1800 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:21:59.0071 1800 blbdrive - ok
13:21:59.0087 1800 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:21:59.0118 1800 bowser - ok
13:21:59.0133 1800 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:21:59.0196 1800 BrFiltLo - ok
13:21:59.0211 1800 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:21:59.0227 1800 BrFiltUp - ok
13:21:59.0258 1800 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:21:59.0289 1800 Browser - ok
13:21:59.0321 1800 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
13:21:59.0367 1800 Brserid - ok
13:21:59.0383 1800 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:21:59.0414 1800 BrSerWdm - ok
13:21:59.0414 1800 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:21:59.0477 1800 BrUsbMdm - ok
13:21:59.0492 1800 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
13:21:59.0523 1800 BrUsbSer - ok
13:21:59.0539 1800 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:21:59.0586 1800 BTHMODEM - ok
13:21:59.0617 1800 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:21:59.0664 1800 bthserv - ok
13:21:59.0679 1800 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:21:59.0695 1800 cdfs - ok
13:21:59.0742 1800 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:21:59.0773 1800 cdrom - ok
13:21:59.0820 1800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:21:59.0898 1800 CertPropSvc - ok
13:21:59.0898 1800 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:21:59.0945 1800 circlass - ok
13:21:59.0960 1800 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:21:59.0976 1800 CLFS - ok
13:22:00.0023 1800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:00.0054 1800 clr_optimization_v2.0.50727_32 - ok
13:22:00.0085 1800 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:22:00.0132 1800 clr_optimization_v2.0.50727_64 - ok
13:22:00.0194 1800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:00.0210 1800 clr_optimization_v4.0.30319_32 - ok
13:22:00.0241 1800 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:22:00.0257 1800 clr_optimization_v4.0.30319_64 - ok
13:22:00.0272 1800 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:22:00.0303 1800 CmBatt - ok
13:22:00.0335 1800 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:22:00.0350 1800 cmdide - ok
13:22:00.0381 1800 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:22:00.0459 1800 CNG - ok
13:22:00.0475 1800 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:22:00.0491 1800 Compbatt - ok
13:22:00.0506 1800 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:22:00.0537 1800 CompositeBus - ok
13:22:00.0553 1800 COMSysApp - ok
13:22:00.0569 1800 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:22:00.0584 1800 crcdisk - ok
13:22:00.0600 1800 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:22:00.0647 1800 CryptSvc - ok
13:22:00.0678 1800 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:22:00.0709 1800 dc3d - ok
13:22:00.0740 1800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:22:00.0803 1800 DcomLaunch - ok
13:22:00.0818 1800 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:22:00.0849 1800 defragsvc - ok
13:22:00.0881 1800 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:22:00.0943 1800 DfsC - ok
13:22:00.0959 1800 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:22:00.0990 1800 Dhcp - ok
13:22:01.0005 1800 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:22:01.0037 1800 discache - ok
13:22:01.0052 1800 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:22:01.0068 1800 Disk - ok
13:22:01.0099 1800 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:22:01.0177 1800 Dnscache - ok
13:22:01.0208 1800 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:22:01.0255 1800 dot3svc - ok
13:22:01.0286 1800 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:22:01.0317 1800 DPS - ok
13:22:01.0349 1800 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:22:01.0364 1800 drmkaud - ok
13:22:01.0395 1800 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
13:22:01.0411 1800 dtsoftbus01 - ok
13:22:01.0427 1800 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:22:01.0458 1800 DXGKrnl - ok
13:22:01.0473 1800 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:22:01.0505 1800 EapHost - ok
13:22:01.0583 1800 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:22:01.0692 1800 ebdrv - ok
13:22:01.0723 1800 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:22:01.0785 1800 EFS - ok
13:22:01.0817 1800 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:22:01.0879 1800 ehRecvr - ok
13:22:01.0895 1800 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:22:01.0941 1800 ehSched - ok
13:22:01.0957 1800 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:22:01.0988 1800 elxstor - ok
13:22:02.0004 1800 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:22:02.0019 1800 ErrDev - ok
13:22:02.0035 1800 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:22:02.0066 1800 EventSystem - ok
13:22:02.0082 1800 ew_hwusbdev - ok
13:22:02.0082 1800 ew_usbenumfilter - ok
13:22:02.0097 1800 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:22:02.0129 1800 exfat - ok
13:22:02.0144 1800 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:22:02.0191 1800 fastfat - ok
13:22:02.0238 1800 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:22:02.0300 1800 Fax - ok
13:22:02.0316 1800 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:22:02.0363 1800 fdc - ok
13:22:02.0363 1800 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:22:02.0425 1800 fdPHost - ok
13:22:02.0425 1800 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:22:02.0472 1800 FDResPub - ok
13:22:02.0487 1800 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:22:02.0503 1800 FileInfo - ok
13:22:02.0519 1800 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:22:02.0550 1800 Filetrace - ok
13:22:02.0581 1800 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:22:02.0612 1800 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:22:02.0612 1800 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:22:02.0628 1800 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:22:02.0643 1800 flpydisk - ok
13:22:02.0659 1800 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:22:02.0675 1800 FltMgr - ok
13:22:02.0706 1800 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:22:02.0799 1800 FontCache - ok
13:22:02.0862 1800 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:22:02.0893 1800 FontCache3.0.0.0 - ok
13:22:02.0955 1800 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
13:22:03.0002 1800 ForceWare Intelligent Application Manager (IAM) - ok
13:22:03.0018 1800 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:22:03.0033 1800 FsDepends - ok
13:22:03.0049 1800 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:22:03.0065 1800 Fs_Rec - ok
13:22:03.0080 1800 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:22:03.0096 1800 fvevol - ok
13:22:03.0096 1800 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:22:03.0111 1800 gagp30kx - ok
13:22:03.0143 1800 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:22:03.0189 1800 gpsvc - ok
13:22:03.0252 1800 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
13:22:03.0283 1800 Greg_Service - ok
13:22:03.0330 1800 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:22:03.0361 1800 gupdate - ok
13:22:03.0377 1800 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:22:03.0377 1800 gupdatem - ok
13:22:03.0392 1800 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:22:03.0423 1800 hcw85cir - ok
13:22:03.0470 1800 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:22:03.0533 1800 HdAudAddService - ok
13:22:03.0548 1800 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:22:03.0579 1800 HDAudBus - ok
