| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pc war mit GVU infiziert, was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2012, 20:26
| #1 |
| |  Pc war mit GVU infiziert, was nun? Hallo zusammen, der PC meiner Eltern war nun seit Montag mit dem GVU infiziert. Ich hab mich eben hingesetzt und im abgesicherten Modus mit Netzfunktion Malewarebytes Anti-Maleware geupdatet und das Programm einen Vollscan durchlaufen lassen. Es wurden 4 Funde gemeldet und gelöscht. Danach lief der PC normal und ich habe folgende Programme geupdatet: G-Data, Java, Flashplayer und den Browser. Zudem hab ich alle temporären internetfiles und Cookies gelöscht. Nun habe ich mit G-Data und Malewarebytes erneut Scans durchlaufen lassen und bekam keine Meldungen mehr. Ich bin mir aber nicht sicher ob der PC nun ausreichend bereinigt ist oder ob der GVU in ein paar Tagen wieder auftritt. Was muss noch getan werden? |
|
20.12.2012, 20:30
| #2 |
| /// Malware-holic   | Pc war mit GVU infiziert, was nun? Hi
__________________öffne Malwarebytes, Berichte, poste alle mit Funden. Öffne GDATA gehe ins Protokoll, poste Fundmeldungen bitte.
__________________ |
|
21.12.2012, 10:39
| #3 |
| | Pc war mit GVU infiziert, was nun? Hier das Malewarebytes Log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.20.08 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Olli-Rosi :: OLLI-ROSI-PC [Administrator] Schutz: Deaktiviert 20.12.2012 18:00:03 mbam-log-2012-12-20 (18-00-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 476788 Laufzeit: 52 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Olli-Rosi\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-50b1d1c6 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-738926ee (Trojan.Agent.BEWVGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Olli-Rosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Virenprüfung mit G Data InternetSecurity 2013
Version 23.0.5.9 (17.09.2012)
Virensignaturen vom 20.12.2012
Startzeit: 20.12.2012 23:59:57
Engine(s): Engine A (AVA 22.7117), Engine B (AVL 22.1408)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 21.12.2012 02:33:16
259594 Dateien überprüft
2 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
– Archiv: Outlook.pst
Pfad: C:\Users\Olli-Rosi\AppData\Local\Microsoft\Outlook
Status: Virus gefunden
Virus: Trojan.Gamarue.M (Engine A)
Objekt: [Subject: DHL Redelivery Confirmation #121866310938][From: DHL Redelivery]=>DHL-Redelivery-Confirmation648468004905.zip=>DHL-Redelivery-Confirmation.exe
In Archiv: C:\Users\Olli-Rosi\AppData\Local\Microsoft\Outlook\Outlook.pst
Status: Virus gefunden
Virus: Trojan.Gamarue.M (Engine A)
– Archiv: 13111dc9-66e0f8ae
Pfad: C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9
Status: Virus gefunden
Virus: Java:CVE-2012-4681-EK [Expl], Java:CVE-2012-4681-EJ [Expl], Java:CVE-2012-4681-FT [Expl], Java:CVE-2012-4681-FR [Expl], Java:CVE-2012-4681-EI [Expl], Java:CVE-2012-4681-FW [Expl] (Engine B)
Objekt: spar\doblasOxazineOs.class
In Archiv: C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae
Status: Virus gefunden
Virus: Java:CVE-2012-4681-EK [Expl] (Engine B)
Objekt: spar\mingy.class
In Archiv: C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae
Status: Virus gefunden
Virus: Java:CVE-2012-4681-EJ [Expl] (Engine B)
Objekt: spar\ochered.class
In Archiv: C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae
Status: Virus gefunden
Virus: Java:CVE-2012-4681-FT [Expl] (Engine B)
Objekt: spar\proneCarol.class
In Archiv: C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae
Status: Virus gefunden
Virus: Java:CVE-2012-4681-FR [Expl] (Engine B)
Objekt: spar\sunapp.class
In Archiv: C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae
Status: Virus gefunden
Virus: Java:CVE-2012-4681-EI [Expl] (Engine B)
Objekt: spar\tuggerDratDaises.class
In Archiv: C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae
Status: Virus gefunden
Virus: Java:CVE-2012-4681-FW [Expl] (Engine B)
– Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\System32\winevt\Logs\Application.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx
C:\Windows\System32\winevt\Logs\System.evtx
C:\Windows\System32\winevt\Logs\ODiag.evtx
C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
– Die folgenden Dateien sind Passwortgeschützt:
C:\Users\Olli-Rosi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\M0ZTMM9D\GTop (3).zip
C:\Users\Olli-Rosi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\M0ZTMM9D\GTop.zip
C:\Users\Olli-Rosi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\M0ZTMM9D\Nochwas.zip
C:\Users\Olli-Rosi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\M0ZTMM9D\OSM1.zip
C:\Users\Olli-Rosi\Downloads\avira_free_antivirus_de(1).exe
C:\Users\Olli-Rosi\Downloads\install_flashplayer11x32_mssa_aih(1).exe
C:\Users\Olli-Rosi\Downloads\install_flashplayer11x32_mssa_aih.exe
Code:
ATTFilter Beim Öffnen der Datei "C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae->spar\doblasOxazineOs.class" wurde der Virus "Java:CVE-2012-4681-EK [Expl] (Engine B)" entdeckt. Zugriff verweigert.
Beim Öffnen der Datei "C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae->spar\mingy.class" wurde der Virus "Java:CVE-2012-4681-EJ [Expl] (Engine B)" entdeckt. Zugriff verweigert.
Beim Öffnen der Datei "C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae->spar\ochered.class" wurde der Virus "Java:CVE-2012-4681-FT [Expl] (Engine B)" entdeckt. Zugriff verweigert.
Beim Öffnen der Datei "C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae->spar\proneCarol.class" wurde der Virus "Java:CVE-2012-4681-FR [Expl] (Engine B)" entdeckt. Zugriff verweigert.
Beim Öffnen der Datei "C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae->spar\sunapp.class" wurde der Virus "Java:CVE-2012-4681-EI [Expl] (Engine B)" entdeckt. Zugriff verweigert.
Beim Öffnen der Datei "C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae->spar\tuggerDratDaises.class" wurde der Virus "Java:CVE-2012-4681-FW [Expl] (Engine B)" entdeckt. Zugriff verweigert.
Beim Öffnen der Datei "C:\Users\Olli-Rosi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\13111dc9-66e0f8ae" wurde der Virus "Java:CVE-2012-4681-EK [Expl], Java:CVE-2012-4681-EJ [Expl], Java:CVE-2012-4681-FT [Expl], Java:CVE-2012-4681-FR [Expl], Java:CVE-2012-4681-EI [Expl], Java:CVE-2012-4681-FW [Expl] (Engine B)" entdeckt. Zugriff verweigert.
|
|
21.12.2012, 13:39
| #4 |
| /// Malware-holic | Pc war mit GVU infiziert, was nun? Hi mache nur die Scans, zu denen ich dich auffordere, danke download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 13:52
| #5 |
| | Pc war mit GVU infiziert, was nun? Hier das Log: Code:
ATTFilter 13:49:22.0432 5588 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:49:24.0319 5588 ============================================================
13:49:24.0319 5588 Current date / time: 2012/12/21 13:49:24.0319
13:49:24.0319 5588 SystemInfo:
13:49:24.0319 5588
13:49:24.0319 5588 OS Version: 6.1.7601 ServicePack: 1.0
13:49:24.0319 5588 Product type: Workstation
13:49:24.0319 5588 ComputerName: OLLI-ROSI-PC
13:49:24.0319 5588 UserName: Olli-Rosi
13:49:24.0319 5588 Windows directory: C:\Windows
13:49:24.0319 5588 System windows directory: C:\Windows
13:49:24.0319 5588 Processor architecture: Intel x86
13:49:24.0319 5588 Number of processors: 4
13:49:24.0319 5588 Page size: 0x1000
13:49:24.0319 5588 Boot type: Normal boot
13:49:24.0319 5588 ============================================================
13:49:25.0599 5588 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:49:25.0630 5588 ============================================================
13:49:25.0630 5588 \Device\Harddisk0\DR0:
13:49:25.0630 5588 MBR partitions:
13:49:25.0630 5588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:49:25.0630 5588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD2800
13:49:25.0630 5588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
13:49:25.0630 5588 ============================================================
13:49:25.0661 5588 C: <-> \Device\Harddisk0\DR0\Partition2
13:49:25.0723 5588 D: <-> \Device\Harddisk0\DR0\Partition3
13:49:25.0723 5588 ============================================================
13:49:25.0723 5588 Initialize success
13:49:25.0723 5588 ============================================================
13:49:31.0573 4416 ============================================================
13:49:31.0573 4416 Scan started
13:49:31.0573 4416 Mode: Manual; SigCheck; TDLFS;
13:49:31.0573 4416 ============================================================
13:49:32.0525 4416 ================ Scan system memory ========================
13:49:32.0525 4416 System memory - ok
13:49:32.0525 4416 ================ Scan services =============================
13:49:32.0665 4416 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:49:32.0821 4416 1394ohci - ok
13:49:32.0884 4416 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:49:32.0899 4416 ACPI - ok
13:49:32.0931 4416 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:49:32.0993 4416 AcpiPmi - ok
13:49:33.0118 4416 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:49:33.0133 4416 AdobeARMservice - ok
13:49:33.0211 4416 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:49:33.0227 4416 AdobeFlashPlayerUpdateSvc - ok
13:49:33.0289 4416 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:49:33.0352 4416 adp94xx - ok
13:49:33.0399 4416 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:49:33.0430 4416 adpahci - ok
13:49:33.0461 4416 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:49:33.0508 4416 adpu320 - ok
13:49:33.0555 4416 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:49:33.0601 4416 AeLookupSvc - ok
13:49:33.0648 4416 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:49:33.0726 4416 AFD - ok
13:49:33.0773 4416 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:49:33.0820 4416 agp440 - ok
13:49:33.0867 4416 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:49:33.0913 4416 aic78xx - ok
13:49:33.0960 4416 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:49:34.0054 4416 ALG - ok
13:49:34.0101 4416 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:49:34.0147 4416 aliide - ok
13:49:34.0179 4416 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:49:34.0225 4416 amdagp - ok
13:49:34.0257 4416 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:49:34.0288 4416 amdide - ok
13:49:34.0319 4416 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:49:34.0381 4416 AmdK8 - ok
13:49:34.0397 4416 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:49:34.0475 4416 AmdPPM - ok
13:49:34.0506 4416 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:49:34.0553 4416 amdsata - ok
13:49:34.0600 4416 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:49:34.0647 4416 amdsbs - ok
13:49:34.0678 4416 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:49:34.0740 4416 amdxata - ok
13:49:34.0803 4416 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:49:34.0865 4416 AppID - ok
13:49:34.0896 4416 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:49:34.0959 4416 AppIDSvc - ok
13:49:34.0990 4416 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
13:49:35.0021 4416 Appinfo - ok
13:49:35.0161 4416 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:49:35.0177 4416 Apple Mobile Device - ok
13:49:35.0224 4416 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:49:35.0255 4416 arc - ok
13:49:35.0286 4416 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:49:35.0317 4416 arcsas - ok
13:49:35.0349 4416 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:49:35.0442 4416 AsyncMac - ok
