| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner im Namen der GVUWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.12.2012, 16:51
| #1 |
 |  BKA-Trojaner im Namen der GVU Der Trojaner sperrte meinen Computer und teilte mir mit, ich solle 100€ zahlen. Nach Neustart und Recherche auf chip.de konnte ich den PC durch eine Systemwiederherstellung im abgesicherten Modus mit Eingabeaufforderung durch "rstrui.exe" wieder entsperren. Mit Malwarebytes-Antimalware wurde der Trojaner wie oben empfohlen aufgefunden und entfernt. Alles funktioniert wieder normal, nun muss ich meinen PC noch sauber kriegen! Hier der Text der Malwarebytes Software: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.18.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Gerit :: JENS-PETER-PC [Administrator] 18.12.2012 15:29:22 mbam-log-2012-12-18 (15-29-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224431 Laufzeit: 9 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Gerit\AppData\Local\Temp\!d5939.tmp (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Nun bin ich um jede weitere Hilfe dankbar! |
|
18.12.2012, 16:54
| #2 |
| /// Malware-holic   | BKA-Trojaner im Namen der GVU Hi,
__________________ich kann nur immer davon abraten, diesen Quatsch mit der Systemwiederherstellung zu machen. Die GVU Ransomware muss nicht allein daher kommen, und mit solchen "Tipps" kann man sich dann das System zerschießen. Selbst wenn es klappt, das verschwinden von Symptomen heißt nie, dass der PC sauber sein muss. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
18.12.2012, 18:11
| #3 |
| | BKA-Trojaner im Namen der GVU Also jetzt habe ich etwas falsch gemacht, zuerst habe ich die Anleitung von Oldtimer befolgt, wie ich den OTL anwenden soll, da kamen beide OTL-Textfelder raus, aber dann habe ich gesehen, dass ich den Text von dir aus obiger Box in die Textbox dort einfügen soll und Quickscan drücken soll, was ich dann auch noch gemacht habe. Heraus kam dann nur noch ein Textfeld von OTL-Editor, soll ich das auch hier einfügen?
__________________Oder vielleicht einfach nochmal von vorne anfangen? DANKE für die Hilfe, ich bin hier nur ein absolutes Fragezeichen... |
|
18.12.2012, 18:28
| #4 |
| /// Malware-holic | BKA-Trojaner im Namen der GVU Hi dann poste OTL.Txt nach den von mir vorgegebenen Angaben.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2012, 09:09
| #5 |
| | BKA-Trojaner im Namen der GVU OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2012 08:56:33 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gerit\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,32% Memory free
4,21 Gb Paging File | 2,96 Gb Available in Paging File | 70,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,66 Gb Total Space | 48,54 Gb Free Space | 35,26% Space Free | Partition Type: NTFS
Drive D: | 11,38 Gb Total Space | 1,88 Gb Free Space | 16,52% Space Free | Partition Type: NTFS
Computer Name: JENS-PETER-PC | User Name: Gerit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gerit\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Gerit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\Hp\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\Hp\Digital Imaging\bin\crm\xmlparse.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PDF Architect Helper Service) -- C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MZCCntrl) -- C:\Programme\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (MACNDIS5) -- C:\Programme\Common Files\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = {9EAA0772-3B5B-48ED-9DE7-A223C351109E}
IE - HKLM\..\SearchScopes\{6FBE52D7-3A16-453C-BB1E-F89FC601D171}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{9EAA0772-3B5B-48ED-9DE7-A223C351109E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail-Adresse kostenlos, FreeMail, Nachrichten & Services
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{074D429D-48D8-4855-A957-3E17535A8F72}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{36FAA826-7D1A-475B-BB26-89F9A927D6AC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{44D72EB8-F567-433B-B4BD-C65749C10AA7}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{466ED6C7-0B86-4BD5-847D-D07291E2854F}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{62C51CCC-1DF5-47A1-8742-9D6966CC5A14}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{8DF2FBBE-7C0F-4C26-92D5-B6000DAF389A}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={A24094B5-A1B0-47C3-9E45-CF8D4D02A84B}&mid=f8c8a080f1a647d0a870d1527e0a29bd-eef1e9a08c32c63bed5f378262f86c41a1fcbdc7&lang=de&ds=od011&pr=sa&d=2012-06-26 16:32:31&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{96FB9454-EF58-4F36-AF47-8B03039E349D}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{B98F0E18-5FBD-4018-9429-0018CADBF555}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{F3C4B4B2-B0EF-410A-AB63-F1DE57E6910B}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.11.23 15:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.17 13:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 05:47:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.30 13:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.06.15 06:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerit\AppData\Roaming\mozilla\Extensions
[2012.11.21 09:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerit\AppData\Roaming\mozilla\Firefox\Profiles\u97u2fxu.default\extensions
[2012.11.21 09:45:37 | 000,500,206 | ---- | M] () (No name found) -- C:\Users\Gerit\AppData\Roaming\mozilla\firefox\profiles\u97u2fxu.default\extensions\toolbar@gmx.net.xpi
[2012.11.23 15:12:39 | 000,002,615 | ---- | M] () -- C:\Users\Gerit\AppData\Roaming\mozilla\firefox\profiles\u97u2fxu.default\searchplugins\Web Search.xml
[2012.05.25 14:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.17 13:54:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 15:32:21 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.04 16:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://isearch.avg.com/?cid={A24094B5-A1B0-47C3-9E45-CF8D4D02A84B}&mid=f8c8a080f1a647d0a870d1527e0a29bd-eef1e9a08c32c63bed5f378262f86c41a1fcbdc7&lang=de&ds=od011&pr=sa&d=2012-06-26 16:32:31&v=11.1.0.7&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://isearch.avg.com/?cid={A24094B5-A1B0-47C3-9E45-CF8D4D02A84B}&mid=f8c8a080f1a647d0a870d1527e0a29bd-eef1e9a08c32c63bed5f378262f86c41a1fcbdc7&lang=de&ds=od011&pr=sa&d=2012-06-26 16:32:31&v=11.1.0.7&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gerit\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-512599210-1453252507-485215167-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gerit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gerit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1F6831-0070-4B6F-8B78-28F5F72B9DA4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gerit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gerit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{d56f2fef-c0a7-11df-b604-001b38eec04e}\Shell - "" = AutoRun
O33 - MountPoints2\{d56f2fef-c0a7-11df-b604-001b38eec04e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.18 15:28:00 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Roaming\Malwarebytes
[2012.12.18 15:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.18 15:27:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.18 15:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.17 14:23:41 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Desktop\Poster
[2012.12.14 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Documents\Amazon MP3
[2012.12.12 15:20:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 15:20:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 15:20:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 15:20:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 15:20:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 15:20:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 15:20:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 15:20:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 15:18:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.12.12 15:18:08 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.12.12 15:18:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012.12.12 15:18:07 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.12.12 15:18:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.12.12 15:18:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.12.12 13:50:22 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 13:50:22 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 13:50:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012.12.12 13:50:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.12 13:50:08 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.12 13:50:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.02 11:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.01 12:42:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012.12.01 12:42:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.12.01 12:42:51 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.12.01 12:42:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.12.01 12:42:50 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.12.01 12:42:50 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.11.30 19:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.11.30 16:23:27 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012.11.30 16:23:26 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012.11.30 16:23:26 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012.11.30 16:21:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012.11.30 16:21:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012.11.30 16:21:44 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012.11.30 16:21:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012.11.30 16:21:42 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012.11.30 16:21:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012.11.30 16:21:42 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012.11.30 16:21:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012.11.30 16:21:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012.11.30 16:21:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012.11.30 16:21:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012.11.30 16:21:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012.11.30 16:03:25 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.11.30 16:03:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.11.30 16:03:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.11.30 16:03:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.11.30 16:03:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.11.30 16:03:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.11.30 16:03:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.11.30 16:03:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.11.30 16:03:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.11.30 16:03:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.11.30 16:03:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.11.30 16:03:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.11.30 16:03:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.11.30 16:03:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.11.30 16:03:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.11.30 16:03:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.11.30 16:03:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.11.30 16:03:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.11.30 16:03:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.11.30 16:03:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.11.30 16:03:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.11.30 16:03:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.11.30 16:03:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.11.30 16:03:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.11.30 16:03:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.11.30 16:03:22 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.11.30 16:03:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.11.30 16:03:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.11.30 16:03:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.11.30 16:02:01 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012.11.30 16:01:59 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.11.30 16:01:59 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012.11.30 16:01:59 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012.11.30 16:01:59 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.11.30 16:01:59 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012.11.30 16:01:59 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012.11.30 16:01:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.11.30 16:01:56 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012.11.30 16:01:56 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.11.30 16:01:56 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012.11.30 16:01:55 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.11.30 16:01:55 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.11.30 16:01:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012.11.30 16:01:55 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.11.30 16:01:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.11.30 16:01:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012.11.30 16:01:00 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012.11.30 16:01:00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012.11.30 16:01:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012.11.30 16:00:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012.11.30 16:00:59 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012.11.30 16:00:59 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012.11.30 15:31:11 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Documents\Doktorarbeit
[2012.11.30 15:09:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.11.30 15:09:14 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.11.30 15:09:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012.11.30 15:09:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012.11.30 15:09:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.11.30 15:08:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.30 15:08:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.11.30 15:08:13 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012.11.30 15:08:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.11.30 15:07:59 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.11.30 15:07:08 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012.11.30 15:07:07 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.11.30 15:07:07 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.11.30 15:06:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012.11.30 15:06:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012.11.30 15:05:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.11.30 15:04:57 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012.11.30 15:04:50 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.11.30 15:04:50 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.11.30 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\Gerit\.clipbak