13:22:03.0579 1800 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:22:03.0611 1800 HidBatt - ok
13:22:03.0611 1800 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:22:03.0626 1800 HidBth - ok
13:22:03.0642 1800 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:22:03.0689 1800 HidIr - ok
13:22:03.0720 1800 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:22:03.0813 1800 hidserv - ok
13:22:03.0829 1800 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:22:03.0845 1800 HidUsb - ok
13:22:03.0876 1800 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:22:03.0954 1800 hkmsvc - ok
13:22:03.0985 1800 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:22:04.0032 1800 HomeGroupListener - ok
13:22:04.0047 1800 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:22:04.0079 1800 HomeGroupProvider - ok
13:22:04.0094 1800 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:22:04.0110 1800 HpSAMD - ok
13:22:04.0157 1800 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:22:04.0188 1800 HTTP - ok
13:22:04.0203 1800 huawei_cdcacm - ok
13:22:04.0203 1800 huawei_enumerator - ok
13:22:04.0219 1800 huawei_ext_ctrl - ok
13:22:04.0219 1800 huawei_wwanecm - ok
13:22:04.0235 1800 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:22:04.0250 1800 hwpolicy - ok
13:22:04.0266 1800 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:22:04.0281 1800 i8042prt - ok
13:22:04.0297 1800 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:22:04.0313 1800 iaStorV - ok
13:22:04.0359 1800 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:22:04.0375 1800 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:22:04.0375 1800 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:22:04.0422 1800 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:22:04.0484 1800 idsvc - ok
13:22:04.0500 1800 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:22:04.0515 1800 iirsp - ok
13:22:04.0531 1800 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:22:04.0593 1800 IKEEXT - ok
13:22:04.0656 1800 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:22:04.0734 1800 IntcAzAudAddService - ok
13:22:04.0749 1800 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:22:04.0765 1800 intelide - ok
13:22:04.0781 1800 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:22:04.0812 1800 intelppm - ok
13:22:04.0843 1800 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:22:04.0921 1800 IPBusEnum - ok
13:22:04.0952 1800 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:22:04.0999 1800 IpFilterDriver - ok
13:22:05.0061 1800 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:22:05.0093 1800 iphlpsvc - ok
13:22:05.0108 1800 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:22:05.0139 1800 IPMIDRV - ok
13:22:05.0155 1800 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:22:05.0202 1800 IPNAT - ok
13:22:05.0217 1800 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:22:05.0295 1800 IRENUM - ok
13:22:05.0311 1800 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:22:05.0327 1800 isapnp - ok
13:22:05.0342 1800 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:22:05.0358 1800 iScsiPrt - ok
13:22:05.0373 1800 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:22:05.0389 1800 kbdclass - ok
13:22:05.0405 1800 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:22:05.0436 1800 kbdhid - ok
13:22:05.0451 1800 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:22:05.0451 1800 KeyIso - ok
13:22:05.0483 1800 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:22:05.0498 1800 KSecDD - ok
13:22:05.0514 1800 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:22:05.0529 1800 KSecPkg - ok
13:22:05.0529 1800 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:22:05.0576 1800 ksthunk - ok
13:22:05.0592 1800 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:22:05.0685 1800 KtmRm - ok
13:22:05.0748 1800 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:22:05.0841 1800 LanmanServer - ok
13:22:05.0857 1800 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:22:05.0919 1800 LanmanWorkstation - ok
13:22:05.0935 1800 LgBttPort - ok
13:22:05.0951 1800 lgbusenum - ok
13:22:05.0951 1800 LGVMODEM - ok
13:22:05.0951 1800 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:22:05.0997 1800 lltdio - ok
13:22:06.0013 1800 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:22:06.0060 1800 lltdsvc - ok
13:22:06.0075 1800 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:22:06.0107 1800 lmhosts - ok
13:22:06.0122 1800 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:22:06.0138 1800 LSI_FC - ok
13:22:06.0153 1800 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:22:06.0153 1800 LSI_SAS - ok
13:22:06.0169 1800 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:22:06.0185 1800 LSI_SAS2 - ok
13:22:06.0200 1800 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:22:06.0216 1800 LSI_SCSI - ok
13:22:06.0231 1800 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:22:06.0278 1800 luafv - ok
13:22:06.0294 1800 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:22:06.0309 1800 Mcx2Svc - ok
13:22:06.0325 1800 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:22:06.0325 1800 megasas - ok
13:22:06.0356 1800 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:22:06.0372 1800 MegaSR - ok
13:22:06.0387 1800 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:22:06.0419 1800 MMCSS - ok
13:22:06.0434 1800 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:22:06.0450 1800 Modem - ok
13:22:06.0465 1800 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:22:06.0481 1800 monitor - ok
13:22:06.0497 1800 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:22:06.0512 1800 mouclass - ok
13:22:06.0512 1800 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:22:06.0528 1800 mouhid - ok
13:22:06.0559 1800 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:22:06.0559 1800 mountmgr - ok
13:22:06.0621 1800 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:22:06.0653 1800 MozillaMaintenance - ok
13:22:06.0684 1800 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:22:06.0699 1800 mpio - ok
13:22:06.0731 1800 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:22:06.0824 1800 mpsdrv - ok
13:22:06.0871 1800 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:22:06.0949 1800 MpsSvc - ok
13:22:06.0965 1800 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:22:06.0996 1800 MRxDAV - ok
13:22:07.0011 1800 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:22:07.0043 1800 mrxsmb - ok
13:22:07.0074 1800 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:22:07.0105 1800 mrxsmb10 - ok
13:22:07.0105 1800 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:22:07.0121 1800 mrxsmb20 - ok
13:22:07.0136 1800 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:22:07.0152 1800 msahci - ok
13:22:07.0167 1800 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:22:07.0183 1800 msdsm - ok
13:22:07.0199 1800 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:22:07.0214 1800 MSDTC - ok
13:22:07.0230 1800 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:22:07.0261 1800 Msfs - ok
13:22:07.0277 1800 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:22:07.0308 1800 mshidkmdf - ok
13:22:07.0323 1800 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:22:07.0323 1800 msisadrv - ok
13:22:07.0370 1800 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:22:07.0448 1800 MSiSCSI - ok
13:22:07.0464 1800 msiserver - ok
13:22:07.0479 1800 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:22:07.0511 1800 MSKSSRV - ok
13:22:07.0542 1800 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:22:07.0620 1800 MSPCLOCK - ok
13:22:07.0635 1800 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:22:07.0682 1800 MSPQM - ok
13:22:07.0713 1800 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:22:07.0729 1800 MsRPC - ok