13:49:35.0505 4416 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:49:35.0583 4416 atapi - ok
13:49:35.0645 4416 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:49:35.0707 4416 AudioEndpointBuilder - ok
13:49:35.0707 4416 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:49:35.0739 4416 Audiosrv - ok
13:49:35.0848 4416 [ C48176DA44D0298A7075D3C5CF8C3D8D ] AVKProxy C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
13:49:35.0879 4416 AVKProxy - ok
13:49:35.0910 4416 [ 29DA2D5958B352022A1BB5CE6FDB427C ] AVKService C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
13:49:35.0926 4416 AVKService - ok
13:49:35.0957 4416 [ 6BBEF99B9A4DA3568ECCF32FCB10C6FE ] AVKWCtl C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
13:49:36.0097 4416 AVKWCtl - ok
13:49:36.0160 4416 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:49:36.0222 4416 AxInstSV - ok
13:49:36.0269 4416 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:49:36.0331 4416 b06bdrv - ok
13:49:36.0363 4416 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:49:36.0409 4416 b57nd60x - ok
13:49:36.0456 4416 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:49:36.0534 4416 BBSvc - ok
13:49:36.0597 4416 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:49:36.0643 4416 BBUpdate - ok
13:49:36.0659 4416 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:49:36.0737 4416 BDESVC - ok
13:49:36.0768 4416 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:49:36.0846 4416 Beep - ok
13:49:36.0893 4416 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:49:36.0924 4416 BFE - ok
13:49:36.0971 4416 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
13:49:37.0018 4416 BITS - ok
13:49:37.0049 4416 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:49:37.0111 4416 blbdrive - ok
13:49:37.0205 4416 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:49:37.0267 4416 Bonjour Service - ok
13:49:37.0314 4416 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:49:37.0423 4416 bowser - ok
13:49:37.0455 4416 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:49:37.0657 4416 BrFiltLo - ok
13:49:37.0673 4416 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:49:37.0704 4416 BrFiltUp - ok
13:49:37.0767 4416 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:49:37.0813 4416 Browser - ok
13:49:37.0829 4416 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:49:37.0907 4416 Brserid - ok
13:49:37.0938 4416 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:49:37.0969 4416 BrSerWdm - ok
13:49:38.0001 4416 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:49:38.0047 4416 BrUsbMdm - ok
13:49:38.0079 4416 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:49:38.0141 4416 BrUsbSer - ok
13:49:38.0141 4416 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:49:38.0203 4416 BTHMODEM - ok
13:49:38.0250 4416 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:49:38.0344 4416 bthserv - ok
13:49:38.0375 4416 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:49:38.0437 4416 cdfs - ok
13:49:38.0484 4416 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:49:38.0593 4416 cdrom - ok
13:49:38.0640 4416 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:49:38.0671 4416 CertPropSvc - ok
13:49:38.0718 4416 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:49:38.0749 4416 circlass - ok
13:49:38.0781 4416 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:49:38.0812 4416 CLFS - ok
13:49:38.0859 4416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:49:38.0921 4416 clr_optimization_v2.0.50727_32 - ok
13:49:38.0952 4416 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:49:38.0999 4416 CmBatt - ok
13:49:39.0015 4416 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:49:39.0061 4416 cmdide - ok
13:49:39.0093 4416 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:49:39.0171 4416 CNG - ok
13:49:39.0186 4416 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:49:39.0233 4416 Compbatt - ok
13:49:39.0280 4416 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:49:39.0327 4416 CompositeBus - ok
13:49:39.0342 4416 COMSysApp - ok
13:49:39.0373 4416 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:49:39.0405 4416 crcdisk - ok
13:49:39.0451 4416 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:49:39.0498 4416 CryptSvc - ok
13:49:39.0545 4416 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:49:39.0592 4416 DcomLaunch - ok
13:49:39.0607 4416 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:49:39.0685 4416 defragsvc - ok
13:49:39.0717 4416 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:49:39.0841 4416 DfsC - ok
13:49:39.0888 4416 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:49:39.0935 4416 Dhcp - ok
13:49:39.0951 4416 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:49:40.0029 4416 discache - ok
13:49:40.0075 4416 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:49:40.0122 4416 Disk - ok
13:49:40.0169 4416 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:49:40.0231 4416 dot3svc - ok
13:49:40.0278 4416 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:49:40.0309 4416 DPS - ok
13:49:40.0341 4416 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:49:40.0387 4416 drmkaud - ok
13:49:40.0434 4416 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:49:40.0481 4416 DXGKrnl - ok
13:49:40.0497 4416 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:49:40.0543 4416 EapHost - ok
13:49:40.0637 4416 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:49:40.0762 4416 ebdrv - ok
13:49:40.0809 4416 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:49:40.0824 4416 EFS - ok
13:49:40.0871 4416 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:49:40.0996 4416 ehRecvr - ok
13:49:41.0011 4416 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:49:41.0152 4416 ehSched - ok
13:49:41.0203 4416 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:49:41.0283 4416 elxstor - ok
13:49:41.0313 4416 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:49:41.0373 4416 ErrDev - ok
13:49:41.0403 4416 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:49:41.0483 4416 EventSystem - ok
13:49:41.0513 4416 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:49:41.0583 4416 exfat - ok
13:49:41.0643 4416 Fabs - ok
13:49:41.0663 4416 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:49:41.0703 4416 fastfat - ok
13:49:41.0759 4416 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:49:41.0805 4416 Fax - ok
13:49:41.0837 4416 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:49:41.0852 4416 fdc - ok
13:49:41.0883 4416 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:49:41.0930 4416 fdPHost - ok
13:49:41.0946 4416 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:49:42.0039 4416 FDResPub - ok
13:49:42.0071 4416 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:49:42.0133 4416 FileInfo - ok
13:49:42.0149 4416 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:49:42.0211 4416 Filetrace - ok
13:49:42.0289 4416 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:49:42.0539 4416 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
13:49:42.0539 4416 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
13:49:42.0570 4416 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:49:42.0679 4416 flpydisk - ok
13:49:42.0695 4416 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:49:42.0773 4416 FltMgr - ok
13:49:42.0804 4416 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
13:49:42.0851 4416 FontCache - ok
13:49:42.0897 4416 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:49:42.0960 4416 FontCache3.0.0.0 - ok
13:49:42.0991 4416 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:49:43.0022 4416 FsDepends - ok
13:49:43.0053 4416 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:49:43.0100 4416 Fs_Rec - ok
13:49:43.0147 4416 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:49:43.0209 4416 fvevol - ok
13:49:43.0241 4416 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:49:43.0287 4416 gagp30kx - ok
13:49:43.0365 4416 [ 1F0A3452B77638FF4106CF914B3DAB3D ] GDBehave C:\Windows\system32\drivers\GDBehave.sys
13:49:43.0412 4416 GDBehave - ok
13:49:43.0490 4416 [ EB4D63C618555024DAC54F619859AD92 ] GDFwSvc C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
13:49:43.0646 4416 GDFwSvc - ok
13:49:43.0724 4416 [ 724070D41BC6471DAEDDB6C6A75C8CD3 ] GDMnIcpt C:\Windows\system32\drivers\MiniIcpt.sys
13:49:43.0755 4416 GDMnIcpt - ok
13:49:43.0787 4416 [ 56B968449ADF9E0F7151B36005731721 ] GDPkIcpt C:\Windows\system32\drivers\PktIcpt.sys
13:49:43.0818 4416 GDPkIcpt - ok
13:49:43.0911 4416 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
13:49:43.0974 4416 GDScan - ok
13:49:44.0005 4416 [ 0EBC9CEBF9FC3E256E6D196FB3DE61E9 ] gdwfpcd C:\Windows\system32\drivers\gdwfpcd32.sys
13:49:44.0036 4416 gdwfpcd - ok
13:49:44.0099 4416 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:49:44.0145 4416 GEARAspiWDM - ok
13:49:44.0192 4416 [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys
13:49:44.0239 4416 GigasetGenericUSB - ok
13:49:44.0270 4416 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:49:44.0379 4416 gpsvc - ok
13:49:44.0489 4416 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:49:44.0504 4416 gupdate - ok
13:49:44.0551 4416 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:49:44.0582 4416 gupdatem - ok
13:49:44.0660 4416 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:49:44.0723 4416 gusvc - ok
13:49:44.0754 4416 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:49:44.0801 4416 hcw85cir - ok
13:49:44.0847 4416 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:49:44.0910 4416 HdAudAddService - ok
13:49:44.0925 4416 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:49:44.0957 4416 HDAudBus - ok
13:49:44.0972 4416 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:49:44.0988 4416 HidBatt - ok
13:49:45.0019 4416 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:49:45.0066 4416 HidBth - ok
13:49:45.0097 4416 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:49:45.0128 4416 HidIr - ok
13:49:45.0144 4416 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
13:49:45.0175 4416 hidserv - ok
13:49:45.0222 4416 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:49:45.0253 4416 HidUsb - ok
13:49:45.0284 4416 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:49:45.0315 4416 hkmsvc - ok
13:49:45.0331 4416 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:49:45.0378 4416 HomeGroupListener - ok
13:49:45.0409 4416 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:49:45.0440 4416 HomeGroupProvider - ok
13:49:45.0487 4416 [ A3D1EE9B310ED1FE6136FEC4E0DEA366 ] HookCentre C:\Windows\system32\drivers\HookCentre.sys
13:49:45.0518 4416 HookCentre - ok
13:49:45.0565 4416 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:49:45.0612 4416 HpSAMD - ok
13:49:45.0659 4416 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:49:45.0737 4416 HTTP - ok
13:49:45.0768 4416 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:49:45.0783 4416 hwpolicy - ok
13:49:45.0846 4416 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:49:45.0877 4416 i8042prt - ok
13:49:45.0908 4416 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:49:45.0971 4416 iaStorV - ok
13:49:46.0033 4416 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:49:46.0220 4416 idsvc - ok
13:49:46.0267 4416 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:49:46.0314 4416 iirsp - ok
13:49:46.0392 4416 [ A06EFD4965F8A3F97A8C9A291D032678 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
13:49:46.0485 4416 IJPLMSVC - ok
13:49:46.0548 4416 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:49:46.0595 4416 IKEEXT - ok