[2012.11.30 14:42:35 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.11.30 14:26:17 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.11.30 14:26:16 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.11.30 14:25:26 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.11.30 14:25:26 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.11.30 14:25:26 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.11.30 14:25:00 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.11.30 14:25:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.11.30 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Roaming\Thunderbird
[2012.11.30 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Local\Thunderbird
[2012.11.30 13:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.11.29 19:32:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.11.29 19:32:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.11.29 19:32:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.11.29 19:02:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.11.23 15:13:31 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Roaming\PDF Software
[2012.11.23 15:13:13 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Documents\PDF Architect Files
[2012.11.23 15:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2012.11.23 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
[2012.11.23 15:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.23 15:11:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012.11.23 15:11:27 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.11.23 15:11:27 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.23 15:11:24 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.11.23 15:11:24 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.11.23 15:11:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.11.23 15:11:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.06.03 14:39:47 | 080,869,160 | ---- | C] (Apple Inc.) -- C:\Users\Gerit\iTunesSetup.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.19 08:47:22 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.12.19 08:46:46 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.12.19 08:46:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.19 08:46:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 08:46:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 08:46:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.19 08:46:19 | 2134,949,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.18 17:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 17:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.18 15:03:36 | 000,005,648 | ---- | M] () -- C:\Users\Gerit\AppData\Local\d3d9caps.dat
[2012.12.18 14:47:04 | 095,023,320 | ---- | M] () -- C:\ProgramData\9395d!.pad
[2012.12.17 13:54:01 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.17 13:54:00 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.17 13:54:00 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.17 13:54:00 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.13 13:22:05 | 000,303,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.12 14:26:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 14:26:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.02 11:06:14 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.30 18:55:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.11.30 18:54:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.11.30 16:03:37 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.11.30 16:03:37 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.11.30 16:03:25 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.11.30 16:03:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.11.30 16:03:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.11.30 16:03:24 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.11.30 16:03:24 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.11.30 16:03:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.11.30 16:03:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.11.30 16:03:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.11.30 16:03:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.11.30 16:03:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.11.30 16:03:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.11.30 16:03:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.11.30 16:03:23 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.11.30 16:03:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.11.30 16:03:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.11.30 16:03:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.11.30 16:03:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.11.30 16:03:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.11.30 16:03:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.11.30 16:03:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.11.30 16:03:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.11.30 16:03:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.11.30 16:03:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.11.30 16:03:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.11.30 16:03:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.11.30 16:03:22 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.11.30 16:03:22 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.11.30 16:03:21 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.11.30 16:03:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.11.30 16:03:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.11.30 16:02:01 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012.11.30 16:01:59 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.11.30 16:01:59 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012.11.30 16:01:59 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012.11.30 16:01:59 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.11.30 16:01:59 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012.11.30 16:01:59 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012.11.30 16:01:57 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.11.30 16:01:56 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012.11.30 16:01:56 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.11.30 16:01:56 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012.11.30 16:01:55 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.11.30 16:01:55 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.11.30 16:01:55 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012.11.30 16:01:55 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.11.30 16:01:55 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.11.30 16:01:55 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012.11.30 16:01:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui
[2012.11.30 16:01:00 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012.11.30 16:01:00 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012.11.30 16:01:00 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012.11.30 16:00:59 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012.11.30 16:00:59 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012.11.30 16:00:59 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012.11.30 15:11:33 | 000,001,610 | ---- | M] () -- C:\Users\Gerit\clipdat2.rdf
[2012.11.30 13:56:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.23 15:13:51 | 000,000,802 | ---- | M] () -- C:\Users\Gerit\Desktop\PDF Architect.lnk
[2012.11.23 15:11:32 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.12.18 14:59:52 | 2134,949,888 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.18 13:39:43 | 095,023,320 | ---- | C] () -- C:\ProgramData\9395d!.pad
[2012.12.12 15:18:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.12 15:18:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.02 11:06:14 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.30 18:55:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.11.30 18:54:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.11.30 16:03:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.11.30 15:10:28 | 000,001,610 | ---- | C] () -- C:\Users\Gerit\clipdat2.rdf
[2012.11.30 13:56:18 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.11.30 13:56:18 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.23 15:13:51 | 000,000,802 | ---- | C] () -- C:\Users\Gerit\Desktop\PDF Architect.lnk
[2012.11.23 15:11:32 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.21 17:29:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.05.21 12:18:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.05.21 12:18:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.02 16:02:04 | 002,106,381 | ---- | C] () -- C:\Users\Gerit\DSCN0139.JPG
[2011.01.19 09:19:16 | 000,001,940 | ---- | C] () -- C:\Users\Gerit\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.09.15 12:53:08 | 000,034,304 | ---- | C] () -- C:\Users\Gerit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.18 18:40:53 | 000,005,648 | ---- | C] () -- C:\Users\Gerit\AppData\Local\d3d9caps.dat
[2010.02.03 18:12:18 | 000,000,488 | ---- | C] () -- C:\Users\Gerit\AppData\Roaming\wklnhst.dat
[2010.02.02 20:20:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.04 12:01:38 | 000,000,093 | ---- | C] () -- C:\Users\Gerit\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.02.14 19:32:15 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Amazon
[2012.12.19 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Dropbox
[2011.09.11 11:04:55 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\EndNote
[2012.05.17 15:10:00 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\GraphPad Software
[2010.07.20 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Nokia
[2012.11.23 15:11:24 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\OpenCandy
[2010.07.20 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\PC Suite
[2012.11.23 15:17:20 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\PDF Software
[2012.11.23 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\pdfforge
[2010.01.04 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\T-Online
[2010.02.03 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Template
[2012.11.30 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Thunderbird
[2010.07.27 15:02:40 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Tific
[2011.03.28 17:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\WordToPDF
========== Purity Check ==========
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2012 08:56:33 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gerit\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,32% Memory free
4,21 Gb Paging File | 2,96 Gb Available in Paging File | 70,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,66 Gb Total Space | 48,54 Gb Free Space | 35,26% Space Free | Partition Type: NTFS
Drive D: | 11,38 Gb Total Space | 1,88 Gb Free Space | 16,52% Space Free | Partition Type: NTFS
Computer Name: JENS-PETER-PC | User Name: Gerit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gerit\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe (Adobe Systems, Inc.)
PRC - C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Gerit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\Hp\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\Hp\Digital Imaging\bin\crm\xmlparse.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PDF Architect Helper Service) -- C:\Programme\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Programme\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Com4Qlb) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MZCCntrl) -- C:\Programme\Common Files\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (MACNDIS5) -- C:\Programme\Common Files\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {9EAA0772-3B5B-48ED-9DE7-A223C351109E}
IE - HKLM\..\SearchScopes\{6FBE52D7-3A16-453C-BB1E-F89FC601D171}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{9EAA0772-3B5B-48ED-9DE7-A223C351109E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail-Adresse kostenlos, FreeMail, Nachrichten & Services
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{074D429D-48D8-4855-A957-3E17535A8F72}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{36FAA826-7D1A-475B-BB26-89F9A927D6AC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{44D72EB8-F567-433B-B4BD-C65749C10AA7}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{466ED6C7-0B86-4BD5-847D-D07291E2854F}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{62C51CCC-1DF5-47A1-8742-9D6966CC5A14}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{8DF2FBBE-7C0F-4C26-92D5-B6000DAF389A}: "URL" = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={A24094B5-A1B0-47C3-9E45-CF8D4D02A84B}&mid=f8c8a080f1a647d0a870d1527e0a29bd-eef1e9a08c32c63bed5f378262f86c41a1fcbdc7&lang=de&ds=od011&pr=sa&d=2012-06-26 16:32:31&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{96FB9454-EF58-4F36-AF47-8B03039E349D}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{B98F0E18-5FBD-4018-9429-0018CADBF555}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..\SearchScopes\{F3C4B4B2-B0EF-410A-AB63-F1DE57E6910B}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-512599210-1453252507-485215167-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.11.23 15:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.17 13:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.17 05:47:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.30 13:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.06.15 06:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerit\AppData\Roaming\mozilla\Extensions
[2012.11.21 09:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerit\AppData\Roaming\mozilla\Firefox\Profiles\u97u2fxu.default\extensions
[2012.11.21 09:45:37 | 000,500,206 | ---- | M] () (No name found) -- C:\Users\Gerit\AppData\Roaming\mozilla\firefox\profiles\u97u2fxu.default\extensions\toolbar@gmx.net.xpi
[2012.11.23 15:12:39 | 000,002,615 | ---- | M] () -- C:\Users\Gerit\AppData\Roaming\mozilla\firefox\profiles\u97u2fxu.default\searchplugins\Web Search.xml
[2012.05.25 14:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.17 13:54:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.26 15:32:21 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.04 16:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://isearch.avg.com/?cid={A24094B5-A1B0-47C3-9E45-CF8D4D02A84B}&mid=f8c8a080f1a647d0a870d1527e0a29bd-eef1e9a08c32c63bed5f378262f86c41a1fcbdc7&lang=de&ds=od011&pr=sa&d=2012-06-26 16:32:31&v=11.1.0.7&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://isearch.avg.com/?cid={A24094B5-A1B0-47C3-9E45-CF8D4D02A84B}&mid=f8c8a080f1a647d0a870d1527e0a29bd-eef1e9a08c32c63bed5f378262f86c41a1fcbdc7&lang=de&ds=od011&pr=sa&d=2012-06-26 16:32:31&v=11.1.0.7&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gerit\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U18 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-512599210-1453252507-485215167-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Gerit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gerit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-512599210-1453252507-485215167-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE1F6831-0070-4B6F-8B78-28F5F72B9DA4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gerit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gerit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{d56f2fef-c0a7-11df-b604-001b38eec04e}\Shell - "" = AutoRun