13:22:07.0729 1800 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:22:07.0745 1800 mssmbios - ok
13:22:07.0745 1800 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:22:07.0823 1800 MSTEE - ok
13:22:07.0838 1800 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:22:07.0854 1800 MTConfig - ok
13:22:07.0869 1800 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:22:07.0885 1800 Mup - ok
13:22:07.0916 1800 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
13:22:07.0932 1800 mwlPSDFilter - ok
13:22:07.0947 1800 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
13:22:07.0963 1800 mwlPSDNServ - ok
13:22:07.0979 1800 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
13:22:07.0994 1800 mwlPSDVDisk - ok
13:22:08.0041 1800 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
13:22:08.0072 1800 MWLService - ok
13:22:08.0150 1800 [ 086DA58F38AB4C690D594D223F6C4BC4 ] NalServ C:\Windows\SysWOW64\nalserv.exe
13:22:08.0181 1800 NalServ ( UnsignedFile.Multi.Generic ) - warning
13:22:08.0181 1800 NalServ - detected UnsignedFile.Multi.Generic (1)
13:22:08.0213 1800 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:22:08.0275 1800 napagent - ok
13:22:08.0291 1800 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:22:08.0306 1800 NativeWifiP - ok
13:22:08.0353 1800 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:22:08.0369 1800 NDIS - ok
13:22:08.0384 1800 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:22:08.0415 1800 NdisCap - ok
13:22:08.0431 1800 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:22:08.0462 1800 NdisTapi - ok
13:22:08.0493 1800 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:22:08.0556 1800 Ndisuio - ok
13:22:08.0587 1800 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:22:08.0681 1800 NdisWan - ok
13:22:08.0696 1800 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:22:08.0774 1800 NDProxy - ok
13:22:08.0790 1800 Nero BackItUp Scheduler 4.0 - ok
13:22:08.0805 1800 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:22:08.0852 1800 NetBIOS - ok
13:22:08.0868 1800 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:22:08.0899 1800 NetBT - ok
13:22:08.0899 1800 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:22:08.0915 1800 Netlogon - ok
13:22:08.0946 1800 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:22:08.0977 1800 Netman - ok
13:22:09.0008 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:09.0039 1800 NetMsmqActivator - ok
13:22:09.0055 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:09.0055 1800 NetPipeActivator - ok
13:22:09.0086 1800 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:22:09.0133 1800 netprofm - ok
13:22:09.0149 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:09.0149 1800 NetTcpActivator - ok
13:22:09.0149 1800 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:09.0164 1800 NetTcpPortSharing - ok
13:22:09.0180 1800 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:22:09.0195 1800 nfrd960 - ok
13:22:09.0227 1800 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:22:09.0242 1800 NlaSvc - ok
13:22:09.0273 1800 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
13:22:09.0289 1800 nlsX86cc ( UnsignedFile.Multi.Generic ) - warning
13:22:09.0289 1800 nlsX86cc - detected UnsignedFile.Multi.Generic (1)
13:22:09.0289 1800 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:22:09.0320 1800 Npfs - ok
13:22:09.0320 1800 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:22:09.0367 1800 nsi - ok
13:22:09.0367 1800 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:22:09.0414 1800 nsiproxy - ok
13:22:09.0461 1800 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
13:22:09.0507 1800 nSvcIp - ok
13:22:09.0554 1800 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:22:09.0601 1800 Ntfs - ok
13:22:09.0648 1800 [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
13:22:09.0679 1800 NTI IScheduleSvc - ok
13:22:09.0679 1800 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
13:22:09.0695 1800 NTIDrvr - ok
13:22:09.0710 1800 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
13:22:09.0741 1800 NuidFltr - ok
13:22:09.0741 1800 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:22:09.0788 1800 Null - ok
13:22:09.0804 1800 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
13:22:09.0819 1800 NVENETFD - ok
13:22:10.0022 1800 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:22:10.0287 1800 nvlddmkm - ok
13:22:10.0319 1800 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
13:22:10.0334 1800 NVNET - ok
13:22:10.0365 1800 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:22:10.0381 1800 nvraid - ok
13:22:10.0397 1800 [ AFDE3015BB8D76E26BEC3B287C5443A0 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
13:22:10.0428 1800 nvsmu - ok
13:22:10.0443 1800 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:22:10.0490 1800 nvstor - ok
13:22:10.0506 1800 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
13:22:10.0506 1800 nvstor64 - ok
13:22:10.0537 1800 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:22:10.0553 1800 nv_agp - ok
13:22:10.0599 1800 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:22:10.0646 1800 odserv - ok
13:22:10.0662 1800 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:22:10.0693 1800 ohci1394 - ok
13:22:10.0740 1800 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:10.0771 1800 ose - ok
13:22:10.0802 1800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:22:10.0865 1800 p2pimsvc - ok
13:22:10.0896 1800 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:22:10.0927 1800 p2psvc - ok
13:22:10.0943 1800 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:22:10.0958 1800 Parport - ok
13:22:10.0974 1800 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:22:10.0989 1800 partmgr - ok
13:22:11.0005 1800 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:22:11.0036 1800 PcaSvc - ok
13:22:11.0052 1800 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:22:11.0052 1800 pci - ok
13:22:11.0067 1800 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:22:11.0067 1800 pciide - ok
13:22:11.0099 1800 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:22:11.0114 1800 pcmcia - ok
13:22:11.0130 1800 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:22:11.0145 1800 pcw - ok
13:22:11.0192 1800 [ 34E3696102334CE84367336E309F1A0D ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe
13:22:11.0223 1800 PDFProFiltSrv - ok
13:22:11.0255 1800 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:22:11.0333 1800 PEAUTH - ok
13:22:11.0348 1800 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:22:11.0364 1800 PerfHost - ok
13:22:11.0411 1800 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:22:11.0489 1800 pla - ok
13:22:11.0520 1800 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:22:11.0551 1800 PlugPlay - ok
13:22:11.0582 1800 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:22:11.0598 1800 PNRPAutoReg - ok
13:22:11.0645 1800 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:22:11.0645 1800 PNRPsvc - ok
13:22:11.0676 1800 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:22:11.0723 1800 Point64 - ok
13:22:11.0738 1800 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:22:11.0801 1800 PolicyAgent - ok
13:22:11.0801 1800 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:22:11.0832 1800 Power - ok
13:22:11.0879 1800 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:22:11.0957 1800 PptpMiniport - ok
13:22:11.0972 1800 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:22:12.0019 1800 Processor - ok
13:22:12.0050 1800 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:22:12.0113 1800 ProfSvc - ok
13:22:12.0128 1800 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:22:12.0144 1800 ProtectedStorage - ok
13:22:12.0175 1800 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:22:12.0237 1800 Psched - ok