13:49:46.0657 4416 [ D075EC26F410E5FE1CC3688BCF78609F ] InCDfs C:\Windows\system32\drivers\InCDfs.sys
13:49:46.0704 4416 InCDfs ( UnsignedFile.Multi.Generic ) - warning
13:49:46.0704 4416 InCDfs - detected UnsignedFile.Multi.Generic (1)
13:49:46.0766 4416 [ 1267811F30CECCB72E97DC33742ABEA2 ] InCDPass C:\Windows\system32\DRIVERS\InCDPass.sys
13:49:46.0797 4416 InCDPass ( UnsignedFile.Multi.Generic ) - warning
13:49:46.0797 4416 InCDPass - detected UnsignedFile.Multi.Generic (1)
13:49:46.0829 4416 [ BB4E2C719B745E27E55EDBCB1230C205 ] InCDrec C:\Windows\system32\drivers\InCDrec.sys
13:49:46.0875 4416 InCDrec ( UnsignedFile.Multi.Generic ) - warning
13:49:46.0875 4416 InCDrec - detected UnsignedFile.Multi.Generic (1)
13:49:46.0922 4416 [ 9589D693B003D2A4D044A2476A827E11 ] incdrm C:\Windows\system32\drivers\incdrm.sys
13:49:46.0969 4416 incdrm ( UnsignedFile.Multi.Generic ) - warning
13:49:46.0969 4416 incdrm - detected UnsignedFile.Multi.Generic (1)
13:49:47.0031 4416 [ 222B59D2655EE0C831F9317A14A49B0F ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe
13:49:47.0125 4416 InCDsrv ( UnsignedFile.Multi.Generic ) - warning
13:49:47.0125 4416 InCDsrv - detected UnsignedFile.Multi.Generic (1)
13:49:47.0219 4416 [ E345EC27C8DFF8728F5C6F0413699DC5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:49:47.0359 4416 IntcAzAudAddService - ok
13:49:47.0406 4416 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:49:47.0437 4416 intelide - ok
13:49:47.0468 4416 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:49:47.0499 4416 intelppm - ok
13:49:47.0546 4416 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:49:47.0577 4416 IPBusEnum - ok
13:49:47.0609 4416 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:49:47.0671 4416 IpFilterDriver - ok
13:49:47.0718 4416 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:49:47.0780 4416 iphlpsvc - ok
13:49:47.0858 4416 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:49:47.0967 4416 IPMIDRV - ok
13:49:47.0983 4416 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:49:48.0045 4416 IPNAT - ok
13:49:48.0123 4416 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:49:48.0155 4416 iPod Service - ok
13:49:48.0201 4416 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:49:48.0279 4416 IRENUM - ok
13:49:48.0295 4416 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:49:48.0326 4416 isapnp - ok
13:49:48.0357 4416 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:49:48.0404 4416 iScsiPrt - ok
13:49:48.0435 4416 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:49:48.0467 4416 kbdclass - ok
13:49:48.0498 4416 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:49:48.0529 4416 kbdhid - ok
13:49:48.0545 4416 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:49:48.0560 4416 KeyIso - ok
13:49:48.0607 4416 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:49:48.0654 4416 KSecDD - ok
13:49:48.0669 4416 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:49:48.0701 4416 KSecPkg - ok
13:49:48.0716 4416 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:49:48.0779 4416 KtmRm - ok
13:49:48.0810 4416 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
13:49:48.0841 4416 LanmanServer - ok
13:49:48.0888 4416 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:49:48.0950 4416 lltdio - ok
13:49:48.0981 4416 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:49:49.0044 4416 lltdsvc - ok
13:49:49.0059 4416 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:49:49.0153 4416 lmhosts - ok
13:49:49.0184 4416 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:49:49.0231 4416 LSI_FC - ok
13:49:49.0262 4416 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:49:49.0293 4416 LSI_SAS - ok
13:49:49.0309 4416 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:49:49.0340 4416 LSI_SAS2 - ok
13:49:49.0356 4416 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:49:49.0403 4416 LSI_SCSI - ok
13:49:49.0434 4416 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:49:49.0481 4416 luafv - ok
13:49:49.0512 4416 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:49:49.0527 4416 MBAMProtector - ok
13:49:49.0559 4416 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:49:49.0605 4416 MBAMScheduler - ok
13:49:49.0637 4416 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:49:49.0668 4416 MBAMService - ok
13:49:49.0761 4416 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
13:49:49.0855 4416 McComponentHostService - ok
13:49:49.0917 4416 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:49:49.0949 4416 Mcx2Svc - ok
13:49:49.0980 4416 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:49:50.0011 4416 megasas - ok
13:49:50.0042 4416 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:49:50.0073 4416 MegaSR - ok
13:49:50.0167 4416 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
13:49:50.0214 4416 Microsoft Office Groove Audit Service - ok
13:49:50.0245 4416 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:49:50.0292 4416 MMCSS - ok
13:49:50.0307 4416 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:49:50.0385 4416 Modem - ok
13:49:50.0432 4416 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:49:50.0463 4416 monitor - ok
13:49:50.0495 4416 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:49:50.0541 4416 mouclass - ok
13:49:50.0573 4416 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:49:50.0619 4416 mouhid - ok
13:49:50.0651 4416 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:49:50.0682 4416 mountmgr - ok
13:49:50.0760 4416 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:49:50.0807 4416 MozillaMaintenance - ok
13:49:50.0853 4416 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:49:50.0916 4416 mpio - ok
13:49:50.0931 4416 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:49:50.0994 4416 mpsdrv - ok
13:49:51.0041 4416 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:49:51.0103 4416 MpsSvc - ok
13:49:51.0119 4416 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:49:51.0150 4416 MRxDAV - ok
13:49:51.0212 4416 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:49:51.0259 4416 mrxsmb - ok
13:49:51.0306 4416 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:49:51.0337 4416 mrxsmb10 - ok
13:49:51.0353 4416 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:49:51.0384 4416 mrxsmb20 - ok
13:49:51.0431 4416 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:49:51.0446 4416 msahci - ok
13:49:51.0462 4416 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:49:51.0493 4416 msdsm - ok
13:49:51.0524 4416 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:49:51.0602 4416 MSDTC - ok
13:49:51.0618 4416 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:49:51.0665 4416 Msfs - ok
13:49:51.0665 4416 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:49:51.0743 4416 mshidkmdf - ok
13:49:51.0774 4416 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:49:51.0805 4416 msisadrv - ok
13:49:51.0852 4416 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:49:51.0914 4416 MSiSCSI - ok
13:49:51.0930 4416 msiserver - ok
13:49:51.0977 4416 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:49:52.0023 4416 MSKSSRV - ok
13:49:52.0039 4416 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:49:52.0086 4416 MSPCLOCK - ok
13:49:52.0117 4416 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:49:52.0133 4416 MSPQM - ok
13:49:52.0148 4416 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:49:52.0211 4416 MsRPC - ok
13:49:52.0242 4416 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:49:52.0257 4416 mssmbios - ok
13:49:52.0304 4416 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:49:52.0351 4416 MSTEE - ok
13:49:52.0367 4416 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:49:52.0398 4416 MTConfig - ok
13:49:52.0413 4416 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:49:52.0445 4416 Mup - ok
13:49:52.0476 4416 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:49:52.0523 4416 napagent - ok
13:49:52.0569 4416 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:49:52.0601 4416 NativeWifiP - ok
13:49:52.0663 4416 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:49:52.0694 4416 NDIS - ok
13:49:52.0725 4416 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:49:52.0772 4416 NdisCap - ok
13:49:52.0803 4416 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:49:52.0866 4416 NdisTapi - ok
13:49:52.0913 4416 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:49:52.0991 4416 Ndisuio - ok
13:49:53.0037 4416 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:49:53.0162 4416 NdisWan - ok
13:49:53.0193 4416 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:49:53.0256 4416 NDProxy - ok
13:49:53.0412 4416 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
13:49:53.0490 4416 Nero BackItUp Scheduler 4.0 - ok
13:49:53.0552 4416 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
13:49:53.0630 4416 Netaapl - ok
13:49:53.0661 4416 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:49:53.0708 4416 NetBIOS - ok
13:49:53.0755 4416 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:49:53.0849 4416 NetBT - ok
13:49:53.0880 4416 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:49:53.0895 4416 Netlogon - ok
13:49:53.0942 4416 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:49:53.0989 4416 Netman - ok
13:49:54.0005 4416 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:49:54.0036 4416 netprofm - ok
13:49:54.0083 4416 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:49:54.0114 4416 NetTcpPortSharing - ok
13:49:54.0161 4416 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:49:54.0207 4416 nfrd960 - ok
13:49:54.0254 4416 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:49:54.0301 4416 NlaSvc - ok
13:49:54.0317 4416 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:49:54.0379 4416 Npfs - ok
13:49:54.0395 4416 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:49:54.0441 4416 nsi - ok
13:49:54.0473 4416 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:49:54.0519 4416 nsiproxy - ok
13:49:54.0582 4416 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:49:54.0691 4416 Ntfs - ok
13:49:54.0722 4416 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:49:54.0769 4416 Null - ok
13:49:54.0800 4416 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
13:49:54.0863 4416 NVENETFD - ok
13:49:54.0909 4416 [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
13:49:54.0941 4416 NVHDA - ok
13:49:55.0128 4416 [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:49:55.0627 4416 nvlddmkm - ok
13:49:55.0643 4416 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:49:55.0705 4416 nvraid - ok
13:49:55.0767 4416 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
13:49:55.0814 4416 nvsmu - ok
13:49:55.0861 4416 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:49:55.0892 4416 nvstor - ok
13:49:55.0923 4416 [ 3FF57A9A657C9690ECBC8B1E3B6E3979 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
13:49:55.0939 4416 nvstor32 - ok
13:49:55.0986 4416 [ 387DC341E2AED29EB8F67B6EE53BB43B ] nvsvc C:\Windows\system32\nvvsvc.exe
13:49:56.0033 4416 nvsvc - ok
13:49:56.0048 4416 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:49:56.0079 4416 nv_agp - ok
13:49:56.0142 4416 [ 6ABC0333409E7AB86BA610BCF5BDDF7B ] NxpCap C:\Windows\system32\DRIVERS\NxpCap.sys
13:49:56.0220 4416 NxpCap - ok
13:49:56.0282 4416 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:49:56.0391 4416 odserv - ok
13:49:56.0423 4416 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:49:56.0469 4416 ohci1394 - ok
13:49:56.0501 4416 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:49:56.0579 4416 ose - ok