O33 - MountPoints2\{d56f2fef-c0a7-11df-b604-001b38eec04e}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.18 15:28:00 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Roaming\Malwarebytes
[2012.12.18 15:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.18 15:27:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.18 15:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.17 14:23:41 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Desktop\Poster
[2012.12.14 15:45:40 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Documents\Amazon MP3
[2012.12.12 15:20:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 15:20:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 15:20:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 15:20:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 15:20:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 15:20:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 15:20:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 15:20:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 15:18:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.12.12 15:18:08 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.12.12 15:18:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012.12.12 15:18:07 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.12.12 15:18:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.12.12 15:18:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.12.12 13:50:22 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 13:50:22 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 13:50:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012.12.12 13:50:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.12 13:50:08 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.12 13:50:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.02 11:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.12.01 12:42:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012.12.01 12:42:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.12.01 12:42:51 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.12.01 12:42:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.12.01 12:42:50 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.12.01 12:42:50 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.11.30 19:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.11.30 16:23:27 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012.11.30 16:23:26 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012.11.30 16:23:26 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012.11.30 16:21:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012.11.30 16:21:46 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012.11.30 16:21:44 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012.11.30 16:21:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012.11.30 16:21:42 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012.11.30 16:21:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012.11.30 16:21:42 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012.11.30 16:21:42 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012.11.30 16:21:42 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012.11.30 16:21:42 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012.11.30 16:21:42 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012.11.30 16:21:42 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012.11.30 16:03:25 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.11.30 16:03:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.11.30 16:03:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.11.30 16:03:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.11.30 16:03:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.11.30 16:03:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.11.30 16:03:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.11.30 16:03:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.11.30 16:03:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.11.30 16:03:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.11.30 16:03:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.11.30 16:03:23 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.11.30 16:03:23 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.11.30 16:03:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.11.30 16:03:23 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.11.30 16:03:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.11.30 16:03:23 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.11.30 16:03:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.11.30 16:03:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.11.30 16:03:22 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.11.30 16:03:22 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.11.30 16:03:22 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.11.30 16:03:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.11.30 16:03:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.11.30 16:03:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.11.30 16:03:22 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.11.30 16:03:21 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.11.30 16:03:21 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.11.30 16:03:21 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.11.30 16:02:01 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012.11.30 16:01:59 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.11.30 16:01:59 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012.11.30 16:01:59 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012.11.30 16:01:59 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.11.30 16:01:59 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012.11.30 16:01:59 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012.11.30 16:01:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.11.30 16:01:56 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012.11.30 16:01:56 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.11.30 16:01:56 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012.11.30 16:01:55 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.11.30 16:01:55 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.11.30 16:01:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012.11.30 16:01:55 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.11.30 16:01:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.11.30 16:01:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012.11.30 16:01:00 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012.11.30 16:01:00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012.11.30 16:01:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012.11.30 16:00:59 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012.11.30 16:00:59 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012.11.30 16:00:59 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012.11.30 15:31:11 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Documents\Doktorarbeit
[2012.11.30 15:09:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012.11.30 15:09:14 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012.11.30 15:09:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012.11.30 15:09:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012.11.30 15:09:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.11.30 15:08:37 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.30 15:08:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012.11.30 15:08:13 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012.11.30 15:08:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.11.30 15:07:59 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.11.30 15:07:08 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012.11.30 15:07:07 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.11.30 15:07:07 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.11.30 15:06:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012.11.30 15:06:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012.11.30 15:05:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.11.30 15:04:57 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012.11.30 15:04:50 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.11.30 15:04:50 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.11.30 14:55:43 | 000,000,000 | ---D | C] -- C:\Users\Gerit\.clipbak
[2012.11.30 14:42:35 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.11.30 14:26:17 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.11.30 14:26:16 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.11.30 14:25:26 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.11.30 14:25:26 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.11.30 14:25:26 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.11.30 14:25:00 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.11.30 14:25:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.11.30 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Roaming\Thunderbird
[2012.11.30 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Local\Thunderbird
[2012.11.30 13:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.11.29 19:32:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012.11.29 19:32:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012.11.29 19:32:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012.11.29 19:02:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.11.23 15:13:31 | 000,000,000 | ---D | C] -- C:\Users\Gerit\AppData\Roaming\PDF Software
[2012.11.23 15:13:13 | 000,000,000 | ---D | C] -- C:\Users\Gerit\Documents\PDF Architect Files
[2012.11.23 15:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2012.11.23 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
[2012.11.23 15:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.23 15:11:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012.11.23 15:11:27 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.11.23 15:11:27 | 000,088,576 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.23 15:11:24 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.11.23 15:11:24 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2012.11.23 15:11:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.11.23 15:11:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.06.03 14:39:47 | 080,869,160 | ---- | C] (Apple Inc.) -- C:\Users\Gerit\iTunesSetup.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.12.19 08:47:22 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.12.19 08:46:46 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.12.19 08:46:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.19 08:46:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 08:46:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 08:46:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.19 08:46:19 | 2134,949,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.18 17:41:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 17:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.18 15:03:36 | 000,005,648 | ---- | M] () -- C:\Users\Gerit\AppData\Local\d3d9caps.dat
[2012.12.18 14:47:04 | 095,023,320 | ---- | M] () -- C:\ProgramData\9395d!.pad
[2012.12.17 13:54:01 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.17 13:54:00 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.17 13:54:00 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.17 13:54:00 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.13 13:22:05 | 000,303,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.12 14:26:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 14:26:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.02 11:06:14 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.30 18:55:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.11.30 18:54:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.11.30 16:03:37 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.11.30 16:03:37 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.11.30 16:03:25 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012.11.30 16:03:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012.11.30 16:03:24 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.11.30 16:03:24 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012.11.30 16:03:24 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.11.30 16:03:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012.11.30 16:03:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012.11.30 16:03:24 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012.11.30 16:03:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012.11.30 16:03:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012.11.30 16:03:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012.11.30 16:03:23 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.11.30 16:03:23 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012.11.30 16:03:23 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012.11.30 16:03:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012.11.30 16:03:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.11.30 16:03:23 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.11.30 16:03:23 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.11.30 16:03:23 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.11.30 16:03:23 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.11.30 16:03:22 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012.11.30 16:03:22 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012.11.30 16:03:22 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.11.30 16:03:22 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012.11.30 16:03:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012.11.30 16:03:22 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.11.30 16:03:22 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012.11.30 16:03:21 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012.11.30 16:03:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012.11.30 16:03:21 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.11.30 16:02:01 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012.11.30 16:01:59 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012.11.30 16:01:59 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012.11.30 16:01:59 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012.11.30 16:01:59 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012.11.30 16:01:59 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012.11.30 16:01:59 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012.11.30 16:01:57 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012.11.30 16:01:56 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012.11.30 16:01:56 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012.11.30 16:01:56 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012.11.30 16:01:55 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012.11.30 16:01:55 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012.11.30 16:01:55 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012.11.30 16:01:55 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012.11.30 16:01:55 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012.11.30 16:01:55 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012.11.30 16:01:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui
[2012.11.30 16:01:00 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012.11.30 16:01:00 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012.11.30 16:01:00 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012.11.30 16:00:59 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012.11.30 16:00:59 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012.11.30 16:00:59 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012.11.30 15:11:33 | 000,001,610 | ---- | M] () -- C:\Users\Gerit\clipdat2.rdf
[2012.11.30 13:56:18 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.23 15:13:51 | 000,000,802 | ---- | M] () -- C:\Users\Gerit\Desktop\PDF Architect.lnk
[2012.11.23 15:11:32 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.12.18 14:59:52 | 2134,949,888 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.18 13:39:43 | 095,023,320 | ---- | C] () -- C:\ProgramData\9395d!.pad
[2012.12.12 15:18:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.12 15:18:26 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.02 11:06:14 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.30 18:55:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012.11.30 18:54:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.11.30 16:03:23 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.11.30 15:10:28 | 000,001,610 | ---- | C] () -- C:\Users\Gerit\clipdat2.rdf
[2012.11.30 13:56:18 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.11.30 13:56:18 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.11.23 15:13:51 | 000,000,802 | ---- | C] () -- C:\Users\Gerit\Desktop\PDF Architect.lnk
[2012.11.23 15:11:32 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.21 17:29:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.05.21 12:18:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012.05.21 12:18:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.03.02 16:02:04 | 002,106,381 | ---- | C] () -- C:\Users\Gerit\DSCN0139.JPG
[2011.01.19 09:19:16 | 000,001,940 | ---- | C] () -- C:\Users\Gerit\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.09.15 12:53:08 | 000,034,304 | ---- | C] () -- C:\Users\Gerit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.18 18:40:53 | 000,005,648 | ---- | C] () -- C:\Users\Gerit\AppData\Local\d3d9caps.dat
[2010.02.03 18:12:18 | 000,000,488 | ---- | C] () -- C:\Users\Gerit\AppData\Roaming\wklnhst.dat
[2010.02.02 20:20:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.04 12:01:38 | 000,000,093 | ---- | C] () -- C:\Users\Gerit\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.02.14 19:32:15 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Amazon
[2012.12.19 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Dropbox
[2011.09.11 11:04:55 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\EndNote
[2012.05.17 15:10:00 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\GraphPad Software
[2010.07.20 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Nokia
[2012.11.23 15:11:24 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\OpenCandy
[2010.07.20 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\PC Suite
[2012.11.23 15:17:20 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\PDF Software
[2012.11.23 15:11:31 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\pdfforge
[2010.01.04 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\T-Online
[2010.02.03 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Template
[2012.11.30 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Thunderbird
[2010.07.27 15:02:40 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\Tific
[2011.03.28 17:28:29 | 000,000,000 | ---D | M] -- C:\Users\Gerit\AppData\Roaming\WordToPDF
========== Purity Check ==========
< End of report >
|
|
19.12.2012, 14:02
| #6 |
| /// Malware-holic | BKA-Trojaner im Namen der GVU Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> BKA-Trojaner im Namen der GVU |
|
19.12.2012, 17:45
| #7 |
| | BKA-Trojaner im Namen der GVU 17:42:42.0585 2924 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:42:43.0896 2924 ============================================================ 17:42:43.0896 2924 Current date / time: 2012/12/19 17:42:43.0896 17:42:43.0896 2924 SystemInfo: 17:42:43.0896 2924 17:42:43.0896 2924 OS Version: 6.0.6002 ServicePack: 2.0 17:42:43.0896 2924 Product type: Workstation 17:42:43.0896 2924 ComputerName: JENS-PETER-PC 17:42:43.0896 2924 UserName: Gerit 17:42:43.0896 2924 Windows directory: C:\Windows 17:42:43.0896 2924 System windows directory: C:\Windows 17:42:43.0896 2924 Processor architecture: Intel x86 17:42:43.0896 2924 Number of processors: 2 17:42:43.0896 2924 Page size: 0x1000 17:42:43.0896 2924 Boot type: Normal boot 17:42:43.0896 2924 ============================================================ 17:42:44.0769 2924 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 17:42:44.0769 2924 ============================================================ 17:42:44.0769 2924 \Device\Harddisk0\DR0: 17:42:44.0785 2924 MBR partitions: 17:42:44.0785 2924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11354634 17:42:44.0785 2924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11354673, BlocksNum 0x16C444E 17:42:44.0785 2924 ============================================================ 17:42:44.0800 2924 C: <-> \Device\Harddisk0\DR0\Partition1 17:42:44.0956 2924 D: <-> \Device\Harddisk0\DR0\Partition2 17:42:44.0956 2924 ============================================================ 17:42:44.0956 2924 Initialize success 17:42:44.0956 2924 ============================================================ 17:43:37.0590 5264 ============================================================ 17:43:37.0605 5264 Scan started 17:43:37.0605 5264 Mode: Manual; SigCheck; TDLFS; 17:43:37.0605 5264 ============================================================ 17:43:37.0933 5264 ================ Scan system memory ======================== 17:43:37.0933 5264 System memory - ok 17:43:37.0933 5264 ================ Scan services ============================= 17:43:38.0260 5264 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 17:43:38.0463 5264 ACPI - ok 17:43:38.0588 5264 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 17:43:38.0619 5264 AdobeARMservice - ok 17:43:38.0713 5264 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 17:43:38.0744 5264 AdobeFlashPlayerUpdateSvc - ok 17:43:38.0853 5264 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 17:43:38.0916 5264 adp94xx - ok 17:43:38.0962 5264 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 17:43:38.0994 5264 adpahci - ok 17:43:39.0009 5264 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 17:43:39.0040 5264 adpu160m - ok 17:43:39.0072 5264 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 17:43:39.0103 5264 adpu320 - ok 17:43:39.0150 5264 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 17:43:39.0243 5264 AeLookupSvc - ok 17:43:39.0321 5264 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 17:43:39.0368 5264 AFD - ok 17:43:39.0415 5264 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 17:43:39.0446 5264 agp440 - ok 17:43:39.0462 5264 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 17:43:39.0493 5264 aic78xx - ok 17:43:39.0540 5264 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 17:43:39.0789 5264 ALG - ok 17:43:39.0805 5264 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 17:43:39.0836 5264 aliide - ok 17:43:39.0867 5264 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 17:43:39.0883 5264 amdagp - ok 17:43:39.0898 5264 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 17:43:39.0914 5264 amdide - ok 17:43:39.0945 5264 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 17:43:40.0164 5264 AmdK7 - ok 17:43:40.0195 5264 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 17:43:40.0288 5264 AmdK8 - ok 17:43:40.0366 5264 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 17:43:40.0398 5264 AntiVirSchedulerService - ok 17:43:40.0460 5264 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 17:43:40.0476 5264 AntiVirService - ok 17:43:40.0507 5264 [ 531E1F5D76FA2D6594D97DD377723F2D ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 17:43:40.0585 5264 ApfiltrService - ok 17:43:40.0647 5264 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 17:43:40.0710 5264 Appinfo - ok 17:43:40.0819 5264 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 17:43:40.0834 5264 Apple Mobile Device - ok 17:43:40.0866 5264 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 17:43:40.0912 5264 arc - ok 17:43:40.0944 5264 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 17:43:40.0959 5264 arcsas - ok 17:43:41.0022 5264 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 17:43:41.0084 5264 AsyncMac - ok 17:43:41.0131 5264 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 17:43:41.0146 5264 atapi - ok 17:43:41.0209 5264 [ 0437199C88F6E88A387CFEC8A8886A6E ] athr C:\Windows\system32\DRIVERS\athr.sys 17:43:41.0334 5264 athr - ok 17:43:41.0412 5264 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 17:43:41.0505 5264 AudioEndpointBuilder - ok 17:43:41.0505 5264 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 17:43:41.0536 5264 Audiosrv - ok 17:43:41.0599 5264 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 17:43:41.0614 5264 avgntflt - ok 17:43:41.0677 5264 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 17:43:41.0708 5264 avipbb - ok 17:43:41.0739 5264 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 17:43:41.0755 5264 avkmgr - ok 17:43:41.0958 5264 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys 17:43:42.0082 5264 BCM43XV - ok 17:43:42.0145 5264 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 17:43:42.0223 5264 Beep - ok 17:43:42.0348 5264 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 17:43:42.0457 5264 BFE - ok 17:43:42.0597 5264 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 17:43:42.0722 5264 BITS - ok 17:43:42.0722 5264 blbdrive - ok 17:43:42.0816 5264 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 17:43:42.0847 5264 Bonjour Service - ok 17:43:42.0925 5264 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 17:43:43.0003 5264 bowser - ok 17:43:43.0034 5264 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 17:43:43.0096 5264 BrFiltLo - ok 17:43:43.0143 5264 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 17:43:43.0206 5264 BrFiltUp - ok 17:43:43.0299 5264 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 17:43:43.0377 5264 Browser - ok 17:43:43.0424 5264 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 17:43:43.0533 5264 Brserid - ok 17:43:43.0580 5264 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 17:43:43.0674 5264 BrSerWdm - ok 17:43:43.0705 5264 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 17:43:43.0876 5264 BrUsbMdm - ok 17:43:43.0923 5264 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 17:43:43.0986 5264 BrUsbSer - ok 17:43:44.0017 5264 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 17:43:44.0095 5264 BTHMODEM - ok 17:43:44.0173 5264 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 17:43:44.0235 5264 cdfs - ok 17:43:44.0329 5264 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 17:43:44.0376 5264 cdrom - ok 17:43:44.0469 5264 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 17:43:44.0516 5264 CertPropSvc - ok 17:43:44.0563 5264 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 17:43:44.0656 5264 circlass - ok 17:43:44.0750 5264 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 17:43:44.0781 5264 CLFS - ok 17:43:44.0953 5264 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:43:44.0968 5264 clr_optimization_v2.0.50727_32 - ok 17:43:45.0078 5264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:43:45.0109 5264 clr_optimization_v4.0.30319_32 - ok 17:43:45.0156 5264 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 17:43:45.0187 5264 CmBatt - ok 17:43:45.0218 5264 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 17:43:45.0265 5264 cmdide - ok 17:43:45.0327 5264 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe 17:43:45.0374 5264 Com4Qlb ( UnsignedFile.Multi.Generic ) - warning 17:43:45.0374 5264 Com4Qlb - detected UnsignedFile.Multi.Generic (1) 17:43:45.0421 5264 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 17:43:45.0452 5264 Compbatt - ok 17:43:45.0468 5264 COMSysApp - ok 17:43:45.0483 5264 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 17:43:45.0499 5264 crcdisk - ok 17:43:45.0530 5264 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 17:43:45.0592 5264 Crusoe - ok 17:43:45.0639 5264 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 17:43:45.0717 5264 CryptSvc - ok 17:43:45.0780 5264 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 17:43:45.0873 5264 DcomLaunch - ok 17:43:45.0920 5264 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 17:43:45.0998 5264 DfsC - ok 17:43:46.0154 5264 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 17:43:46.0388 5264 DFSR - ok 17:43:46.0482 5264 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 17:43:46.0544 5264 Dhcp - ok 17:43:46.0592 5264 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 17:43:46.0623 5264 disk - ok 17:43:46.0701 5264 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 17:43:46.0779 5264 Dnscache - ok 17:43:46.0857 5264 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 17:43:46.0904 5264 dot3svc - ok 17:43:46.0997 5264 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 17:43:47.0044 5264 Dot4 - ok 17:43:47.0060 5264 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 17:43:47.0138 5264 Dot4Print - ok 17:43:47.0185 5264 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 17:43:47.0263 5264 dot4usb - ok 17:43:47.0325 5264 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 17:43:47.0403 5264 DPS - ok 17:43:47.0465 5264 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 17:43:47.0575 5264 drmkaud - ok 17:43:47.0669 5264 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 17:43:47.0747 5264 DXGKrnl - ok 17:43:47.0794 5264 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys 17:43:47.0934 5264 E100B - ok 17:43:47.0981 5264 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 17:43:48.0168 5264 E1G60 - ok 17:43:48.0231 5264 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 17:43:48.0293 5264 EapHost - ok 