13:22:12.0269 1800 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:22:12.0315 1800 ql2300 - ok
13:22:12.0347 1800 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:22:12.0362 1800 ql40xx - ok
13:22:12.0378 1800 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:22:12.0409 1800 QWAVE - ok
13:22:12.0409 1800 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:22:12.0440 1800 QWAVEdrv - ok
13:22:12.0487 1800 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
13:22:12.0518 1800 RapiMgr - ok
13:22:12.0534 1800 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:22:12.0612 1800 RasAcd - ok
13:22:12.0643 1800 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:22:12.0659 1800 RasAgileVpn - ok
13:22:12.0674 1800 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:22:12.0705 1800 RasAuto - ok
13:22:12.0737 1800 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:22:12.0783 1800 Rasl2tp - ok
13:22:12.0799 1800 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:22:12.0846 1800 RasMan - ok
13:22:12.0861 1800 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:22:12.0893 1800 RasPppoe - ok
13:22:12.0908 1800 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:22:12.0939 1800 RasSstp - ok
13:22:12.0955 1800 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:22:12.0986 1800 rdbss - ok
13:22:13.0002 1800 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:22:13.0017 1800 rdpbus - ok
13:22:13.0033 1800 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:22:13.0064 1800 RDPCDD - ok
13:22:13.0080 1800 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:22:13.0111 1800 RDPENCDD - ok
13:22:13.0142 1800 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:22:13.0173 1800 RDPREFMP - ok
13:22:13.0189 1800 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:22:13.0251 1800 RDPWD - ok
13:22:13.0283 1800 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:22:13.0314 1800 rdyboost - ok
13:22:13.0329 1800 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:22:13.0376 1800 RemoteAccess - ok
13:22:13.0392 1800 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:22:13.0439 1800 RemoteRegistry - ok
13:22:13.0454 1800 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:22:13.0485 1800 RpcEptMapper - ok
13:22:13.0501 1800 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:22:13.0532 1800 RpcLocator - ok
13:22:13.0563 1800 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:22:13.0595 1800 RpcSs - ok
13:22:13.0595 1800 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:22:13.0657 1800 rspndr - ok
13:22:13.0657 1800 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:22:13.0673 1800 SamSs - ok
13:22:13.0704 1800 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:22:13.0719 1800 sbp2port - ok
13:22:13.0766 1800 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:22:13.0797 1800 SBSDWSCService - ok
13:22:13.0813 1800 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:22:13.0860 1800 SCardSvr - ok
13:22:13.0875 1800 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:22:13.0922 1800 scfilter - ok
13:22:13.0938 1800 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:22:14.0000 1800 Schedule - ok
13:22:14.0016 1800 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:22:14.0047 1800 SCPolicySvc - ok
13:22:14.0063 1800 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:22:14.0094 1800 SDRSVC - ok
13:22:14.0125 1800 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:22:14.0203 1800 secdrv - ok
13:22:14.0219 1800 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:22:14.0265 1800 seclogon - ok
13:22:14.0281 1800 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:22:14.0297 1800 SENS - ok
13:22:14.0312 1800 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:22:14.0343 1800 SensrSvc - ok
13:22:14.0359 1800 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:22:14.0375 1800 Serenum - ok
13:22:14.0390 1800 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:22:14.0406 1800 Serial - ok
13:22:14.0437 1800 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:22:14.0468 1800 sermouse - ok
13:22:14.0515 1800 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:22:14.0577 1800 SessionEnv - ok
13:22:14.0593 1800 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:22:14.0640 1800 sffdisk - ok
13:22:14.0640 1800 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:22:14.0671 1800 sffp_mmc - ok
13:22:14.0671 1800 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:22:14.0702 1800 sffp_sd - ok
13:22:14.0718 1800 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:22:14.0765 1800 sfloppy - ok
13:22:14.0796 1800 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:22:14.0936 1800 SharedAccess - ok
13:22:14.0952 1800 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:22:15.0030 1800 ShellHWDetection - ok
13:22:15.0045 1800 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:22:15.0061 1800 SiSRaid2 - ok
13:22:15.0077 1800 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:22:15.0092 1800 SiSRaid4 - ok
13:22:15.0108 1800 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:22:15.0186 1800 Smb - ok
13:22:15.0201 1800 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:22:15.0217 1800 SNMPTRAP - ok
13:22:15.0233 1800 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:22:15.0248 1800 spldr - ok
13:22:15.0264 1800 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:22:15.0295 1800 Spooler - ok
13:22:15.0389 1800 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:22:15.0467 1800 sppsvc - ok
13:22:15.0482 1800 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:22:15.0529 1800 sppuinotify - ok
13:22:15.0560 1800 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:22:15.0591 1800 srv - ok
13:22:15.0607 1800 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:22:15.0638 1800 srv2 - ok
13:22:15.0654 1800 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:22:15.0685 1800 srvnet - ok
13:22:15.0716 1800 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:22:15.0779 1800 SSDPSRV - ok
13:22:15.0779 1800 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:22:15.0810 1800 SstpSvc - ok
13:22:15.0841 1800 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:22:15.0857 1800 stexstor - ok
13:22:15.0919 1800 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:22:15.0997 1800 stisvc - ok
13:22:16.0013 1800 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:22:16.0044 1800 swenum - ok
13:22:16.0059 1800 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:22:16.0122 1800 swprv - ok
13:22:16.0153 1800 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:22:16.0215 1800 SysMain - ok
13:22:16.0231 1800 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:22:16.0247 1800 TabletInputService - ok
13:22:16.0262 1800 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:22:16.0309 1800 TapiSrv - ok
13:22:16.0325 1800 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:22:16.0340 1800 TBS - ok
13:22:16.0387 1800 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:22:16.0434 1800 Tcpip - ok
13:22:16.0465 1800 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:22:16.0496 1800 TCPIP6 - ok
13:22:16.0527 1800 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:22:16.0543 1800 tcpipreg - ok
13:22:16.0559 1800 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:22:16.0605 1800 TDPIPE - ok
13:22:16.0637 1800 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:22:16.0652 1800 TDTCP - ok
13:22:16.0668 1800 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:22:16.0730 1800 tdx - ok
13:22:16.0746 1800 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:22:16.0793 1800 TermDD - ok
13:22:16.0808 1800 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:22:16.0886 1800 TermService - ok