13:49:56.0625 4416 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:49:56.0719 4416 p2pimsvc - ok
13:49:56.0766 4416 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:49:56.0797 4416 p2psvc - ok
13:49:56.0844 4416 [ 301E92CE7FB606F94F124A76D8145622 ] PAEAFLT.sys C:\Windows\system32\DRIVERS\PAEAFLT.sys
13:49:56.0891 4416 PAEAFLT.sys - ok
13:49:56.0922 4416 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:49:56.0953 4416 Parport - ok
13:49:56.0984 4416 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:49:57.0031 4416 partmgr - ok
13:49:57.0062 4416 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:49:57.0093 4416 Parvdm - ok
13:49:57.0109 4416 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:49:57.0140 4416 PcaSvc - ok
13:49:57.0156 4416 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:49:57.0187 4416 pci - ok
13:49:57.0218 4416 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:49:57.0249 4416 pciide - ok
13:49:57.0281 4416 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:49:57.0327 4416 pcmcia - ok
13:49:57.0343 4416 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:49:57.0374 4416 pcw - ok
13:49:57.0421 4416 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:49:57.0515 4416 PEAUTH - ok
13:49:57.0577 4416 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:49:57.0671 4416 pla - ok
13:49:57.0717 4416 [ E406A33046228BD89F0C2DB5C172F19C ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
13:49:57.0780 4416 PLFlash DeviceIoControl Service - ok
13:49:57.0827 4416 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:49:57.0889 4416 PlugPlay - ok
13:49:57.0983 4416 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
13:49:58.0061 4416 PMBDeviceInfoProvider - ok
13:49:58.0092 4416 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:49:58.0139 4416 PNRPAutoReg - ok
13:49:58.0154 4416 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:49:58.0170 4416 PNRPsvc - ok
13:49:58.0310 4416 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:49:58.0373 4416 PolicyAgent - ok
13:49:58.0404 4416 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:49:58.0435 4416 Power - ok
13:49:58.0466 4416 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:49:58.0529 4416 PptpMiniport - ok
13:49:58.0544 4416 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:49:58.0591 4416 Processor - ok
13:49:58.0622 4416 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
13:49:58.0653 4416 ProfSvc - ok
13:49:58.0669 4416 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:49:58.0685 4416 ProtectedStorage - ok
13:49:58.0731 4416 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
13:49:58.0794 4416 ProtexisLicensing - ok
13:49:58.0825 4416 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:49:58.0887 4416 Psched - ok
13:49:58.0919 4416 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:49:58.0997 4416 ql2300 - ok
13:49:59.0012 4416 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:49:59.0059 4416 ql40xx - ok
13:49:59.0090 4416 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:49:59.0137 4416 QWAVE - ok
13:49:59.0184 4416 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:49:59.0215 4416 QWAVEdrv - ok
13:49:59.0231 4416 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:49:59.0309 4416 RasAcd - ok
13:49:59.0340 4416 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:49:59.0433 4416 RasAgileVpn - ok
13:49:59.0465 4416 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:49:59.0543 4416 RasAuto - ok
13:49:59.0574 4416 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:49:59.0621 4416 Rasl2tp - ok
13:49:59.0683 4416 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:49:59.0714 4416 RasMan - ok
13:49:59.0761 4416 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:49:59.0823 4416 RasPppoe - ok
13:49:59.0839 4416 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:49:59.0901 4416 RasSstp - ok
13:49:59.0948 4416 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:50:00.0011 4416 rdbss - ok
13:50:00.0042 4416 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:50:00.0073 4416 rdpbus - ok
13:50:00.0120 4416 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:50:00.0167 4416 RDPCDD - ok
13:50:00.0213 4416 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:50:00.0276 4416 RDPENCDD - ok
13:50:00.0291 4416 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:50:00.0338 4416 RDPREFMP - ok
13:50:00.0369 4416 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:50:00.0416 4416 RDPWD - ok
13:50:00.0463 4416 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:50:00.0510 4416 rdyboost - ok
13:50:00.0525 4416 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:50:00.0572 4416 RemoteAccess - ok
13:50:00.0603 4416 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:50:00.0650 4416 RemoteRegistry - ok
13:50:00.0744 4416 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:50:00.0853 4416 RichVideo ( UnsignedFile.Multi.Generic ) - warning
13:50:00.0853 4416 RichVideo - detected UnsignedFile.Multi.Generic (1)
13:50:00.0884 4416 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:50:00.0931 4416 RpcEptMapper - ok
13:50:00.0962 4416 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:50:01.0009 4416 RpcLocator - ok
13:50:01.0056 4416 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:50:01.0087 4416 RpcSs - ok
13:50:01.0118 4416 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:50:01.0165 4416 rspndr - ok
13:50:01.0212 4416 [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
13:50:01.0290 4416 RTL8192su - ok
13:50:01.0305 4416 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:50:01.0321 4416 SamSs - ok
13:50:01.0368 4416 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:50:01.0415 4416 sbp2port - ok
13:50:01.0446 4416 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:50:01.0493 4416 SCardSvr - ok
13:50:01.0508 4416 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:50:01.0555 4416 scfilter - ok
13:50:01.0602 4416 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:50:01.0680 4416 Schedule - ok
13:50:01.0711 4416 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:50:01.0742 4416 SCPolicySvc - ok
13:50:01.0742 4416 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:50:01.0805 4416 SDRSVC - ok
13:50:01.0836 4416 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:50:01.0883 4416 secdrv - ok
13:50:01.0898 4416 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:50:01.0945 4416 seclogon - ok
13:50:01.0976 4416 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
13:50:02.0007 4416 SENS - ok
13:50:02.0023 4416 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:50:02.0070 4416 SensrSvc - ok
13:50:02.0085 4416 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:50:02.0132 4416 Serenum - ok
13:50:02.0163 4416 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:50:02.0257 4416 Serial - ok
13:50:02.0304 4416 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:50:02.0335 4416 sermouse - ok
13:50:02.0382 4416 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:50:02.0429 4416 SessionEnv - ok
13:50:02.0429 4416 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:50:02.0491 4416 sffdisk - ok
13:50:02.0507 4416 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:50:02.0569 4416 sffp_mmc - ok
13:50:02.0616 4416 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:50:02.0647 4416 sffp_sd - ok
13:50:02.0663 4416 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:50:02.0694 4416 sfloppy - ok
13:50:02.0725 4416 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:50:02.0787 4416 SharedAccess - ok
13:50:02.0834 4416 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:50:02.0881 4416 ShellHWDetection - ok
13:50:02.0897 4416 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:50:02.0912 4416 sisagp - ok
13:50:02.0943 4416 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:50:02.0975 4416 SiSRaid2 - ok
13:50:02.0990 4416 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:50:03.0021 4416 SiSRaid4 - ok
13:50:03.0084 4416 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:50:03.0162 4416 SkypeUpdate - ok
13:50:03.0209 4416 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:50:03.0255 4416 Smb - ok
13:50:03.0287 4416 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:50:03.0318 4416 SNMPTRAP - ok
13:50:03.0365 4416 [ 2265D43D44CF9695C050E3B58F05295B ] SPC230NC C:\Windows\system32\DRIVERS\SPC230NC.SYS
13:50:03.0443 4416 SPC230NC - ok
13:50:03.0458 4416 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:50:03.0489 4416 spldr - ok
13:50:03.0552 4416 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
13:50:03.0630 4416 Spooler - ok
13:50:03.0723 4416 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:50:03.0801 4416 sppsvc - ok
13:50:03.0833 4416 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:50:03.0895 4416 sppuinotify - ok
13:50:03.0926 4416 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:50:03.0989 4416 srv - ok
13:50:04.0035 4416 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:50:04.0067 4416 srv2 - ok
13:50:04.0082 4416 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:50:04.0113 4416 srvnet - ok
13:50:04.0145 4416 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:50:04.0191 4416 SSDPSRV - ok
13:50:04.0207 4416 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:50:04.0254 4416 SstpSvc - ok
13:50:04.0269 4416 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:50:04.0301 4416 stexstor - ok
13:50:04.0347 4416 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:50:04.0410 4416 StiSvc - ok
13:50:04.0441 4416 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:50:04.0472 4416 swenum - ok
13:50:04.0488 4416 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:50:04.0519 4416 swprv - ok
13:50:04.0581 4416 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:50:04.0613 4416 SysMain - ok
13:50:04.0628 4416 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:50:04.0691 4416 TabletInputService - ok
13:50:04.0722 4416 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:50:04.0769 4416 TapiSrv - ok
13:50:04.0784 4416 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:50:04.0831 4416 TBS - ok
13:50:04.0878 4416 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:50:04.0971 4416 Tcpip - ok
13:50:05.0003 4416 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:50:05.0034 4416 TCPIP6 - ok
13:50:05.0081 4416 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:50:05.0127 4416 tcpipreg - ok
13:50:05.0174 4416 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:50:05.0221 4416 TDPIPE - ok
13:50:05.0252 4416 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:50:05.0299 4416 TDTCP - ok
13:50:05.0330 4416 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:50:05.0439 4416 tdx - ok
13:50:05.0471 4416 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:50:05.0502 4416 TermDD - ok
13:50:05.0549 4416 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:50:05.0580 4416 TermService - ok
13:50:05.0611 4416 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:50:05.0642 4416 Themes - ok
13:50:05.0658 4416 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:50:05.0689 4416 THREADORDER - ok
13:50:05.0689 4416 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:50:05.0736 4416 TrkWks - ok
13:50:05.0798 4416 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:50:05.0845 4416 TrustedInstaller - ok
13:50:05.0876 4416 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:50:05.0923 4416 tssecsrv - ok
13:50:05.0954 4416 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:50:06.0048 4416 TsUsbFlt - ok