17:43:48.0387 5264 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 17:43:48.0418 5264 Ecache - ok 17:43:48.0527 5264 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 17:43:48.0590 5264 ehRecvr - ok 17:43:48.0621 5264 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 17:43:48.0699 5264 ehSched - ok 17:43:48.0714 5264 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 17:43:48.0746 5264 ehstart - ok 17:43:48.0839 5264 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 17:43:48.0870 5264 elxstor - ok 17:43:48.0948 5264 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 17:43:49.0136 5264 EMDMgmt - ok 17:43:49.0198 5264 esgiguard - ok 17:43:49.0276 5264 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 17:43:49.0354 5264 EventSystem - ok 17:43:49.0432 5264 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 17:43:49.0479 5264 exfat - ok 17:43:49.0557 5264 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 17:43:49.0604 5264 fastfat - ok 17:43:49.0650 5264 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 17:43:49.0728 5264 fdc - ok 17:43:49.0791 5264 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 17:43:49.0822 5264 fdPHost - ok 17:43:49.0838 5264 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 17:43:49.0916 5264 FDResPub - ok 17:43:49.0962 5264 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 17:43:49.0978 5264 FileInfo - ok 17:43:49.0994 5264 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 17:43:50.0056 5264 Filetrace - ok 17:43:50.0087 5264 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 17:43:50.0150 5264 flpydisk - ok 17:43:50.0228 5264 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 17:43:50.0243 5264 FltMgr - ok 17:43:50.0368 5264 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 17:43:50.0540 5264 FontCache - ok 17:43:50.0680 5264 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 17:43:50.0696 5264 FontCache3.0.0.0 - ok 17:43:50.0742 5264 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 17:43:50.0758 5264 Fs_Rec - ok 17:43:50.0789 5264 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 17:43:50.0820 5264 gagp30kx - ok 17:43:50.0852 5264 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:43:50.0867 5264 GEARAspiWDM - ok 17:43:50.0945 5264 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 17:43:51.0054 5264 gpsvc - ok 17:43:51.0179 5264 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caa43bff2939b0 C:\Program Files\Google\Update\GoogleUpdate.exe 17:43:51.0210 5264 gupdate1caa43bff2939b0 - ok 17:43:51.0257 5264 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 17:43:51.0273 5264 gupdatem - ok 17:43:51.0351 5264 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys 17:43:51.0413 5264 HBtnKey - ok 17:43:51.0444 5264 [ A1BE5A64DDCB0880301CF860BE3F0A07 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys 17:43:51.0507 5264 HdAudAddService - ok 17:43:51.0600 5264 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 17:43:51.0694 5264 HDAudBus - ok 17:43:51.0741 5264 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 17:43:51.0803 5264 HidBth - ok 17:43:51.0850 5264 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 17:43:51.0959 5264 HidIr - ok 17:43:52.0053 5264 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 17:43:52.0131 5264 hidserv - ok 17:43:52.0193 5264 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 17:43:52.0256 5264 HidUsb - ok 17:43:52.0302 5264 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 17:43:52.0334 5264 hkmsvc - ok 17:43:52.0412 5264 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 17:43:52.0412 5264 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning 17:43:52.0412 5264 HP Health Check Service - detected UnsignedFile.Multi.Generic (1) 17:43:52.0458 5264 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 17:43:52.0490 5264 HpCISSs - ok 17:43:52.0614 5264 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 17:43:52.0661 5264 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 17:43:52.0661 5264 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 17:43:52.0692 5264 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 17:43:52.0739 5264 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 17:43:52.0739 5264 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 17:43:52.0817 5264 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 17:43:52.0895 5264 HpqKbFiltr - ok 17:43:52.0942 5264 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 17:43:52.0989 5264 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning 17:43:52.0989 5264 hpqwmiex - detected UnsignedFile.Multi.Generic (1) 17:43:53.0051 5264 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS 17:43:53.0114 5264 HSFHWAZL - ok 17:43:53.0192 5264 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 17:43:53.0348 5264 HSF_DPV - ok 17:43:53.0410 5264 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 17:43:53.0457 5264 HSXHWAZL - ok 17:43:53.0535 5264 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 17:43:53.0613 5264 HTTP - ok 17:43:53.0660 5264 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 17:43:53.0675 5264 i2omp - ok 17:43:53.0753 5264 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 17:43:53.0816 5264 i8042prt - ok 17:43:54.0096 5264 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 17:43:54.0143 5264 IAANTMON - ok 17:43:54.0268 5264 [ 04E385059DA704EC6659DDB1526C4193 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys 17:43:54.0471 5264 ialm - ok 17:43:54.0502 5264 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 17:43:54.0518 5264 iaStor - ok 17:43:54.0596 5264 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 17:43:54.0627 5264 iaStorV - ok 17:43:54.0736 5264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 17:43:54.0783 5264 IDriverT ( UnsignedFile.Multi.Generic ) - warning 17:43:54.0783 5264 IDriverT - detected UnsignedFile.Multi.Generic (1) 17:43:54.0908 5264 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 17:43:54.0986 5264 idsvc - ok 17:43:55.0142 5264 [ 04E385059DA704EC6659DDB1526C4193 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 17:43:55.0235 5264 igfx - ok 17:43:55.0298 5264 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 17:43:55.0313 5264 iirsp - ok 17:43:55.0391 5264 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 17:43:55.0485 5264 IKEEXT - ok 17:43:55.0547 5264 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 17:43:55.0563 5264 intelide - ok 17:43:55.0594 5264 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 17:43:55.0656 5264 intelppm - ok 17:43:55.0703 5264 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 17:43:55.0750 5264 IPBusEnum - ok 17:43:55.0766 5264 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:43:55.0797 5264 IpFilterDriver - ok 17:43:55.0844 5264 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 17:43:55.0906 5264 iphlpsvc - ok 17:43:55.0922 5264 IpInIp - ok 17:43:56.0015 5264 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 17:43:56.0109 5264 IPMIDRV - ok 17:43:56.0156 5264 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 17:43:56.0187 5264 IPNAT - ok 17:43:56.0280 5264 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 17:43:56.0358 5264 iPod Service - ok 17:43:56.0421 5264 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 17:43:56.0468 5264 IRENUM - ok 17:43:56.0483 5264 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 17:43:56.0514 5264 isapnp - ok 17:43:56.0577 5264 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 17:43:56.0592 5264 iScsiPrt - ok 17:43:56.0624 5264 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 17:43:56.0639 5264 iteatapi - ok 17:43:56.0702 5264 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 17:43:56.0717 5264 iteraid - ok 17:43:56.0764 5264 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 17:43:56.0795 5264 kbdclass - ok 17:43:56.0873 5264 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 17:43:56.0920 5264 kbdhid - ok 17:43:56.0982 5264 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 17:43:57.0045 5264 KeyIso - ok 17:43:57.0123 5264 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 17:43:57.0170 5264 KSecDD - ok 17:43:57.0279 5264 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 17:43:57.0372 5264 KtmRm - ok 17:43:57.0404 5264 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 17:43:57.0497 5264 LanmanServer - ok 17:43:57.0544 5264 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 17:43:57.0622 5264 LanmanWorkstation - ok 17:43:57.0684 5264 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 17:43:57.0716 5264 lltdio - ok 17:43:57.0778 5264 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 17:43:57.0809 5264 lltdsvc - ok 17:43:57.0856 5264 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 17:43:57.0918 5264 lmhosts - ok 17:43:57.0965 5264 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 17:43:57.0981 5264 LSI_FC - ok 17:43:58.0043 5264 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 17:43:58.0059 5264 LSI_SAS - ok 17:43:58.0090 5264 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 17:43:58.0106 5264 LSI_SCSI - ok 17:43:58.0152 5264 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 17:43:58.0215 5264 luafv - ok 17:43:58.0324 5264 [ E949D673842858D458F7E6BCD46A2A5D ] MACNDIS5 C:\PROGRA~1\COMMON~1\MARMIK~1\MACNDIS5.SYS 17:43:58.0371 5264 MACNDIS5 ( UnsignedFile.Multi.Generic ) - warning 17:43:58.0371 5264 MACNDIS5 - detected UnsignedFile.Multi.Generic (1) 17:43:58.0418 5264 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 17:43:58.0464 5264 Mcx2Svc - ok 17:43:58.0527 5264 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 17:43:58.0558 5264 mdmxsdk - ok 17:43:58.0620 5264 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 17:43:58.0636 5264 megasas - ok 17:43:58.0698 5264 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 17:43:58.0761 5264 MMCSS - ok 17:43:58.0839 5264 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 17:43:58.0901 5264 Modem - ok 17:43:58.0964 5264 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 17:43:59.0026 5264 monitor - ok 17:43:59.0057 5264 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 17:43:59.0073 5264 mouclass - ok 17:43:59.0104 5264 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 17:43:59.0182 5264 mouhid - ok 17:43:59.0229 5264 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 17:43:59.0244 5264 MountMgr - ok 17:43:59.0307 5264 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 17:43:59.0322 5264 MozillaMaintenance - ok 17:43:59.0385 5264 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 17:43:59.0400 5264 mpio - ok 17:43:59.0432 5264 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 17:43:59.0494 5264 mpsdrv - ok 17:43:59.0556 5264 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 17:43:59.0650 5264 MpsSvc - ok 17:43:59.0697 5264 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 17:43:59.0728 5264 Mraid35x - ok 17:43:59.0790 5264 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 17:43:59.0853 5264 MRxDAV - ok 17:43:59.0868 5264 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 17:43:59.0931 5264 mrxsmb - ok 17:43:59.0978 5264 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:44:00.0040 5264 mrxsmb10 - ok 17:44:00.0071 5264 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:44:00.0118 5264 mrxsmb20 - ok 17:44:00.0149 5264 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 17:44:00.0180 5264 msahci - ok 17:44:00.0212 5264 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 17:44:00.0227 5264 msdsm - ok 17:44:00.0274 5264 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 17:44:00.0352 5264 MSDTC - ok 17:44:00.0430 5264 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 17:44:00.0508 5264 Msfs - ok 17:44:00.0586 5264 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 17:44:00.0602 5264 msisadrv - ok 17:44:00.0648 5264 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 17:44:00.0789 5264 MSiSCSI - ok 17:44:00.0789 5264 msiserver - ok 17:44:00.0867 5264 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 17:44:00.0929 5264 MSKSSRV - ok 17:44:00.0976 5264 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 17:44:01.0038 5264 MSPCLOCK - ok 17:44:01.0070 5264 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 17:44:01.0116 5264 MSPQM - ok 17:44:01.0179 5264 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 17:44:01.0194 5264 MsRPC - ok 17:44:01.0241 5264 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 17:44:01.0272 5264 mssmbios - ok 17:44:01.0304 5264 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 17:44:01.0335 5264 MSTEE - ok 17:44:01.0350 5264 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 17:44:01.0366 5264 Mup - ok 17:44:01.0475 5264 [ C961D6749DF0824D74BA121969AAC149 ] MZCCntrl C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe 17:44:01.0506 5264 MZCCntrl ( UnsignedFile.Multi.Generic ) - warning 17:44:01.0506 5264 MZCCntrl - detected UnsignedFile.Multi.Generic (1) 17:44:01.0553 5264 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 17:44:01.0631 5264 napagent - ok 17:44:01.0756 5264 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 17:44:01.0803 5264 NativeWifiP - ok 17:44:01.0896 5264 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 17:44:01.0959 5264 NDIS - ok 17:44:01.0990 5264 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 17:44:02.0052 5264 NdisTapi - ok 17:44:02.0099 5264 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 17:44:02.0130 5264 Ndisuio - ok 17:44:02.0208 5264 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 17:44:02.0255 5264 NdisWan - ok 17:44:02.0333 5264 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 17:44:02.0364 5264 NDProxy - ok 17:44:02.0411 5264 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 17:44:02.0427 5264 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 17:44:02.0427 5264 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 17:44:02.0489 5264 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 17:44:02.0536 5264 NetBIOS - ok 17:44:02.0598 5264 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 17:44:02.0661 5264 netbt - ok 17:44:02.0692 5264 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 17:44:02.0723 5264 Netlogon - ok 17:44:02.0770 5264 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 17:44:02.0848 5264 Netman - ok 17:44:02.0895 5264 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 17:44:02.0957 5264 netprofm - ok 17:44:02.0988 5264 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 17:44:03.0020 5264 NetTcpPortSharing - ok 17:44:03.0051 5264 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 17:44:03.0066 5264 nfrd960 - ok 17:44:03.0191 5264 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 17:44:03.0238 5264 NlaSvc - ok 17:44:03.0300 5264 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 17:44:03.0347 5264 Npfs - ok 17:44:03.0394 5264 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 17:44:03.0456 5264 nsi - ok 17:44:03.0488 5264 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 17:44:03.0550 5264 nsiproxy - ok 17:44:03.0628 5264 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 17:44:03.0722 