13:22:16.0902 1800 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:22:16.0933 1800 Themes - ok
13:22:16.0949 1800 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:22:16.0964 1800 THREADORDER - ok
13:22:16.0980 1800 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:22:17.0027 1800 TrkWks - ok
13:22:17.0058 1800 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:22:17.0136 1800 TrustedInstaller - ok
13:22:17.0151 1800 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:22:17.0198 1800 tssecsrv - ok
13:22:17.0229 1800 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:22:17.0292 1800 TsUsbFlt - ok
13:22:17.0354 1800 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:22:17.0417 1800 tunnel - ok
13:22:17.0448 1800 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:22:17.0463 1800 uagp35 - ok
13:22:17.0479 1800 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
13:22:17.0495 1800 UBHelper - ok
13:22:17.0526 1800 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:22:17.0619 1800 udfs - ok
13:22:17.0635 1800 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:22:17.0651 1800 UI0Detect - ok
13:22:17.0666 1800 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:22:17.0682 1800 uliagpkx - ok
13:22:17.0713 1800 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:22:17.0744 1800 umbus - ok
13:22:17.0760 1800 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:22:17.0807 1800 UmPass - ok
13:22:17.0869 1800 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
13:22:17.0900 1800 Updater Service - ok
13:22:17.0916 1800 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:22:17.0978 1800 upnphost - ok
13:22:17.0994 1800 usbbus - ok
13:22:18.0009 1800 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:22:18.0025 1800 usbccgp - ok
13:22:18.0072 1800 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:22:18.0103 1800 usbcir - ok
13:22:18.0119 1800 UsbDiag - ok
13:22:18.0119 1800 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:22:18.0150 1800 usbehci - ok
13:22:18.0165 1800 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:22:18.0197 1800 usbhub - ok
13:22:18.0197 1800 USBModem - ok
13:22:18.0212 1800 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:22:18.0228 1800 usbohci - ok
13:22:18.0243 1800 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:22:18.0259 1800 usbprint - ok
13:22:18.0275 1800 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:22:18.0290 1800 usbscan - ok
13:22:18.0306 1800 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:22:18.0337 1800 USBSTOR - ok
13:22:18.0353 1800 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:22:18.0368 1800 usbuhci - ok
13:22:18.0384 1800 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:22:18.0431 1800 UxSms - ok
13:22:18.0446 1800 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:22:18.0462 1800 VaultSvc - ok
13:22:18.0477 1800 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:22:18.0477 1800 vdrvroot - ok
13:22:18.0509 1800 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:22:18.0555 1800 vds - ok
13:22:18.0571 1800 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:22:18.0587 1800 vga - ok
13:22:18.0587 1800 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:22:18.0618 1800 VgaSave - ok
13:22:18.0633 1800 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:22:18.0649 1800 vhdmp - ok
13:22:18.0665 1800 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:22:18.0680 1800 viaide - ok
13:22:18.0680 1800 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:22:18.0696 1800 volmgr - ok
13:22:18.0727 1800 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:22:18.0743 1800 volmgrx - ok
13:22:18.0743 1800 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:22:18.0758 1800 volsnap - ok
13:22:18.0774 1800 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:22:18.0789 1800 vsmraid - ok
13:22:18.0821 1800 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:22:18.0899 1800 VSS - ok
13:22:18.0914 1800 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:22:18.0930 1800 vwifibus - ok
13:22:18.0945 1800 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:22:18.0992 1800 W32Time - ok
13:22:18.0992 1800 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:22:19.0008 1800 WacomPen - ok
13:22:19.0023 1800 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:22:19.0101 1800 WANARP - ok
13:22:19.0117 1800 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:22:19.0148 1800 Wanarpv6 - ok
13:22:19.0164 1800 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:22:19.0211 1800 wbengine - ok
13:22:19.0226 1800 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:22:19.0242 1800 WbioSrvc - ok
13:22:19.0273 1800 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
13:22:19.0320 1800 WcesComm - ok
13:22:19.0335 1800 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:22:19.0382 1800 wcncsvc - ok
13:22:19.0398 1800 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:22:19.0429 1800 WcsPlugInService - ok
13:22:19.0429 1800 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:22:19.0445 1800 Wd - ok
13:22:19.0476 1800 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:22:19.0507 1800 Wdf01000 - ok
13:22:19.0523 1800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:22:19.0601 1800 WdiServiceHost - ok
13:22:19.0616 1800 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:22:19.0632 1800 WdiSystemHost - ok
13:22:19.0647 1800 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:22:19.0679 1800 WebClient - ok
13:22:19.0694 1800 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:22:19.0725 1800 Wecsvc - ok
13:22:19.0741 1800 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:22:19.0803 1800 wercplsupport - ok
13:22:19.0835 1800 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:22:19.0866 1800 WerSvc - ok
13:22:19.0881 1800 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:22:19.0913 1800 WfpLwf - ok
13:22:19.0913 1800 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:22:19.0928 1800 WIMMount - ok
13:22:19.0944 1800 WinDefend - ok
13:22:19.0959 1800 WinHttpAutoProxySvc - ok
13:22:19.0991 1800 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:22:20.0022 1800 Winmgmt - ok
13:22:20.0053 1800 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:22:20.0131 1800 WinRM - ok
13:22:20.0178 1800 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
13:22:20.0225 1800 WINUSB - ok
13:22:20.0256 1800 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:22:20.0287 1800 Wlansvc - ok
13:22:20.0303 1800 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:22:20.0318 1800 WmiAcpi - ok
13:22:20.0334 1800 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:22:20.0349 1800 wmiApSrv - ok
13:22:20.0365 1800 WMPNetworkSvc - ok
13:22:20.0381 1800 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:22:20.0412 1800 WPCSvc - ok
13:22:20.0443 1800 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:22:20.0459 1800 WPDBusEnum - ok
13:22:20.0474 1800 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:22:20.0505 1800 ws2ifsl - ok
13:22:20.0521 1800 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:22:20.0537 1800 wscsvc - ok
13:22:20.0552 1800 WSearch - ok
13:22:20.0615 1800 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:22:20.0677 1800 wuauserv - ok
13:22:20.0708 1800 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:22:20.0739 1800 WudfPf - ok
13:22:20.0755 1800 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:22:20.0771 1800 WUDFRd - ok
13:22:20.0802 1800 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:22:20.0833 1800 wudfsvc - ok
13:22:20.0833 1800 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:22:20.0880 1800 WwanSvc - ok
13:22:20.0880 1800 ================ Scan global ===============================