13:50:06.0110 4416 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:50:06.0188 4416 tunnel - ok
13:50:06.0204 4416 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:50:06.0235 4416 uagp35 - ok
13:50:06.0282 4416 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:50:06.0344 4416 udfs - ok
13:50:06.0375 4416 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:50:06.0500 4416 UI0Detect - ok
13:50:06.0516 4416 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:50:06.0563 4416 uliagpkx - ok
13:50:06.0594 4416 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:50:06.0625 4416 umbus - ok
13:50:06.0672 4416 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:50:06.0719 4416 UmPass - ok
13:50:06.0765 4416 [ 22BFA49D9D0B4B8D018EFCD6F1C8CF14 ] Update-Service C:\Windows\System32\UpdSvc.dll
13:50:06.0812 4416 Update-Service - ok
13:50:06.0843 4416 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:50:06.0875 4416 upnphost - ok
13:50:06.0921 4416 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:50:06.0953 4416 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
13:50:06.0953 4416 USBAAPL - detected UnsignedFile.Multi.Generic (1)
13:50:07.0015 4416 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:50:07.0077 4416 usbaudio - ok
13:50:07.0093 4416 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:50:07.0140 4416 usbccgp - ok
13:50:07.0155 4416 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:50:07.0202 4416 usbcir - ok
13:50:07.0233 4416 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:50:07.0265 4416 usbehci - ok
13:50:07.0311 4416 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys
13:50:07.0374 4416 usbhub - ok
13:50:07.0389 4416 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:50:07.0421 4416 usbohci - ok
13:50:07.0467 4416 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:50:07.0483 4416 usbprint - ok
13:50:07.0530 4416 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:50:07.0545 4416 usbscan - ok
13:50:07.0577 4416 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:50:07.0623 4416 USBSTOR - ok
13:50:07.0655 4416 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:50:07.0701 4416 usbuhci - ok
13:50:07.0748 4416 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:50:07.0779 4416 usbvideo - ok
13:50:07.0811 4416 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:50:07.0857 4416 UxSms - ok
13:50:07.0873 4416 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:50:07.0889 4416 VaultSvc - ok
13:50:07.0920 4416 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:50:07.0951 4416 vdrvroot - ok
13:50:07.0998 4416 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:50:08.0060 4416 vds - ok
13:50:08.0076 4416 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:50:08.0107 4416 vga - ok
13:50:08.0123 4416 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:50:08.0154 4416 VgaSave - ok
13:50:08.0201 4416 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:50:08.0232 4416 vhdmp - ok
13:50:08.0263 4416 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:50:08.0294 4416 viaagp - ok
13:50:08.0310 4416 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:50:08.0341 4416 ViaC7 - ok
13:50:08.0388 4416 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:50:08.0419 4416 viaide - ok
13:50:08.0450 4416 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:50:08.0497 4416 volmgr - ok
13:50:08.0544 4416 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:50:08.0575 4416 volmgrx - ok
13:50:08.0606 4416 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:50:08.0684 4416 volsnap - ok
13:50:08.0715 4416 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:50:08.0747 4416 vsmraid - ok
13:50:08.0793 4416 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:50:08.0856 4416 VSS - ok
13:50:08.0871 4416 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:50:08.0934 4416 vwifibus - ok
13:50:08.0965 4416 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:50:09.0059 4416 vwififlt - ok
13:50:09.0090 4416 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:50:09.0137 4416 vwifimp - ok
13:50:09.0152 4416 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:50:09.0199 4416 W32Time - ok
13:50:09.0215 4416 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:50:09.0277 4416 WacomPen - ok
13:50:09.0308 4416 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:50:09.0371 4416 WANARP - ok
13:50:09.0371 4416 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:50:09.0402 4416 Wanarpv6 - ok
13:50:09.0449 4416 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:50:09.0573 4416 wbengine - ok
13:50:09.0589 4416 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:50:09.0636 4416 WbioSrvc - ok
13:50:09.0683 4416 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:50:09.0714 4416 wcncsvc - ok
13:50:09.0729 4416 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:50:09.0776 4416 WcsPlugInService - ok
13:50:09.0792 4416 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:50:09.0823 4416 Wd - ok
13:50:09.0870 4416 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:50:09.0948 4416 Wdf01000 - ok
13:50:09.0979 4416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:50:10.0041 4416 WdiServiceHost - ok
13:50:10.0041 4416 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:50:10.0057 4416 WdiSystemHost - ok
13:50:10.0104 4416 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:50:10.0151 4416 WebClient - ok
13:50:10.0182 4416 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:50:10.0244 4416 Wecsvc - ok
13:50:10.0260 4416 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:50:10.0307 4416 wercplsupport - ok
13:50:10.0338 4416 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:50:10.0385 4416 WerSvc - ok
13:50:10.0416 4416 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:50:10.0463 4416 WfpLwf - ok
13:50:10.0478 4416 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:50:10.0509 4416 WIMMount - ok
13:50:10.0556 4416 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:50:10.0587 4416 WinDefend - ok
13:50:10.0603 4416 WinHttpAutoProxySvc - ok
13:50:10.0650 4416 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:50:10.0697 4416 Winmgmt - ok
13:50:10.0743 4416 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:50:10.0806 4416 WinRM - ok
13:50:10.0868 4416 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:50:10.0946 4416 WinUsb - ok
13:50:10.0977 4416 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:50:11.0102 4416 Wlansvc - ok
13:50:11.0180 4416 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:50:11.0258 4416 wlidsvc - ok
13:50:11.0321 4416 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:50:11.0336 4416 WmiAcpi - ok
13:50:11.0352 4416 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:50:11.0461 4416 wmiApSrv - ok
13:50:11.0523 4416 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:50:11.0570 4416 WMPNetworkSvc - ok
13:50:11.0586 4416 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:50:11.0617 4416 WPCSvc - ok
13:50:11.0664 4416 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:50:11.0726 4416 WPDBusEnum - ok
13:50:11.0742 4416 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:50:11.0789 4416 ws2ifsl - ok
13:50:11.0804 4416 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
13:50:11.0835 4416 wscsvc - ok
13:50:11.0835 4416 WSearch - ok
13:50:11.0913 4416 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:50:11.0976 4416 wuauserv - ok
13:50:12.0007 4416 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:50:12.0054 4416 WudfPf - ok
13:50:12.0101 4416 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:50:12.0147 4416 WUDFRd - ok
13:50:12.0179 4416 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:50:12.0225 4416 wudfsvc - ok
13:50:12.0241 4416 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:50:12.0303 4416 WwanSvc - ok
13:50:12.0335 4416 [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
13:50:12.0366 4416 X10Hid - ok
13:50:12.0397 4416 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
13:50:12.0491 4416 x10nets ( UnsignedFile.Multi.Generic ) - warning
13:50:12.0491 4416 x10nets - detected UnsignedFile.Multi.Generic (1)
13:50:12.0537 4416 [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
13:50:12.0553 4416 XUIF - ok
13:50:12.0569 4416 ================ Scan global ===============================
13:50:12.0600 4416 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:50:12.0647 4416 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
13:50:12.0662 4416 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
13:50:12.0678 4416 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:50:12.0693 4416 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:50:12.0693 4416 [Global] - ok
13:50:12.0693 4416 ================ Scan MBR ==================================
13:50:12.0709 4416 [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
13:50:15.0377 4416 \Device\Harddisk0\DR0 - ok
13:50:15.0377 4416 ================ Scan VBR ==================================
13:50:15.0392 4416 [ 3923C5851A3610390881C187CB6F9782 ] \Device\Harddisk0\DR0\Partition1
13:50:15.0392 4416 \Device\Harddisk0\DR0\Partition1 - ok
13:50:15.0423 4416 [ 50FC32E71A9D36E869A3BAF5E26ABA92 ] \Device\Harddisk0\DR0\Partition2
13:50:15.0423 4416 \Device\Harddisk0\DR0\Partition2 - ok
13:50:15.0455 4416 [ 20F09478653EE4076F7977ED937F5DB9 ] \Device\Harddisk0\DR0\Partition3
13:50:15.0455 4416 \Device\Harddisk0\DR0\Partition3 - ok
13:50:15.0455 4416 ============================================================
13:50:15.0455 4416 Scan finished
13:50:15.0455 4416 ============================================================
13:50:15.0470 1828 Detected object count: 9
13:50:15.0470 1828 Actual detected object count: 9
13:50:26.0312 1828 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0312 1828 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0328 1828 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0328 1828 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0328 1828 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0328 1828 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0328 1828 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0328 1828 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0343 1828 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0343 1828 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0343 1828 InCDsrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0343 1828 InCDsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0343 1828 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0343 1828 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0343 1828 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0343 1828 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:50:26.0359 1828 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
13:50:26.0359 1828 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.12.2012, 14:31
| #6 | |
| /// Malware-holic | Pc war mit GVU infiziert, was nun? Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Pc war mit GVU infiziert, was nun? |
|
21.12.2012, 16:11
| #7 |
| | Pc war mit GVU infiziert, was nun? Hier das Combofix Log: Code:
ATTFilter ComboFix 12-12-20.02 - Olli-Rosi 21.12.2012 14:59:37.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1895 [GMT 1:00]
ausgeführt von:: c:\users\Olli-Rosi\Desktop\ComboFix.exe
AV: G Data InternetSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dsgsdgdsgdsgw.pad
c:\documents and settings\All Users\Application Data\go_0molg.pad
c:\users\Olli-Rosi\4.0
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-21 bis 2012-12-21 ))))))))))))))))))))))))))))))
.
.