5264 Ntfs - ok 17:44:03.0815 5264 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 17:44:03.0924 5264 ntrigdigi - ok 17:44:03.0940 5264 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 17:44:03.0987 5264 Null - ok 17:44:04.0018 5264 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 17:44:04.0049 5264 nvraid - ok 17:44:04.0065 5264 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 17:44:04.0096 5264 nvstor - ok 17:44:04.0127 5264 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 17:44:04.0158 5264 nv_agp - ok 17:44:04.0158 5264 NwlnkFlt - ok 17:44:04.0174 5264 NwlnkFwd - ok 17:44:04.0299 5264 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 17:44:04.0346 5264 odserv - ok 17:44:04.0408 5264 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 17:44:04.0486 5264 ohci1394 - ok 17:44:04.0548 5264 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:44:04.0564 5264 ose - ok 17:44:04.0642 5264 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 17:44:04.0907 5264 p2pimsvc - ok 17:44:04.0970 5264 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 17:44:05.0016 5264 p2psvc - ok 17:44:05.0079 5264 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 17:44:05.0172 5264 Parport - ok 17:44:05.0219 5264 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 17:44:05.0235 5264 partmgr - ok 17:44:05.0266 5264 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 17:44:05.0360 5264 Parvdm - ok 17:44:05.0406 5264 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 17:44:05.0500 5264 PcaSvc - ok 17:44:05.0578 5264 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 17:44:05.0594 5264 pci - ok 17:44:05.0625 5264 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys 17:44:05.0656 5264 pciide - ok 17:44:05.0687 5264 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 17:44:05.0703 5264 pcmcia - ok 17:44:05.0812 5264 [ A2EB6CA4F27C21E6612822B1AAA35A46 ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe 17:44:06.0015 5264 PDF Architect Helper Service - ok 17:44:06.0108 5264 [ A7B011DB400D66F7574E821223C8BB36 ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe 17:44:06.0218 5264 PDF Architect Service - ok 17:44:06.0296 5264 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 17:44:06.0420 5264 PEAUTH - ok 17:44:06.0545 5264 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 17:44:06.0732 5264 pla - ok 17:44:06.0826 5264 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 17:44:06.0857 5264 PlugPlay - ok 17:44:06.0888 5264 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 17:44:06.0904 5264 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 17:44:06.0904 5264 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 17:44:06.0935 5264 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 17:44:07.0060 5264 PNRPAutoReg - ok 17:44:07.0091 5264 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 17:44:07.0138 5264 PNRPsvc - ok 17:44:07.0185 5264 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 17:44:07.0294 5264 PolicyAgent - ok 17:44:07.0341 5264 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 17:44:07.0388 5264 PptpMiniport - ok 17:44:07.0419 5264 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 17:44:07.0512 5264 Processor - ok 17:44:07.0637 5264 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 17:44:07.0668 5264 ProfSvc - ok 17:44:07.0684 5264 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 17:44:07.0700 5264 ProtectedStorage - ok 17:44:07.0762 5264 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 17:44:07.0809 5264 PSched - ok 17:44:07.0934 5264 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 17:44:08.0012 5264 ql2300 - ok 17:44:08.0074 5264 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 17:44:08.0105 5264 ql40xx - ok 17:44:08.0168 5264 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 17:44:08.0230 5264 QWAVE - ok 17:44:08.0292 5264 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 17:44:08.0339 5264 QWAVEdrv - ok 17:44:08.0386 5264 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 17:44:08.0448 5264 RasAcd - ok 17:44:08.0480 5264 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 17:44:08.0558 5264 RasAuto - ok 17:44:08.0589 5264 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 17:44:08.0651 5264 Rasl2tp - ok 17:44:08.0854 5264 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 17:44:08.0916 5264 RasMan - ok 17:44:08.0963 5264 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 17:44:08.0994 5264 RasPppoe - ok 17:44:09.0072 5264 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 17:44:09.0088 5264 RasSstp - ok 17:44:09.0182 5264 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 17:44:09.0244 5264 rdbss - ok 17:44:09.0291 5264 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 17:44:09.0353 5264 RDPCDD - ok 17:44:09.0416 5264 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 17:44:09.0462 5264 rdpdr - ok 17:44:09.0478 5264 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 17:44:09.0509 5264 RDPENCDD - ok 17:44:09.0556 5264 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 17:44:09.0603 5264 RDPWD - ok 17:44:09.0681 5264 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 17:44:09.0743 5264 RemoteAccess - ok 17:44:09.0806 5264 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 17:44:09.0884 5264 RemoteRegistry - ok 17:44:09.0930 5264 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 17:44:09.0962 5264 RpcLocator - ok 17:44:10.0102 5264 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 17:44:10.0149 5264 RpcSs - ok 17:44:10.0211 5264 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 17:44:10.0289 5264 rspndr - ok 17:44:10.0367 5264 [ 8DE22FB05E4A0F797B1E442EB4B3B51C ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys 17:44:10.0476 5264 RTL8023xp - ok 17:44:10.0523 5264 [ 68180821FEDEBB2B373D83A2D8E4E16A ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 17:44:10.0601 5264 RTSTOR - ok 17:44:10.0648 5264 [ 27CCF532A08F437FFC795158B8B7A7F6 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys 17:44:10.0664 5264 s1018bus - ok 17:44:10.0679 5264 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 17:44:10.0695 5264 SamSs - ok 17:44:10.0742 5264 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 17:44:10.0757 5264 sbp2port - ok 17:44:10.0882 5264 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 17:44:10.0944 5264 SCardSvr - ok 17:44:11.0007 5264 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 17:44:11.0100 5264 Schedule - ok 17:44:11.0210 5264 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 17:44:11.0241 5264 SCPolicySvc - ok 17:44:11.0381 5264 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 17:44:11.0428 5264 SDRSVC - ok 17:44:11.0444 5264 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 17:44:11.0553 5264 secdrv - ok 17:44:11.0615 5264 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 17:44:11.0678 5264 seclogon - ok 17:44:11.0724 5264 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 17:44:11.0787 5264 SENS - ok 17:44:11.0896 5264 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 17:44:12.0052 5264 Serenum - ok 17:44:12.0114 5264 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 17:44:12.0161 5264 Serial - ok 17:44:12.0208 5264 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 17:44:12.0239 5264 sermouse - ok 17:44:12.0364 5264 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 17:44:12.0426 5264 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 17:44:12.0426 5264 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 17:44:12.0520 5264 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 17:44:12.0582 5264 SessionEnv - ok 17:44:12.0645 5264 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 17:44:12.0738 5264 sffdisk - ok 17:44:12.0754 5264 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 17:44:12.0832 5264 sffp_mmc - ok 17:44:12.0894 5264 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 17:44:12.0941 5264 sffp_sd - ok 17:44:12.0972 5264 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 17:44:13.0050 5264 sfloppy - ok 17:44:13.0113 5264 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 17:44:13.0144 5264 SharedAccess - ok 17:44:13.0206 5264 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 17:44:13.0284 5264 ShellHWDetection - ok 17:44:13.0331 5264 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 17:44:13.0347 5264 sisagp - ok 17:44:13.0362 5264 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 17:44:13.0394 5264 SiSRaid2 - ok 17:44:13.0409 5264 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 17:44:13.0425 5264 SiSRaid4 - ok 17:44:13.0472 5264 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 17:44:13.0503 5264 SkypeUpdate - ok 17:44:13.0659 5264 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 17:44:13.0971 5264 slsvc - ok 17:44:14.0018 5264 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 17:44:14.0064 5264 SLUINotify - ok 17:44:14.0127 5264 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 17:44:14.0189 5264 Smb - ok 17:44:14.0252 5264 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 17:44:14.0283 5264 SNMPTRAP - ok 17:44:14.0330 5264 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 17:44:14.0361 5264 spldr - ok 17:44:14.0439 5264 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 17:44:14.0470 5264 Spooler - ok 17:44:14.0564 5264 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 17:44:14.0673 5264 srv - ok 17:44:14.0735 5264 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 17:44:14.0829 5264 srv2 - ok 17:44:14.0922 5264 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 17:44:15.0016 5264 srvnet - ok 17:44:15.0063 5264 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 17:44:15.0141 5264 SSDPSRV - ok 17:44:15.0172 5264 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 17:44:15.0188 5264 ssmdrv - ok 17:44:15.0219 5264 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 17:44:15.0281 5264 SstpSvc - ok 17:44:15.0375 5264 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 17:44:15.0500 5264 stisvc - ok 17:44:15.0531 5264 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 17:44:15.0562 5264 swenum - ok 17:44:15.0624 5264 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 17:44:15.0687 5264 swprv - ok 17:44:15.0749 5264 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 17:44:15.0765 5264 Symc8xx - ok 17:44:15.0780 5264 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 17:44:15.0796 5264 Sym_hi - ok 17:44:15.0827 5264 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 17:44:15.0843 5264 Sym_u3 - ok 17:44:15.0921 5264 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 17:44:15.0999 5264 SysMain - ok 17:44:16.0030 5264 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 17:44:16.0061 5264 TabletInputService - ok 17:44:16.0124 5264 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 17:44:16.0186 5264 TapiSrv - ok 17:44:16.0233 5264 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 17:44:16.0280 5264 TBS - ok 17:44:16.0358 5264 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 17:44:16.0451 5264 Tcpip - ok 17:44:16.0607 5264 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 17:44:16.0685 5264 Tcpip6 - ok 17:44:16.0732 5264 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 17:44:16.0794 5264 tcpipreg - ok 17:44:16.0841 5264 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 17:44:16.0888 5264 TDPIPE - ok 17:44:16.0935 5264 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 17:44:16.0997 5264 TDTCP - ok 17:44:17.0060 5264 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 17:44:17.0091 5264 tdx - ok 17:44:17.0169 5264 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 17:44:17.0200 5264 TermDD - ok 17:44:17.0231 5264 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 17:44:17.0309 5264 TermService - ok 17:44:17.0356 5264 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 17:44:17.0403 5264 Themes - ok 17:44:17.0434 5264 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 17:44:17.0496 5264 THREADORDER - ok 17:44:17.0637 5264 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 17:44:17.0730 5264 TrkWks - ok 17:44:17.0840 5264 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 17:44:17.0886 5264 TrustedInstaller - ok 17:44:17.0933 5264 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 17:44:17.0996 5264 tssecsrv - ok 17:44:18.0042 5264 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 17:44:18.0058 5264 tunmp - ok 17:44:18.0089 5264 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 17:44:18.0120 5264 tunnel - ok 17:44:18.0167 5264 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 17:44:18.0183 5264 uagp35 - ok 17:44:18.0214 5264 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 17:44:18.0245 5264 udfs - ok 17:44:18.0308 5264 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 17:44:18.0370 5264 UI0Detect - ok 17:44:18.0401 5264 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 17:44:18.0432 5264 uliagpkx - ok 17:44:18.0464 5264 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 17:44:18.0495 5264 uliahci - ok 17:44:18.0510 5264 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 17:44:18.0526 5264 UlSata - ok 17:44:18.0557 5264 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 17:44:18.0588 5264 ulsata2 - ok 17:44:18.0620 5264 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 17:44:18.0666 5264 umbus - ok 17:44:18.0729 5264 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 17:44:18.0776 5264 upnphost - ok 17:44:18.0822 5264 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 17:44:18.0869 5264 USBAAPL - ok 17:44:18.0947 5264 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 17:44:18.0994 5264 usbccgp - ok 17:44:19.0072 5264 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 17:44:19.0150 5264 usbcir - ok 17:44:19.0244 5264 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 17:44:19.0290 5264 usbehci - ok 17:44:19.0384 5264 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 17:44:19.0446 5264 usbhub - ok 17:44:19.0478 5264 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 17:44:19.0571 5264 usbohci - ok 17:44:19.0618 5264 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 17:44:19.0665 5264 usbprint - ok 17:44:19.0696 5264 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 17:44:19.0727 5264 usbscan - ok 17:44:19.0758 5264 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 17:44:19.0836 5264 USBSTOR - ok 17:44:19.0883 5264 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 17:44:19.0930 5264 usbuhci - ok 17:44:19.0992 5264 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 17:44:20.0024 5264 usbvideo - ok 17:44:20.0102 5264 [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc C:\Program Files\MSN Messenger\usnsvc.exe 17:44:20.0117 5264 usnjsvc - ok 17:44:20.0180 5264 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 17:44:20.0211 5264 UxSms - ok 17:44:20.0273 5264 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 17:44:20.0367 5264 vds - ok 17:44:20.0429 5264 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 17:44:20.0507 5264 vga - ok 17:44:20.0570 5264 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 