13:22:20.0895 1800 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:22:20.0927 1800 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:22:20.0942 1800 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
13:22:20.0973 1800 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:22:21.0036 1800 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:22:21.0036 1800 [Global] - ok
13:22:21.0036 1800 ================ Scan MBR ==================================
13:22:21.0051 1800 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:22:21.0285 1800 \Device\Harddisk0\DR0 - ok
13:22:21.0301 1800 [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk3\DR3
13:22:21.0410 1800 \Device\Harddisk3\DR3 - ok
13:22:21.0426 1800 ================ Scan VBR ==================================
13:22:21.0426 1800 [ 2B73B44CD2EF0D9B534DB59EDF0E41C7 ] \Device\Harddisk0\DR0\Partition1
13:22:21.0426 1800 \Device\Harddisk0\DR0\Partition1 - ok
13:22:21.0441 1800 [ 7BA49A53AF6E32A018F88DB9D68C939F ] \Device\Harddisk0\DR0\Partition2
13:22:21.0441 1800 \Device\Harddisk0\DR0\Partition2 - ok
13:22:21.0473 1800 [ BAE7E49302083615D6E0FC1B86EF61DE ] \Device\Harddisk0\DR0\Partition3
13:22:21.0473 1800 \Device\Harddisk0\DR0\Partition3 - ok
13:22:21.0473 1800 [ E895160F59C2995EEF7E71BE1B3E17C5 ] \Device\Harddisk3\DR3\Partition1
13:22:21.0473 1800 \Device\Harddisk3\DR3\Partition1 - ok
13:22:21.0488 1800 ============================================================
13:22:21.0488 1800 Scan finished
13:22:21.0488 1800 ============================================================
13:22:21.0504 4864 Detected object count: 4
13:22:21.0504 4864 Actual detected object count: 4
13:22:56.0448 4864 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:56.0448 4864 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:56.0448 4864 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:56.0448 4864 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:56.0448 4864 NalServ ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:56.0448 4864 NalServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:56.0448 4864 nlsX86cc ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:56.0448 4864 nlsX86cc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
18.12.2012, 13:53
| #8 | |
| /// Malware-holic | Ihavenet-Weiterleitung beim Firefox Aber ungefährlich :-) combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 15:03
| #9 |
| | Ihavenet-Weiterleitung beim Firefox Hi, Ich habe den Echtzeit-Scanner von AntiVir deaktiviert, ComboFix meldet aber, dass dieser noch aktiviert sei, und will mit dem Suchlauf fortfahren. Warum wird der noch als aktiviert erkannt? Soll ich OK klicken (also mit dem Suchlauf fortfahren)? LG gandalf OK, nach Neustart hats funktioniert. Hier das Logfile. Code:
ATTFilter ComboFix 12-12-17.02 - **** 18.12.2012 17:30:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6143.4667 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\Object
c:\program files (x86)\Object\config.ini
c:\program files (x86)\Object\status.txt
c:\program files (x86)\Object\status2.txt
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\cmvarntosekr.URL
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\evuxintosslzt.URL
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\krbqkntosignaup.URL
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\rdhhgntoslhmmlw.URL
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\sahdnntoswjkei.URL
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\tqmfkntosbefet.URL
c:\users\****\AppData\Roaming\.#
c:\users\****\AppData\Roaming\msupdate.log
c:\windows\Installer\$PatchCache$\Managed\3706342866B54DD48A51342744051302\15.1.0\distributor.ini2
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\wininit.ini
J:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-18 bis 2012-12-18 ))))))))))))))))))))))))))))))
.
.
2012-12-18 16:34 . 2012-12-18 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 08:09 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 08:16 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F71817DE-FC4C-46C1-B4F3-B693C247DB37}\mpengine.dll
2012-11-21 07:32 . 2012-11-21 07:32 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 22:36 . 2010-03-29 20:45 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-28 07:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:45 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-16 07:57 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 07:57 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 07:57 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 07:57 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 08:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-16 07:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 07:56 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 07:56 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 07:56 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 07:56 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 07:56 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 07:56 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 07:56 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 07:56 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 07:56 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 07:56 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-16 07:56 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-16 07:56 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 14:32 . 2012-06-26 08:27 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32 . 2010-04-20 06:15 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-07-31 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-04 181480]
"PDFHook"="c:\program files (x86)\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-12-23 795936]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 5\RegistryController.exe" [2008-12-23 58656]
"Nuance PDF Professional 5-reminder"="c:\program files (x86)\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2008-11-03 54560]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SDL Trados 2007 Speed Launcher.lnk - c:\program files (x86)\SDL International\SDL Trados Synergy 2007\Synergy.exe [2008-10-2 765952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-26 283200]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-06-29 135168]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-06-29 66560]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-12-23 144672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 19:49]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-13 19:49]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730396625-2597032382-1151066258-1001Core.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 12:23]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730396625-2597032382-1151066258-1001UA.job
- c:\users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 12:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://startsear.ch/?aff=1
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3300&r=17360310cn07973480l35nh881wl72
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit PDF Professional 5.2 öffnen - c:\program files (x86)\Nuance\PDF Professional 5\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Professional 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\blvd88po.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de&source=iglk
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: 2012-10-29 08:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
BHO-{70C6E9DE-F30E-4A40-8A6F-9572C2328320} - (no file)
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-18 17:40:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-18 16:40
.
Vor Suchlauf: 8 Verzeichnis(se), 433.823.330.304 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 433.656.459.264 Bytes frei
.