2012-12-21 14:58 . 2012-12-21 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 12:38 . 2012-12-21 12:38 -------- d-----w- c:\users\Olli-Rosi\AppData\Roaming\G Data
2012-12-21 12:38 . 2012-12-21 12:38 -------- d-----w- c:\users\Olli-Rosi\AppData\Local\G DATA
2012-12-21 09:42 . 2012-12-21 10:50 923279 ----a-w- c:\windows\system32\sig.bin
2012-12-20 18:59 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2012-12-20 18:43 . 2012-12-20 18:43 -------- d-----w- c:\users\Olli-Rosi\AppData\Roaming\QuickScan
2012-12-20 18:35 . 2012-12-20 18:35 -------- d-----w- c:\program files\Common Files\Java
2012-12-20 18:35 . 2012-12-20 18:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-20 18:18 . 2012-05-29 07:24 10792 ----a-w- c:\windows\system32\GdScrSv.de.dll
2012-12-20 16:57 . 2012-12-20 22:57 -------- d-----w- c:\program files\Bitdefender
2012-12-20 12:08 . 2012-12-20 18:20 50080 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2012-12-20 12:08 . 2012-12-20 18:18 93728 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2012-12-20 12:08 . 2012-12-20 12:08 50040 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2012-12-20 12:08 . 2012-12-20 18:18 41888 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2012-12-20 12:08 . 2012-12-20 18:18 53664 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
2012-12-20 12:07 . 2012-12-20 18:20 -------- d-----w- c:\program files\Common Files\G Data
2012-12-20 12:07 . 2012-12-20 12:07 -------- d-----w- c:\program files\G Data
2012-12-20 12:02 . 2012-12-20 12:02 -------- d-----w- c:\users\Olli-Rosi\AppData\Local\Downloaded Installations
2012-12-20 12:00 . 2012-12-20 22:56 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-12-13 16:59 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-03 11:27 . 2012-12-03 11:27 -------- d-----w- c:\program files\Common Files\Skype
2012-12-03 11:27 . 2012-12-03 11:27 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 18:35 . 2012-10-24 07:13 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-20 18:35 . 2011-06-22 19:03 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-20 18:26 . 2012-06-12 19:41 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-20 18:26 . 2011-08-03 16:06 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2012-07-24 11:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 08:49 78336 ----a-w- c:\windows\system32\synceng.dll
2012-12-09 15:47 . 2012-12-09 15:47 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2010-02-14 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Philips Intelligent Agent"="c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-21 39408]
"Device Detection"="c:\program files\PhotoDoseNEU\dd.exe" [2011-10-31 788328]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2009-09-01 1086760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-18 1557160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Olli-Rosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
TrayMin230.lnk - c:\program files\Philips\Philips SPC230NC Webcam\TrayMin230.exe [2009-12-19 241664]
WISO Mein Sparbuch heute.lnk - c:\program files\WISO\Sparbuch 2010\meinsparbuchheute.exe [2010-9-18 1164584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-06-03 18:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Getdo]
2010-07-21 11:21 0 ----a-w- c:\users\Olli-Rosi\AppData\Roaming\Adobe\Update\flacor.dat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 17:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC230NC_Monitor]
2007-12-10 14:55 323584 ----a-w- c:\windows\Philips\SPC230NC\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC_Monitor]
2007-12-10 14:55 323584 ----a-w- c:\windows\Philips\SPC230NC\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-19 14:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\DRIVERS\PAEAFLT.sys [x]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\DRIVERS\SPC230NC.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 27871741
*Deregistered* - 27871741
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 18:26]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 11:30]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 11:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{cbe9ee14-0f4c-4131-9bd0-cc0afcc7511d}: DhcpNameServer = 139.7.30.126 139.7.30.125
FF - ProfilePath - c:\users\Olli-Rosi\AppData\Roaming\Mozilla\Firefox\Profiles\lry94j95.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=eedde0fb-4c08-40a8-836b-2d50832359c5&apn_ptnrs=%5EABT&apn_sauid=6526C1A9-4538-47F4-8486-E7637A721CD9&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2012-12-20 13:08; {906305f7-aafc-45e9-8bbd-941950a84dad}; c:\program files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-audities - c:\users\OLLI-R~1\AppData\Local\Temp\ipcoiMon.dll
MSConfigStartUp-{E027573E-BFF7-C14A-F026-0A0DDE7DADD7} - c:\users\Olli-Rosi\AppData\Roaming\Fyro\wuik.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-21 16:02:29
ComboFix-quarantined-files.txt 2012-12-21 15:02
.
Vor Suchlauf: 9 Verzeichnis(se), 621.665.067.008 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 622.213.218.304 Bytes frei
.
- - End Of File - - 24A5D911EF049410F39159C9436FB8AF
|
|
21.12.2012, 16:47
| #8 |
| /// Malware-holic | Pc war mit GVU infiziert, was nun? Hi, muss noch mal kurz was anschauen: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.12.2012, 17:55
| #9 |
| | Pc war mit GVU infiziert, was nun? OTL.txt: Code:
ATTFilter OTL logfile created on: 21.12.2012 17:09:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olli-Rosi\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,01% Memory free 6,00 Gb Paging File | 4,60 Gb Available in Paging File | 76,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 579,59 Gb Free Space | 63,66% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,32 Gb Free Space | 51,60% Space Free | Partition Type: NTFS Computer Name: OLLI-ROSI-PC | User Name: Olli-Rosi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.21 17:07:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olli-Rosi\Desktop\OTL.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe PRC - [2012.04.18 10:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.02.23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.27 05:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011.10.31 14:42:04 | 000,788,328 | ---- | M] () -- C:\Programme\PhotoDoseNEU\dd.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.08.29 22:18:39 | 001,164,584 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe PRC - [2010.03.24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBVolumeWatcher.exe PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009.09.01 16:31:26 | 001,086,760 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.03.30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.03.24 03:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2007.12.14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Programme\Philips\Philips SPC230NC Webcam\TrayMin230.exe PRC - [2007.03.16 11:45:30 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ========== Modules (No Company Name) ========== MOD - [2011.10.31 14:42:04 | 000,788,328 | ---- | M] () -- C:\Programme\PhotoDoseNEU\dd.exe MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.08.29 22:51:50 | 002,195,456 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wstyle10.dll MOD - [2010.08.29 22:51:42 | 025,182,208 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wstyle110.dll MOD - [2010.08.29 22:50:14 | 000,827,392 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wform10.dll MOD - [2010.08.29 22:48:42 | 004,448,256 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wauff10.dll MOD - [2010.08.29 22:44:59 | 001,101,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wfvie10.dll MOD - [2010.08.29 22:43:15 | 000,077,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wsons10.dll MOD - [2010.08.29 22:42:58 | 001,347,584 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wwerb10.dll MOD - [2010.08.29 22:40:36 | 001,839,104 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\whau210.dll MOD - [2010.08.29 22:37:23 | 000,602,112 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\whau110.dll MOD - [2010.08.29 22:36:23 | 001,200,128 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wbae410.dll MOD - [2010.08.29 22:34:24 | 002,134,016 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wbae310.dll MOD - [2010.08.29 22:30:54 | 000,684,032 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wbae210.dll MOD - [2010.08.29 22:29:25 | 004,046,848 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wbae110.dll MOD - [2010.08.29 22:24:07 | 001,589,248 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wimp10.dll MOD - [2010.08.29 22:18:39 | 001,164,584 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe MOD - [2010.08.29 22:13:47 | 001,216,512 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wfabu10.dll MOD - [2010.08.29 22:08:32 | 001,212,416 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wreli10.dll MOD - [2010.08.29 22:07:08 | 009,502,720 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\winc10.dll MOD - [2010.08.29 21:52:29 | 000,135,168 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wincb10.dll MOD - [2010.08.29 21:51:35 | 000,077,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wglob10.dll MOD - [2010.08.29 21:51:20 | 001,036,288 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\wsteu10.dll MOD - [2010.08.29 21:49:39 | 000,233,472 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\rszeus4.dll MOD - [2010.08.29 21:49:28 | 000,094,208 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\rsdebug4.dll MOD - [2010.08.29 21:49:07 | 000,122,880 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\rswinapi4.dll MOD - [2010.07.29 11:13:43 | 009,437,184 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtwebkitrs4.dll MOD - [2010.07.29 10:42:06 | 000,274,432 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtsvgrs4.dll MOD - [2010.07.29 10:41:47 | 000,266,240 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\phononrs4.dll MOD - [2010.07.29 10:37:53 | 002,416,640 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qt3supportrs4.dll MOD - [2010.07.29 10:36:21 | 000,086,016 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qttestrs4.dll MOD - [2010.07.29 10:36:08 | 000,704,512 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtscriptrs4.dll MOD - [2010.07.29 10:35:01 | 000,589,824 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtsqlrs4.dll MOD - [2010.07.29 10:34:41 | 008,028,160 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtguirs4.dll MOD - [2010.07.29 10:26:46 | 000,897,024 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtnetworkrs4.dll MOD - [2010.07.29 10:25:54 | 000,364,544 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtxmlrs4.dll MOD - [2010.07.29 10:25:43 | 002,080,768 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\qtcorers4.dll MOD - [2009.09.21 13:21:58 | 000,151,552 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\rsodbc4.dll MOD - [2009.09.21 13:21:58 | 000,029,184 | ---- | M] () -- C:\Programme\WISO\Sparbuch 2010\rsdcom4.dll MOD - [2007.12.14 16:58:30 | 000,241,664 | ---- | M] () -- C:\Programme\Philips\Philips SPC230NC Webcam\TrayMin230.exe ========== Services (SafeList) ========== SRV - [2012.12.20 19:26:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.09 16:47:47 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.12.10 16:13:23 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.03.30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.02.10 17:01:50 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.08.07 09:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.07.25 11:00:56 | 000,876,032 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\OLLI-R~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.12.20 19:20:30 | 000,050,080 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2012.12.20 19:18:55 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2012.12.20 19:18:55 | 000,053,664 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2012.12.20 19:18:55 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave) DRV - [2012.12.20 13:08:44 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.09.28 00:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.09.22 14:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.08.21 21:24:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009.07.30 14:11:40 | 001,488,096 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.06.28 23:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.02.20 18:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2007.12.31 16:19:50 | 000,461,056 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPC230NC.SYS -- (SPC230NC) DRV - [2007.09.26 14:28:46 | 000,008,576 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAEAFLT.sys -- (PAEAFLT.sys) DRV - [2005.07.25 10:53:30 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2005.07.25 10:53:28 | 000,101,504 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2005.07.25 10:53:04 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDpass.sys -- (InCDPass) DRV - [2005.07.25 10:52:59 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDrm.sys -- (incdrm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=EV&apn_dtid=&apn_uid=605456EC-5FA9-40E8-B884-6B8CB46F57D2&apn_sauid=AA1C77CA-9C54-4AAE-92BD-FB3750249214 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7IRFC_de IE - HKCU\..