17:44:20.0601 5264 VgaSave - ok 17:44:20.0616 5264 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 17:44:20.0632 5264 viaagp - ok 17:44:20.0663 5264 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 17:44:20.0710 5264 ViaC7 - ok 17:44:20.0741 5264 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 17:44:20.0757 5264 viaide - ok 17:44:20.0772 5264 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 17:44:20.0788 5264 volmgr - ok 17:44:20.0882 5264 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 17:44:20.0897 5264 volmgrx - ok 17:44:20.0944 5264 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 17:44:20.0975 5264 volsnap - ok 17:44:21.0069 5264 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 17:44:21.0100 5264 vsmraid - ok 17:44:21.0178 5264 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 17:44:21.0303 5264 VSS - ok 17:44:21.0381 5264 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 17:44:21.0443 5264 W32Time - ok 17:44:21.0521 5264 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 17:44:21.0615 5264 WacomPen - ok 17:44:21.0662 5264 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 17:44:21.0724 5264 Wanarp - ok 17:44:21.0740 5264 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 17:44:21.0771 5264 Wanarpv6 - ok 17:44:21.0849 5264 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 17:44:21.0911 5264 wcncsvc - ok 17:44:21.0974 5264 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 17:44:22.0052 5264 WcsPlugInService - ok 17:44:22.0098 5264 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 17:44:22.0130 5264 Wd - ok 17:44:22.0176 5264 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 17:44:22.0223 5264 Wdf01000 - ok 17:44:22.0286 5264 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 17:44:22.0348 5264 WdiServiceHost - ok 17:44:22.0348 5264 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 17:44:22.0379 5264 WdiSystemHost - ok 17:44:22.0504 5264 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 17:44:22.0535 5264 WebClient - ok 17:44:22.0644 5264 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 17:44:22.0676 5264 Wecsvc - ok 17:44:22.0738 5264 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 17:44:22.0769 5264 wercplsupport - ok 17:44:22.0816 5264 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 17:44:22.0878 5264 WerSvc - ok 17:44:22.0956 5264 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 17:44:23.0081 5264 winachsf - ok 17:44:23.0237 5264 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 17:44:23.0268 5264 WinDefend - ok 17:44:23.0284 5264 WinHttpAutoProxySvc - ok 17:44:23.0378 5264 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 17:44:23.0440 5264 Winmgmt - ok 17:44:23.0565 5264 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 17:44:23.0643 5264 WinRM - ok 17:44:23.0721 5264 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 17:44:23.0846 5264 Wlansvc - ok 17:44:23.0877 5264 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 17:44:23.0939 5264 WmiAcpi - ok 17:44:24.0017 5264 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 17:44:24.0048 5264 wmiApSrv - ok 17:44:24.0126 5264 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 17:44:24.0282 5264 WMPNetworkSvc - ok 17:44:24.0314 5264 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 17:44:24.0345 5264 WPCSvc - ok 17:44:24.0407 5264 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 17:44:24.0485 5264 WPDBusEnum - ok 17:44:24.0548 5264 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 17:44:24.0594 5264 WpdUsb - ok 17:44:24.0766 5264 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 17:44:24.0860 5264 WPFFontCache_v0400 - ok 17:44:24.0906 5264 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 17:44:24.0984 5264 ws2ifsl - ok 17:44:25.0047 5264 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 17:44:25.0094 5264 wscsvc - ok 17:44:25.0094 5264 WSearch - ok 17:44:25.0234 5264 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 17:44:25.0421 5264 wuauserv - ok 17:44:25.0468 5264 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 17:44:25.0530 5264 WudfPf - ok 17:44:25.0562 5264 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 17:44:25.0608 5264 WUDFRd - ok 17:44:25.0640 5264 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 17:44:25.0671 5264 wudfsvc - ok 17:44:25.0686 5264 [ 19E7C173B6242AD7521E537AE54768BF ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 17:44:25.0718 5264 XAudio - ok 17:44:25.0749 5264 [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 17:44:25.0796 5264 XAudioService - ok 17:44:25.0811 5264 ================ Scan global =============================== 17:44:25.0874 5264 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 17:44:25.0905 5264 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 17:44:25.0952 5264 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 17:44:26.0030 5264 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 17:44:26.0045 5264 [Global] - ok 17:44:26.0045 5264 ================ Scan MBR ================================== 17:44:26.0061 5264 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0 17:44:26.0451 5264 \Device\Harddisk0\DR0 - ok 17:44:26.0451 5264 ================ Scan VBR ================================== 17:44:26.0482 5264 [ 96FE598FA40B3CF982E9E1B8BE44384C ] \Device\Harddisk0\DR0\Partition1 17:44:26.0482 5264 \Device\Harddisk0\DR0\Partition1 - ok 17:44:26.0498 5264 [ 9E9B5608319FBD2A45DE66E6DF875E33 ] \Device\Harddisk0\DR0\Partition2 17:44:26.0498 5264 \Device\Harddisk0\DR0\Partition2 - ok 17:44:26.0498 5264 ============================================================ 17:44:26.0498 5264 Scan finished 17:44:26.0498 5264 ============================================================ 17:44:26.0513 2516 Detected object count: 11 17:44:26.0513 2516 Actual detected object count: 11 17:44:44.0406 2516 Com4Qlb ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0422 2516 Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0422 2516 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0422 2516 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0422 2516 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0422 2516 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0422 2516 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0422 2516 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0422 2516 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0422 2516 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0438 2516 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0438 2516 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0438 2516 MACNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0438 2516 MACNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0438 2516 MZCCntrl ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0438 2516 MZCCntrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0438 2516 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0438 2516 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0453 2516 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0453 2516 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:44:44.0453 2516 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 17:44:44.0453 2516 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
19.12.2012, 18:03
| #8 | |
| /// Malware-holic | BKA-Trojaner im Namen der GVU Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.12.2012, 10:47
| #9 |
| | BKA-Trojaner im Namen der GVU Combofix Logfile: Code:
ATTFilter ComboFix 12-12-20.01 - Gerit 20.12.2012 10:15:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2037.945 [GMT 1:00]
ausgeführt von:: c:\users\Gerit\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9395d!.pad
c:\windows\system32\KBL.LOG
c:\windows\system32\SET7CA8.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-20 bis 2012-12-20 ))))))))))))))))))))))))))))))
.
.
2012-12-19 16:40 . 2012-12-19 16:41 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-19 15:41 . 2012-12-19 15:41 -------- d-----w- c:\program files\Enigma Software Group
2012-12-19 15:40 . 2012-12-19 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-12-18 14:28 . 2012-12-18 14:28 -------- d-----w- c:\users\Gerit\AppData\Roaming\Malwarebytes
2012-12-18 14:27 . 2012-12-18 14:27 -------- d-----w- c:\programdata\Malwarebytes
2012-12-18 14:27 . 2012-12-18 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-18 14:27 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-18 14:12 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27FD70C9-9C7B-4ED1-8D34-D42C2EEAF098}\mpengine.dll
2012-12-18 14:11 . 2012-12-18 14:11 -------- d-----w- c:\users\Public\CyberLink
2012-12-12 14:18 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 14:18 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 14:18 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 14:18 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 12:50 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 12:50 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 12:50 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 12:50 . 2012-11-08 03:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-12 12:50 . 2012-11-08 01:36 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-01 11:42 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-12-01 11:42 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-12-01 11:42 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-12-01 11:42 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-12-01 11:42 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-11-30 18:32 . 2012-11-30 18:32 -------- d-----w- c:\program files\Windows Portable Devices
2012-11-30 15:21 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-11-30 15:21 . 2009-10-01 01:01 839168 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2012-11-30 15:21 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2012-11-30 15:21 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2012-11-30 15:15 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-30 15:15 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-30 15:02 . 2012-11-30 15:02 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-11-30 15:00 . 2012-11-30 15:00 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-11-30 14:09 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-11-30 14:09 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-11-30 14:09 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-11-30 14:09 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-11-30 14:07 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-11-30 14:07 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-11-30 14:07 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-30 14:07 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-30 14:07 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-11-30 14:07 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-11-30 14:06 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-11-30 14:06 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-11-30 14:06 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-11-30 14:06 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-11-30 14:06 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-11-30 14:05 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-11-30 14:05 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-30 14:05 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-30 14:04 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-11-30 14:04 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-11-30 14:04 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-30 13:55 . 2012-11-30 14:11 -------- d-----w- c:\users\Gerit\.clipbak
2012-11-30 12:56 . 2012-11-30 12:56 -------- d-----w- c:\users\Gerit\AppData\Roaming\Thunderbird
2012-11-30 12:56 . 2012-11-30 12:56 -------- d-----w- c:\users\Gerit\AppData\Local\Thunderbird
2012-11-30 12:56 . 2012-11-30 12:56 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-11-29 18:32 . 2012-11-29 18:34 -------- d-----w- c:\windows\system32\ca-ES
2012-11-29 18:32 . 2012-11-29 18:34 -------- d-----w- c:\windows\system32\eu-ES
2012-11-29 18:02 . 2012-11-29 18:02 -------- d-----w- c:\windows\system32\EventProviders
2012-11-23 14:13 . 2012-11-23 14:17 -------- d-----w- c:\users\Gerit\AppData\Roaming\PDF Software
2012-11-23 14:12 . 2012-11-23 14:13 -------- d-----w- c:\program files\PDF Architect
2012-11-23 14:11 . 2012-05-05 09:54 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-11-23 14:11 . 2012-05-05 09:54 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-11-23 14:11 . 2012-05-05 09:54 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-11-23 14:11 . 1998-07-06 16:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL
2012-11-23 14:11 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 13:26 . 2012-07-04 11:56 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 13:26 . 2011-06-16 09:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-30 15:03 . 2012-11-30 15:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-30 15:03 . 2012-11-30 15:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-30 15:03 . 2012-11-30 15:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-11-30 15:03 . 2012-11-30 15:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-11-30 15:01 . 2012-11-30 15:01 586240 ----a-w- c:\windows\system32\stobject.dll
2012-11-30 15:01 . 2012-11-30 15:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-11-30 15:01 . 2012-11-30 15:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-11-30 15:01 . 2012-11-30 15:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-11-30 15:01 . 2012-11-30 15:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-11-30 15:01 . 2012-11-30 15:01 258048 ----a-w- c:\windows\system32\winspool.drv
2012-11-30 15:01 . 2012-11-30 15:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-11-30 15:01 . 2012-11-30 15:01 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2012-11-30 15:01 . 2012-11-30 15:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-11-30 15:00 . 2012-11-30 15:00 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-11-30 15:00 . 2012-11-30 15:00 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-11-30 15:00 . 2012-11-30 15:00 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-11-14 01:57 . 2012-12-12 14:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:48 . 2012-12-12 14:20 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-13 01:36 . 2012-12-12 12:50 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 01:29 . 2012-12-12 12:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-28 17:32 . 2012-11-23 14:11 88576 ----a-w- c:\windows\system32\pdfcmon.dll
2012-09-25 16:19 . 2012-11-30 14:08 75776 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 21:16 . 2012-10-27 07:53 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-17 12:54 . 2011-06-15 05:57 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
2012-11-13 20:41 91784 ----a-w- c:\program files\PDF Architect\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25A3A431-30BB-47C8-AD6A-E1063801134F}"= "c:\program files\PDF Architect\PDFIEPlugin.dll" [2012-11-13 731784]
.