- - End Of File - - 8E743B6EA048A563700BF6B096DC4B54
 LG gandalf |
|
18.12.2012, 18:52
| #10 |
| /// Malware-holic | Ihavenet-Weiterleitung beim Firefox Hi sieht schon besser aus, aber da is noch adware. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2012, 22:53
| #11 |
| | Ihavenet-Weiterleitung beim Firefox Prima, ein Teilerfolg! Hier nun das Log vom Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 **** :: ****-PC [Administrator] 18.12.2012 20:33:35 mbam-log-2012-12-18 (20-33-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 471660 Laufzeit: 2 Stunde(n), 2 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=1) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Installation Files\Veetle TV\SoftonicDownloader_for_sopcast.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank und Guts Nächtle LG gandalf |
|
19.12.2012, 17:32
| #12 |
| /// Malware-holic | Ihavenet-Weiterleitung beim Firefox Hi finger weg von Softonic Lade Software nur beim Hersteller, instaliere sie immer benutzerdefiniert und lies genau, was dir angeboten wird. Der Software Dienst unseres Admins geht natürlich auch: FilePony.de lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 20:41
| #13 |
| | Ihavenet-Weiterleitung beim Firefox Hi, erstmal: Respekt vor deiner Mühe und deiner Arbeit. Hier die Liste der installierten Programme. Bei den ganzen ACER-Programmen bin ich mir nicht sicher, ob ich die überhaupt benötige (nur die Backup-Utility nutze ich ziemlich sicher nicht. Ich nutze dafür das Windows-eigene Backup-Tool). Außerdem bin ich mir bei manchen Microsoft/Windows- und Java-Einträgen nicht sicher, die meisten dürften aber wohl grundsätzlich erforderlich sein, damit andere Programme richtig funktionieren, nicht wahr? Code:
ATTFilter 7-Zip 4.65 01.04.2010 - notwendig AAVUpdateManager Wolters Kluwer Deutschland GmbH 10.02.2012 32,0MB 18.00.0000 - notwendig (gehört zu Steuer-Spar-Erklärung) Acer Arcade Deluxe CyberLink Corp. 07.07.2009 96,4MB 3.1.6731 - unbekannt Acer Backup Manager NewTech Infosystems 14.08.2009 226MB 2.0.2.19 - unnötig Acer eRecovery Management Acer Incorporated 07.07.2009 4.05.3003 - unbekannt Acer Registration Acer Incorporated 07.07.2009 1.02.3004 - unbekannt Acer ScreenSaver Acer Incorporated 07.07.2009 1.2.0812 - unbekannt Acer Updater Acer Incorporated 14.08.2009 1.01.3014 - unbekannt Acrobat.com Adobe Systems Incorporated 14.08.2009 1,60MB 1.6.65 - notwendig Adobe AIR Adobe Systems Inc. 14.08.2009 1.5.0.7220 - notwendig Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 07.07.2009 10.0.22.87 - notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 26.08.2011 6,00MB 10.3.183.7 - notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 24.08.2012 121MB 10.1.4 - notwendig AMP WinOFF 11.05.2011 - unbekannt Apple Application Support Apple Inc. 14.11.2012 65,0MB 2.3 - notwendig Apple Software Update Apple Inc. 14.04.2012 2,38MB 2.1.3.127 - notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 07.07.2009 18,2MB 3.0.732.0 - unbekannt AudibleManager Audible, Inc. 15.06.2012 2007776494.48.56.2755818 - notwendig Avira Free Antivirus Avira 15.11.2012 104MB 12.1.9.1236 - notwendig Brother MFL-Pro Suite MFC-7820N Brother Industries, Ltd. 08.05.2011 1.0.1.0 - notwendig CCleaner Piriform 25.11.2012 3.25 - notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 12.12.2012 215MB 12.0.6612.1000 - notwendig ConvertHelper 2.2 DownloadHelper 13.07.2011 - notwendig Copernic Desktop Search - Home Copernic Inc. 29.07.2010 - notwendig DAEMON Tools Lite DT Soft Ltd 26.06.2012 4.45.4.0314 - notwendig Dropbox Dropbox, Inc. 03.10.2012 1.4.17 - notwendig FTP Commander 01.04.2010 - notwendig Google Chrome Google Inc. 30.09.2011 23.0.1271.97 - notwendig Google Earth Google 12.11.2011 92,7MB 6.1.0.5001 - notwendig Hotkey Utility Acer Incorporated 07.07.2009 1.00.3004 - unnötig Identity Card Acer Incorporated 07.07.2009 1.00.3001 - unnötig IDW Prüfungsstandards 24.08.2010 - notwendig InfoBibliothek 2 Akademische Arbeitsgemeinschaft Verlag Wolters Kluwer GmbH 10.02.2012 25,6MB 1.08.03.01 - notwendig Java(TM) 6 Update 14 Sun Microsystems, Inc. 01.04.2010 97,4MB 6.0.140- unbekannt Java(TM) 6 Update 24 Oracle 24.08.2012 96,9MB 6.0.240 - unbekannt Java(TM) 6 Update 37 Oracle 26.06.2012 95,6MB 6.0.370 - unbekannt Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 18.12.2012 19,4MB 1.65.1.1000 - notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319 - notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 24.08.2012 51,9MB 4.0.30319 - notwendig Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 15.12.2011 36,3MB 12.0.4518.1014 - notwendig Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003 - notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 508KB 2.0.4024.1 - notwendig Microsoft Office Standard 2007 Microsoft Corporation 07.03.2012 12.0.6612.1000 - notwendig Microsoft Silverlight Microsoft Corporation 10.05.2012 226MB 4.1.10329.0 - unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 07.07.2009 1,72MB 3.1.0000 - notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 - unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.06.2012 298KB 8.0.61001 - unbekannt Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 28.06.2012 2,64MB 8.0.51011 - unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 598KB 9.0.30729.5570 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 01.04.2010 244KB 9.0.30729 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.03.2010 596KB 9.0.30729.4148 - unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 - unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 12,2MB 10.0.40219 - unbekannt Microsoft WSE 2.0 SP3 Runtime Microsoft Corp. 24.08.2012 711KB 2.0.5050.0 - unbekannt Microsoft-Maus- und Tastatur-Center Microsoft Corporation 24.08.2012 1.1.500.0 - notwendig MozBackup 1.5.1 Pavel Cvrcek 27.03.2012 - notwendig Mozilla Firefox 17.0.1 (x86 