\SearchScopes\{CED21B1A-82FC-4F61-B311-58192BA1F541}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=eedde0fb-4c08-40a8-836b-2d50832359c5&apn_ptnrs=%5EABT&apn_sauid=6526C1A9-4538-47F4-8486-E7637A721CD9&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.09 16:47:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.09 16:47:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.09 16:47:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.09 16:47:43 | 000,000,000 | ---D | M] [2009.11.28 15:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olli-Rosi\AppData\Roaming\mozilla\Extensions [2012.10.23 07:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olli-Rosi\AppData\Roaming\mozilla\Firefox\Profiles\lry94j95.default\extensions [2012.10.11 18:49:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Olli-Rosi\AppData\Roaming\mozilla\Firefox\Profiles\lry94j95.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.08 08:40:04 | 000,002,387 | ---- | M] () -- C:\Users\Olli-Rosi\AppData\Roaming\mozilla\firefox\profiles\lry94j95.default\searchplugins\askcom.xml [2012.12.20 13:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.20 19:18:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.12.09 16:47:47 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.23 12:07:34 | 000,599,424 | ---- | M] (3D RealityMaps GmbH) -- C:\Program Files\mozilla firefox\plugins\nprm3d.dll [2010.05.19 15:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.24 20:39:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 16:44:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.24 20:39:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.24 20:39:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.24 20:39:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.24 20:39:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2012.12.21 15:59:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKCU..\Run: [Device Detection] C:\Programme\PhotoDoseNEU\dd.exe () O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics) O4 - Startup: C:\Users\Olli-Rosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\tnns0xnif.dll File not found O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/Olli-Rosi/Videos/Nepal_1/components/hidinputmonitorx.ocx (HidInputMonitorX Control) O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/Olli-Rosi/Videos/Nepal_1/components/A9.ocx (A9Helper.A9) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/Olli-Rosi/Videos/Nepal_1/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5A021AC-C389-4137-A96C-E6D9738CCD04}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{cbe9ee14-0f4c-4131-9bd0-cc0afcc7511d}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: Getdo - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SPC230NC_Monitor - hkey= - key= - C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) MsConfig - StartUpReg: SPC_Monitor - hkey= - key= - C:\Windows\Philips\SPC230NC\Monitor.exe (PixArt Imaging Incorporation) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 17:07:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Olli-Rosi\Desktop\OTL.exe [2012.12.21 16:03:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.21 14:55:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.21 14:55:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.21 14:55:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.21 14:54:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.21 14:53:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.21 14:40:23 | 005,012,825 | R--- | C] (Swearware) -- C:\Users\Olli-Rosi\Desktop\ComboFix.exe [2012.12.21 13:47:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Olli-Rosi\Desktop\tdsskiller.exe [2012.12.21 13:38:23 | 000,000,000 | ---D | C] -- C:\Users\Olli-Rosi\AppData\Roaming\G Data [2012.12.21 13:38:21 | 000,000,000 | ---D | C] -- C:\Users\Olli-Rosi\AppData\Local\G DATA [2012.12.20 19:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2012.12.20 19:43:20 | 000,000,000 | ---D | C] -- C:\Users\Olli-Rosi\AppData\Roaming\QuickScan [2012.12.20 19:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.12.20 19:18:55 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.de.dll [2012.12.20 17:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2012.12.20 13:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013 [2012.12.20 13:08:53 | 000,050,080 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.12.20 13:08:44 | 000,093,728 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2012.12.20 13:08:44 | 000,050,040 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2012.12.20 13:08:43 | 000,041,888 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2012.12.20 13:08:42 | 000,053,664 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2012.12.20 13:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012.12.20 13:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data [2012.12.20 13:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\G Data [2012.12.20 13:02:07 | 000,000,000 | ---D | C] -- C:\Users\Olli-Rosi\AppData\Local\Downloaded Installations [2012.12.20 13:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2012.12.09 16:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.03 12:27:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.12.03 12:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.03 12:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.11.23 20:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus ========== Files - Modified Within 30 Days ========== [2012.12.21 17:07:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Olli-Rosi\Desktop\OTL.exe [2012.12.21 16:54:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.21 16:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.21 16:13:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 16:13:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 16:08:18 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.21 16:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 16:06:02 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 15:59:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.21 14:41:00 | 005,012,825 | R--- | M] (Swearware) -- C:\Users\Olli-Rosi\Desktop\ComboFix.exe [2012.12.21 13:47:08 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Olli-Rosi\Desktop\tdsskiller.exe [2012.12.21 11:50:16 | 000,923,279 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.12.21 11:50:16 | 000,050,254 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.12.21 10:35:04 | 000,003,198 | ---- | M] () -- C:\Users\Olli-Rosi\Desktop\G Data Protokoll ID 17 a.html [2012.12.21 10:34:45 | 000,009,622 | ---- | M] () -- C:\Users\Olli-Rosi\Desktop\G Data Protokoll ID 14.html [2012.12.20 23:56:18 | 000,218,471 | ---- | M] () -- C:\ProgramData\1356044098.bdinstall.bin [2012.12.20 20:06:53 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml [2012.12.20 20:01:54 | 001,082,909 | ---- | M] () -- C:\ProgramData\1356028864.bdinstall.bin [2012.12.20 20:00:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2012.12.20 19:20:30 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2012.12.20 19:18:55 | 000,093,728 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2012.12.20 19:18:55 | 000,053,664 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2012.12.20 19:18:55 | 000,041,888 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2012.12.20 17:58:59 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.20 17:57:42 | 000,234,036 | ---- | M] () -- C:\ProgramData\1356022631.bdinstall.bin [2012.12.20 13:08:44 | 000,050,040 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2012.12.20 13:08:37 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2012.12.20 12:58:34 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.20 12:58:34 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.20 12:58:34 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.20 12:58:34 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.19 10:11:12 | 001,030,686 | ---- | M] () -- C:\Users\Olli-Rosi\Documents\5.2 Davos.pdf [2012.12.14 17:37:40 | 000,510,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.23 20:06:16 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.11.23 20:06:16 | 000,002,008 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ========== Files Created - No Company Name ========== [2012.12.21 14:55:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.21 14:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.21 14:55:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.21 14:55:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.21 14:55:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.21 10:42:38 | 000,923,279 | ---- | C] () -- C:\Windows\System32\sig.bin [2012.12.21 10:42:38 | 000,050,254 | ---- | C] () -- C:\Windows\System32\nmp.map [2012.12.21 10:35:04 | 000,003,198 | ---- | C] () -- C:\Users\Olli-Rosi\Desktop\G Data Protokoll ID 17 a.html [2012.12.21 10:34:45 | 000,009,622 | ---- | C] () -- C:\Users\Olli-Rosi\Desktop\G Data Protokoll ID 14.html [2012.12.20 23:56:18 | 000,218,471 | ---- | C] () -- C:\ProgramData\1356044098.bdinstall.bin [2012.12.20 20:06:53 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml [2012.12.20 20:01:54 | 001,082,909 | ---- | C] () -- C:\ProgramData\1356028864.bdinstall.bin [2012.12.20 20:00:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2012.12.20 17:57:42 | 000,234,036 | ---- | C] () -- C:\ProgramData\1356022631.bdinstall.bin [2012.12.20 13:08:37 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2012.12.19 10:11:12 | 001,030,686 | ---- | C] () -- C:\Users\Olli-Rosi\Documents\5.2 Davos.pdf [2012.09.16 11:54:06 | 000,122,120 | ---- | C] () -- C:\Users\Olli-Rosi\Vollmacht 1.pdf [2012.07.01 19:39:22 | 000,091,848 | ---- | C] () -- C:\Users\Olli-Rosi\SAB.htm [2012.06.24 19:24:47 | 000,880,019 | ---- | C] () -- C:\Users\Olli-Rosi\Foto0177.jpg [2010.09.14 19:09:46 | 005,397,546 | ---- | C] () -- C:\Users\Olli-Rosi\MAGIX_manual.pdf [2010.03.06 13:15:10 | 000,000,156 | ---- | C] () -- C:\Users\Olli-Rosi\AppData\Roaming\default.rss [2009.12.23 08:51:13 | 000,018,944 | ---- | C] () -- C:\Users\Olli-Rosi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.19 09:18:49 | 000,002,063 | ---- | C] () -- C:\Users\Olli-Rosi\Webcam Video Viewer.lnk [2009.12.04 08:42:58 | 000,118,052 | ---- | C] () -- C:\Users\Olli-Rosi\AppData\Roaming\mdbu.bin [2009.11.28 20:31:19 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.05.31 20:43:41 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\3D RealityMaps Viewer [2011.05.31 20:44:01 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Alpen 3D Online [2012.01.31 19:10:12 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Audacity [2010.02.19 18:10:51 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Buhl Data Service [2011.03.06 11:40:24 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Busms [2010.08.22 06:25:33 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2010.04.17 18:46:53 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\EPSON [2010.07.12 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Fyro [2012.12.21 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\G Data [2011.07.14 19:22:40 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\go [2009.12.12 13:29:03 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\InterTrust [2012.04.20 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\IrfanView [2009.12.13 09:46:53 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Leadertech [2011.07.30 07:28:03 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\MAGIX [2010.09.13 16:53:45 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\PanoramaStudio [2012.12.20 19:43:20 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\QuickScan [2010.12.04 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Sesy [2010.04.17 18:58:51 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Smart Panel [2010.07.11 13:20:11 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Vuav [2010.12.07 05:02:07 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\Vyli [2010.12.29 05:16:21 | 000,000,000 | ---D | M] -- C:\Users\Olli-Rosi\AppData\Roaming\WindSolutions ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.21 16:03:09 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.11.28 20:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings [2009.11.28 15:30:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.12.21 20:58:45 | 000,000,000 | ---D | M] -- C:\EPSON [2012.07.24 07:38:55 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0 [2009.09.24 16:36:40 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.10.15 13:55:08 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.12.20 17:57:41 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.20 23:56:18 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.11.28 15:30:32 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.21 16:03:06 | 000,000,000 | ---D | M] -- C:\Qoobox [2009.11.28 15:30:32 | 000,000,000 | ---D | M] -- C:\Recovery [2012.12.21 17:12:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.11.28 16:58:37 | 000,000,000 | ---D | M] -- C:\temp [2009.12.06 16:34:03 | 000,000,000 | R--D | M] -- C:\Users [2012.12.21 16:00:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2010.08.13 17:57:22 | 000,495,616 | ---- | M] (Gigaset Communications GmbH) -- C:\Windows\system32\Gqstsp.tsp [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.12.26 12:30:08 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.12.26 12:30:09 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.06.12 20:41:48 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\erdnt\cache\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll < %USERPROFILE%\*.