[HKEY_CLASSES_ROOT\clsid\{25a3a431-30bb-47c8-ad6a-e1063801134f}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{78D9250B-1DEB-4469-9B35-591AB7D41CAA}]
[HKEY_CLASSES_ROOT\PDFArchitectIEPlugin.PDFIEConverter]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Gerit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Gerit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Gerit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2006-10-13 282624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Gerit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gerit\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 13:26]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:14]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=hp&babsrc=lnkry_nt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Gerit\AppData\Roaming\Mozilla\Firefox\Profiles\u97u2fxu.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q=
FF - ExtSQL: 2012-11-23 15:12; FFPDFArchitectConverter@pdfarchitect.com; c:\program files\PDF Architect\FFPDFArchitectExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-12-20 10:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3124)
c:\users\Gerit\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Marmiko Shared\MZCCntrl.exe
c:\program files\PDF Architect\HelperService.exe
c:\program files\PDF Architect\ConversionService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-20 10:36:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-20 09:36
.
Vor Suchlauf: 9 Verzeichnis(se), 50.649.894.912 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 50.190.278.656 Bytes frei
.
- - End Of File - - 2CB74806B1251974F7085DF035819FE9
|
|
20.12.2012, 13:23
| #10 |
| /// Malware-holic | BKA-Trojaner im Namen der GVU Hi lade den CCleaner standard: CCleaner Download - CCleaner 3.25.1872 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.12.2012, 11:23
| #11 |
| | BKA-Trojaner im Namen der GVU Hi, erstmal frohe Weihnachten! Hier die Liste aus CCleaner mit den Programmen. Leider weiß ich bei HP oder Microsoft nicht genau, was ich davon wirklich benötige, damit mein Office, Drucker und Scanner funktioniert. Alles andere hab ich so gut wie es geht beantwortet. Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 21.11.2007 - benötigt Adobe AIR Adobe Systems Incorporated 24.04.2012 2.6.0.19140 - benötigt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.0.42.34 - benötigt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.5.502.135 - benötigt Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 17.08.2012 121MB 10.1.4 - benötigt Amazon MP3-Downloader 1.0.17 Amazon Services LLC 1.0.17 - benötigt Apple Application Support Apple Inc. 18.07.2012 60,9MB 2.1.9 - benötigt Apple Mobile Device Support Apple Inc. 18.07.2012 24,2MB 5.2.0.6 - benötigt Apple Software Update Apple Inc. 18.07.2011 2,38MB 2.1.3.127 - benötigt Atheros Driver Installation Program Atheros 08.03.2008 7.1 - unbekannt Avira Free Antivirus Avira 12.1.9.1236 - benötigt Bonjour Apple Inc. 29.02.2012 749KB 3.0.0.10 . unnötig CCleaner Piriform 25.11.2012 3.25 - benötigt Compatibility Pack für 2007 Office System Microsoft Corporation 12.12.2012 333MB 12.0.6612.1000 - benötigt Conexant HD Audio Conexant 4.31.2.0 - unbekannt CyberLink YouCam CyberLink Corp. 08.03.2008 1.0.1005 - benötigt Dropbox Dropbox, Inc. 1.4.7 - benötigt DVD Suite CyberLink Corp. 5.5.1019 - unbekannt ESU for Microsoft Vista Hewlett-Packard 21.11.2007 14,3MB 2.0.11.1 - benötigt Google Chrome Google Inc. 02.02.2010 23.0.1271.97 - unnötig HDAUDIO Soft Data Fax Modem with SmartCP unbekannt HP Active Support Library Hewlett-Packard 21.11.2007 11,9MB 2.3.0.2 HP Customer Experience Enhancements Hewlett-Packard 21.11.2007 5.4.0.2430 HP DVD Play 3.6 HP Easy Setup - Frontend Hewlett-Packard 21.11.2007 5.4.0.2430 HP Help and Support Hewlett-Packard 21.11.2007 49,2MB 1.5.1 HP Imaging Device Functions 8.0 HP 8.0 HP OCR Software 8.0 HP 8.0 HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP 8.0 HP Quick Launch Buttons 6.30 E2 Hewlett-Packard 08.03.2008 6.30 E2 HP Solution Center 8.0 HP 8.0 HP Total Care Advisor Hewlett-Packard 21.11.2007 30,1MB 1.4.19.2433 HP Update Hewlett-Packard 31.08.2012 3,92MB 5.003.001.001 HP Wireless Assistant Hewlett-Packard 21.11.2007 3,95MB 3.00 H3 Intel(R) Graphics Media Accelerator Driver - unbekannt Intel(R) Matrix Storage Manager - unbekannt Intel(R) TV Wizard - unbekannt iTunes Apple Inc. 18.07.2012 181MB 10.6.3.25 - benötigt Java 7 Update 9 Oracle 05.09.2012 128MB 7.0.90 . benötigt Java(TM) 6 Update 18 Sun Microsystems, Inc. 09.02.2010 94,4MB 6.0.180 unnötig Java(TM) 6 Update 2 Sun Microsystems, Inc. 21.11.2007 168MB 1.6.0.20 unnötig JavaFX 2.1.0 Oracle Corporation 25.05.2012 20,8MB 2.1.0 unnötig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 18.12.2012 1.65.1.1000 unnötig? Microsoft .NET Framework 1.1 30.11.2012 Microsoft .NET Framework 1.1 German Language Pack Microsoft 04.01.2010 3,01MB 1.1.4322 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 30.11.2012 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 30.11.2012 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.05.2012 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 18.05.2012 11,2MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 12.12.2012 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.05.2012 506KB 2.0.4024.1 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 16.11.2012 186MB 12.0.6612.1000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 04.02.2010 251KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.01.2012 294KB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 20.03.2012 598KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.03.2012 594KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.03.2012 16,5MB 10.0.40219 Microsoft Works Microsoft Corporation 10.10.2012 386MB 9.7.0621 Mozilla Firefox 17.0.1 (x86 de) Mozilla 17.0.1 - benötigt Mozilla Maintenance Service Mozilla 17.0.1 - benötigt Mozilla Thunderbird 17.0 (x86 de) Mozilla 17.0 MSCU for Microsoft Vista Hewlett-Packard 21.11.2007 229MB 1.0.1.9 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 04.01.2010 35,0KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 04.01.2010 1,33MB 4.20.9876.0 NetWaiting BVRP Software, Inc 08.03.2008 2.5.48 unbekannt Nokia Connectivity Cable Driver Nokia 20.07.2010 3,22MB 7.1.31.0 unnötig PDF Architect pdfforge 23.11.2012 93,2MB 1.0.39.8219 unnötig PDFCreator Frank Heindörfer, Philip Chinery 23.11.2012 1.6.0 benötigt Power2Go CyberLink Corp. 5.6.3423 unbekannt QuickPlay SlingPlayer 0.4.4 SlingMedia 0.4.4 unbekannt QuickTime Apple Inc. 18.07.2012 73,2MB 7.72.80.56 benötigt Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista Realtek 08.03.2008 1.00.0000 benötigt Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 08.03.2008 benötigt ResearchSoft Direct Export Helper unbekannt Skype™ 5.10 Skype Technologies S.A. 13.09.2012 19,3MB 5.10.116 benötigt T-Online 6.0 unnötig T-Online WLAN-Access Finder unnötig Touch Pad Driver benötigt Windows Live Messenger Microsoft Corporation 21.11.2007 29,0MB 8.1.0178.00 unnötig Windows Media Player Firefox Plugin Microsoft Corp 22.04.2012 296KB 1.0.0.8 unnötig Ich hoffe, du kannst mir weiterhelfen und es ist bald geschafft! |
|
27.12.2012, 13:49
| #12 |
| /// Malware-holic | BKA-Trojaner im Namen der GVU deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Bonjour Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Nokia PDF Architect T-Online : alle Windows Live Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 11:17
| #13 |
| | BKA-Trojaner im Namen der GVU # AdwCleaner v2.103 - Datei am 28/12/2012 um 11:17:04 erstellt # Aktualisiert am 25/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Gerit - JENS-PETER-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Gerit\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gefunden : C:\Users\Gerit\AppData\Roaming\Mozilla\Firefox\Profiles\u97u2fxu.default\searchplugins\Web Search.xml Ordner Gefunden : C:\Users\Gerit\AppData\Roaming\OpenCandy Ordner Gefunden : C:\Users\Gerit\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\IGearSettings Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 Schlüssel Gefunden : HKU\S-1-5-21-512599210-1453252507-485215167-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gefunden : HKU\S-1-5-21-512599210-1453252507-485215167-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=hp&babsrc=lnkry_nt [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} -\\ Mozilla Firefox v17.0.1 (de) Datei : C:\Users\Gerit\AppData\Roaming\Mozilla\Firefox\Profiles\u97u2fxu.default\prefs.js Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Gefunden : user_pref("browser.search.selectedEngine", "Web Search"); Gefunden : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa[...] ************************* AdwCleaner[R1].txt - [3427 octets] - [28/12/2012 11:17:04] ########## EOF - C:\AdwCleaner[R1].txt - [3487 octets] ########## |
|
28.12.2012, 14:40
| #14 |
| /// Malware-holic | BKA-Trojaner im Namen der GVU Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.12.2012, 15:33
| #15 |
| | BKA-Trojaner im Namen der GVU # AdwCleaner v2.103 - Datei am 28/12/2012 um 15:29:01 erstellt # Aktualisiert am 25/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Gerit - JENS-PETER-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Gerit\Downloads\adwcleaner(2).exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gelöscht : C:\Users\Gerit\AppData\Roaming\Mozilla\Firefox\Profiles\u97u2fxu.default\searchplugins\Web Search.xml Ordner Gelöscht : C:\Users\Gerit\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Gerit\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\IGearSettings Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa-4142-ab3e-3ca4cead2c25&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (de) Datei : C:\Users\Gerit\AppData\Roaming\Mozilla\Firefox\Profiles\u97u2fxu.default\prefs.js Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Gelöscht : user_pref("browser.search.selectedEngine", "Web Search"); Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2f01ce52-21fa[...] ************************* AdwCleaner[R1].txt - [3556 octets] - [28/12/2012 11:17:04] AdwCleaner[S1].txt - [3280 octets] - [28/12/2012 15:29:01] ########## EOF - C:\AdwCleaner[S1].txt - [3340 octets] ########## |
|
| Themen zu BKA-Trojaner im Namen der GVU |
| abgesicherten, administrator, anti-malware, appdata, autostart, chip.de, computer, dateien, eingabeaufforderung, explorer, funktioniert, gelöscht, gvu trojaner - internetsperrung bereits behoben - weitere hilfe benötigt, modus, namen, neustart, quarantäne, service, service pack 2, software, speicher, systemwiederherstellung, temp, trojaner, version, vista |
Linear-Darstellung