de) Mozilla 06.12.2012 47,2MB 17.0.1- notwendig Mozilla Maintenance Service Mozilla 06.12.2012 329KB 17.0.1 - unbekannt Mozilla Thunderbird 17.0 (x86 de) Mozilla 21.11.2012 43,3MB 17.0 - notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 30.03.2010 1,27MB 4.20.9870.0 - notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 30.03.2010 1,33MB 4.20.9876.0 - notwendig MSXML 4.0 SP2 Parser and SDK Microsoft Corporation 01.04.2010 36,0KB 4.20.9818.0 - notwendig MyWinLocker Egis Technology Inc. 14.08.2009 47,9MB 3.1.72.0 - unbekannt Nero 9 Essentials Nero AG 26.06.2012 - notwendig Nero 9 Lite Nero AG 26.06.2012 - notwendig Nuance PDF Professional 5 Nuance Communications, Inc 01.04.2010 265MB 5.20.6400 - notwendig NVIDIA Drivers NVIDIA Corporation 24.08.2012 1.3 - notwendig NVIDIA ForceWare Network Access Manager 07.07.2009 - notwendig Open XML SDK 2.0 for Microsoft Office Microsoft Corporation 05.01.2011 19,1MB 2.0.5022 - notwendig Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 Orban, Inc. 18.06.2012 1,74MB - notwendig PractiCount and Invoice 3.1 (Standard) Practiline Software 16.04.2010 12,6MB 3.1 - notwendig QuickTime Apple Inc. 14.11.2012 72,2MB 7.73.80.64 - notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.08.2009 6.0.1.5898 - notwendig SDL MultiTerm 2011 SP2 - Remove suite of products SDL 24.08.2012 9.2.361 - notwendig SDL MultiTerm 2011 SP2 Convert SDL 24.08.2012 33,9MB 9.2.361 - notwendig SDL MultiTerm 2011 SP2 Core SDL 24.08.2012 223MB 9.2.361 - notwendig SDL MultiTerm 2011 SP2 Desktop SDL 24.08.2012 32,0MB 9.2.361 - notwendig SDL MultiTerm 2011 SP2 Word Integration SDL 24.08.2012 821KB 9.2.361 - notwendig SDL Passolo Essential 2011 SP6 SDL 24.08.2012 41,1MB 11.6.0.0 - notwendig SDL Trados 2007 Freelance SDL International 07.06.2010 186MB 8.3.863 - notwendig SDL Trados 2011 SP2 - Remove suite of products SDL 24.08.2012 2.2.3001 - notwendig SDL Trados Studio 2011 SP2 SDL 24.08.2012 921MB 2.2.3001 - notwendig SDL Trados Synergy 2007 SDL International 01.04.2010 42,3MB 2.3.161.0 - notwendig SDL XLIFF Converter for Microsoft Office SDL 05.01.2011 183KB 1.0.0 - notwendig SDLX 07.06.2010 9.3.7080 - notwendig Spybot - Search & Destroy Safer Networking Limited 30.03.2010 1.6.2 - notwendig Steuer-Spar-Erklärung 2009 Akademische Arbeitsgemeinschaft Verlag 02.03.2011 265MB 14.01.0000 - notwendig Steuer-Spar-Erklärung Plus 2010 Akademische Arbeitsgemeinschaft Verlag 30.05.2012 363MB 15.15 - notwendig Steuer-Spar-Erklärung Plus 2011 Akademische Arbeitsgemeinschaft Verlag 20.05.2012 384MB 16.16 - notwendig Steuer-Spar-Erklärung Plus 2012 Wolters Kluwer Deutschland GmbH 20.05.2012 351MB 17.11 - notwendig SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 eRightSoft 19.06.2012 52,5MB v2012.build.51 - notwendig Welcome Center Acer Incorporated 07.07.2009 1.00.3006 - unbekannt Windows Live Anmelde-Assistent Microsoft Corporation 07.07.2009 1,93MB 5.000.818.5 - unbekannt Windows Live Essentials Microsoft Corporation 11.08.2010 14.0.8117.0416 - unbekannt Windows Live Sync Microsoft Corporation 11.08.2010 2,79MB 14.0.8117.416 - unbekannt Windows Live-Uploadtool Microsoft Corporation 07.07.2009 224KB 14.0.8014.1029 - unbekannt Windows Media Player Firefox Plugin Microsoft Corp 09.08.2010 296KB 1.0.0.8 - notwendig Windows Mobile-Gerätecenter Microsoft Corporation 09.05.2010 27,4MB 6.1.6965.0 - notwendig LG gandalf |
|
19.12.2012, 20:46
| #14 |
| /// Malware-holic | Ihavenet-Weiterleitung beim Firefox deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AMP WinOFF Hotkey Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Spybot : kann man drauf verzichten, scanne, nach Update, von Zeit zu Zeit mit Malwarebytes. Windows Live : alle für dich Unnötigen. Öffne CCleaner, analysieren, starten, Pc neustarten. Helfe gern, also kein Prob Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.12.2012, 21:16
| #15 |
| | Ihavenet-Weiterleitung beim Firefox Hallo markus, hat ein bisschen länger gedauert heute, ich hab heute Geburtstag :-). Ich hab soweit alles deinstalliert bzw. neu installiert. Hier das Log von AdwCleaner, da gibt's scheinbar noch ein bisschen was. Code:
ATTFilter # AdwCleaner v2.101 - Datei am 20/12/2012 um 21:13:31 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Installation Files\AdwCleaner\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
Datei Gefunden : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\blvd88po.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\blvd88po.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\blvd88po.default\searchplugins\Startsear.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\****\AppData\Local\Conduit
Ordner Gefunden : C:\Users\****\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\****\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\****\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\****\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-2730396625-2597032382-1151066258-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKU\S-1-5-21-2730396625-2597032382-1151066258-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\blvd88po.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.47] : keyword = "startsear.ch",
Gefunden [l.50] : search_url = "hxxp://startsear.ch/?aff=1&src=sp&cf=b11c77d0-000c-11e1-af0b-00262d110c1d&q={searchTerms}",
*************************
AdwCleaner[R1].txt - [4402 octets] - [20/12/2012 21:13:31]
########## EOF - C:\AdwCleaner[R1].txt - [4462 octets] ##########
|
|
| Themen zu Ihavenet-Weiterleitung beim Firefox |
| 7-zip, antivir, autorun, avira, bho, converter, desktop, excel, fehler, firefox, flash player, format, ftp, home, hängen, install.exe, installation, logfile, microsoft office 2003, mozilla, mywinlocker, object, office 2007, plug-in, realtek, registry, richtlinie, rundll, safer networking, scan, software, super, svchost.exe, t-mobile, windows |
Linear-Darstellung