* > [2012.06.24 19:25:15 | 000,880,019 | ---- | M] () -- C:\Users\Olli-Rosi\Foto0177.jpg [2010.09.14 19:09:46 | 005,397,546 | ---- | M] () -- C:\Users\Olli-Rosi\MAGIX_manual.pdf [2012.12.21 17:38:57 | 006,553,600 | -HS- | M] () -- C:\Users\Olli-Rosi\NTUSER.DAT [2012.12.21 17:38:57 | 000,262,144 | -HS- | M] () -- C:\Users\Olli-Rosi\ntuser.dat.LOG1 [2009.11.28 15:30:53 | 000,000,000 | -HS- | M] () -- C:\Users\Olli-Rosi\ntuser.dat.LOG2 [2010.03.17 10:37:02 | 000,065,536 | -HS- | M] () -- C:\Users\Olli-Rosi\NTUSER.DAT{48497a2f-31a5-11df-8dd7-4061864ac134}.TM.blf [2010.03.17 10:37:02 | 000,524,288 | -HS- | M] () -- C:\Users\Olli-Rosi\NTUSER.DAT{48497a2f-31a5-11df-8dd7-4061864ac134}.TMContainer00000000000000000001.regtrans-ms [2010.03.17 10:37:02 | 000,524,288 | -HS- | M] () -- C:\Users\Olli-Rosi\NTUSER.DAT{48497a2f-31a5-11df-8dd7-4061864ac134}.TMContainer00000000000000000002.regtrans-ms [2009.11.28 16:01:55 | 000,065,536 | -HS- | M] () -- C:\Users\Olli-Rosi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2009.11.28 16:01:55 | 000,524,288 | -HS- | M] () -- C:\Users\Olli-Rosi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2009.11.28 16:01:55 | 000,524,288 | -HS- | M] () -- C:\Users\Olli-Rosi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2009.11.28 15:30:53 | 000,000,020 | -HS- | M] () -- C:\Users\Olli-Rosi\ntuser.ini [2012.06.27 17:43:28 | 000,021,773 | ---- | M] () -- C:\Users\Olli-Rosi\Renovierung EG_WINDJÄGER.xlsx [2012.07.01 19:39:23 | 000,091,848 | ---- | M] () -- C:\Users\Olli-Rosi\SAB.htm [2012.11.09 19:00:25 | 000,023,552 | -HS- | M] () -- C:\Users\Olli-Rosi\Thumbs.db [2012.09.16 11:54:06 | 000,122,120 | ---- | M] () -- C:\Users\Olli-Rosi\Vollmacht 1.pdf [2009.12.19 09:18:49 | 000,002,063 | ---- | M] () -- C:\Users\Olli-Rosi\Webcam Video Viewer.lnk < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.12.2012 17:09:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Olli-Rosi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 66,01% Memory free
6,00 Gb Paging File | 4,60 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 579,59 Gb Free Space | 63,66% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,32 Gb Free Space | 51,60% Space Free | Partition Type: NTFS
Computer Name: OLLI-ROSI-PC | User Name: Olli-Rosi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Photo Dose - Bestellsoftware] -- "C:\Program Files\PhotoDoseNEU\Loader.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D37DE7-7AB4-41DC-8743-7C4696226D3B}" = lport=137 | protocol=17 | dir=in | app=system |
"{0DC03B8F-D871-4919-9070-B55C8C2F3B47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BD96E94-4011-4643-B42D-81C3F67F0DEB}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E3F6AAE-71AB-4427-A524-6E6232A03FDE}" = lport=138 | protocol=17 | dir=in | app=system |
"{22A6F357-E272-436C-BA53-03204CC39CAF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24F91CE8-8B79-4DFC-9069-3B184869ED8A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{320C82CA-864C-4D85-A189-1F976772980F}" = lport=445 | protocol=6 | dir=in | app=system |
"{3276605C-D7CB-447F-B47F-D3C26C6C4FC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54B70465-3A61-41C6-BC9E-E7D5AEA54335}" = lport=139 | protocol=6 | dir=in | app=system |
"{5EE3B4C2-C1DD-458A-9BAC-0752BFE5F38D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6D917798-EDCD-416C-B85C-434BB5074D02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72A7FCEB-0267-4383-90E4-03A2E15D594B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B8474E9-495A-466D-AFED-EEFB54C2FACC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84481596-5597-4AB3-881D-9365D9069BFD}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EBEFB85-2A3A-43E1-8506-3B9FE5C2C2A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{93D8D66B-0951-4589-B1ED-ABCBDC1CA9F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A56B2C77-3EE7-46A2-90D0-90300B63698D}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9548924-C31F-41FE-BD3E-64D4D5B24FEC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B80D04FF-E500-4441-8313-21BCF970EBE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFA1033D-869E-45FD-B99E-18F5B9130F22}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA0921DD-A5EC-485F-9F8B-7A6100BEB1B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D16865EB-EDF1-4B9C-AA89-77125985AB3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3DBEDBB-64F8-4A9F-BC32-E5C40EC60D1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DAD4A5A9-5364-4077-9EB4-F479811A604F}" = rport=137 | protocol=17 | dir=out | app=system |
"{EDA1C96B-EDEF-4C24-8E5B-F91D74B30AF4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EF296D7D-12A1-4FCD-AB9E-FC99D09AEF17}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17B3D830-9D54-4E13-8D53-E3163747F154}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FB96938-713D-4314-9F04-061109A72417}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{22D484BE-B5AC-4CD5-85D1-71E0319C1E9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23BAA1D0-7D2A-4ACC-BD29-CE9B655C6FE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A5ECD12-03C6-43F2-818D-39B9B3297459}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{33F234B5-EB69-4A8A-AC4F-1DAF072C1364}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{39FD6869-4BE0-4AEF-A750-001F56BF32CB}" = protocol=6 | dir=out | app=system |
"{49C9F7A2-4A22-4404-8596-66B501F93EB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FCFFC18-90BF-451E-BF3F-3DD625831F36}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5DA814B4-F170-4093-A945-76CCB2F3325B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6CA2E635-24BF-41D6-8AD0-9FAFD354A042}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E8833BE-2DD0-4614-B52D-ABC9BE2B3B74}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{73309332-1603-4846-B4B5-AFEB5F959D83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7839612D-FBAE-4DE1-A09F-0F5B8132BF7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80E749C6-5163-46D6-A4B5-A2F55FD0F87E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{837FAEBA-772D-49C4-8AD0-9E6158EAD264}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9DD1D537-DA76-492D-9FC8-6845A4E14C34}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{9F2F06CB-B26E-434C-A407-6F386721AB61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A537D6DB-E3E3-46C6-97B8-D3DB3D29A168}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A8ADAA08-4F03-4906-B703-6C7665E057D3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B122104D-9065-419F-AA9E-B13E709B6211}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BA3BEC9C-A678-4005-A5D5-C3C3B41820C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BAD685C8-3447-4A2C-856C-180AABA72E60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C00CF6E4-5825-440C-997A-9CEEAA6CE55C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1AF34BC-8084-406E-BD35-E7FA73662F68}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{C3CF7EA2-5096-46DF-B562-E993F0E8E611}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CEECAC09-3341-4EA4-9431-90EBB52FC56A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAD15011-B0AC-40CC-8242-1B593AEFAFDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBFE7E4B-CB22-4AF9-9EF8-F0744CCC112A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F08A753A-133E-4A03-B14F-3587DD5B02AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F450C8E5-747B-4EB2-AC0E-FD2C7C7CBE36}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F6630D38-6924-4687-A230-6D3EB1FEC646}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F77BF01F-CA74-4B5A-A17D-F31A0F9D14EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8236EB5-C0A4-44CB-9DB3-C01E61D782D0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FBEF75C9-5138-40BB-BC8A-B09530DAF398}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{0BDB380E-60C6-45C0-BD9B-FA5F0E3D5540}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{0EFFC6A7-AAD8-432A-8027-972FE046BE36}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=6 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |
"TCP Query User{1293E0E7-2E26-4B55-8015-EAB6E56BF040}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7644ACB9-3DE4-46EB-9954-BE8395B1AB06}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{950D7345-D931-4E39-9EF5-977F28859F77}C:\windows\temp\navbrowser.exe" = protocol=6 | dir=in | app=c:\windows\temp\navbrowser.exe |
"TCP Query User{AC33AF3D-BA28-4333-BA8F-AB14AA02E7E3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E15BB84A-D818-4BD4-98A7-D0A5426F5226}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=6 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |
"UDP Query User{4568CE10-AB06-472E-856B-6578FCCF5763}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{74EFB01E-22B0-4F2C-98FC-5D4F2CA78722}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=17 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |
"UDP Query User{9C8AD683-F92A-4651-AE38-4850C0D68985}C:\program files\philips\intelligent agent\philips intelligent agent.exe" = protocol=17 | dir=in | app=c:\program files\philips\intelligent agent\philips intelligent agent.exe |
"UDP Query User{AE983031-9023-4067-872F-AA7351FED48E}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{D75C04E3-875E-4465-B6C8-9591F5D6278D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F0D9FE3E-6F3C-49D5-9B9D-B857B4D60889}C:\windows\temp\navbrowser.exe" = protocol=17 | dir=in | app=c:\windows\temp\navbrowser.exe |
"UDP Query User{FE97E7A2-D5F8-4B98-897F-8B397F2BF2BC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{037593ae-02ac-4cbd-a9c7-fa76df6913b1}" = Nero 9
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{05F350C6-FA6A-40D0-A130-FB941B39152C}" = Philips SPC230NC Webcam
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{0E1EF887-ED45-4AA6-891E-379CA7876306}" = MAGIX Fotos auf CD & DVD 9 deluxe
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F7F8182-7FA3-4C49-86FD-7B3324806C16}" = MAGIX 3D Maker (embedded MSI)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1161D415-64B5-45F3-97AD-E1D2786E33FC}" = MAGIX Speed burnR (MSI)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BB61B48-FEA6-4096-9201-6FE5AB0CD038}" = MAGIX Screenshare
"{2FBC726B-4E5E-4FAE-B222-C3D343E50015}" = EPSON Photo Print
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA590DA-4342-4390-BC8A-40EF3C03A687}" = MAGIX Fotos auf CD & DVD 10 Deluxe
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65B32A06-A49D-47A4-9863-86DD5F635130}" = MAGIX Online Druck Service
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7b7e564b-0c70-4506-9ab6-b7a2044425ab}" = Gigaset QuickSync
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{9FE71A92-DF5D-5880-F8B0-7FF30CE49B44}" = myphotobook.de
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9737B90-6903-4C69-BE4B-0D9491AFB280}" = MAGIX Foto Manager 10
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{CECB7782-F35F-45CE-97C0-74BBBDC51C22}" = Webcam Video Viewer
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF9A22AC-9FD0-42B5-B0F3-3221AEC48978}" = MAGIX Speed 2 (MSI)
"{F00270EB-90E7-4C58-9665-741BB1017382}" = MAGIX Xtreme Foto Designer 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2574ADC-C8FD-4E2A-8198-46892834EA76}" = TouchCopy 09
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"AlpenOnlineViewer_is1" = 3D RealityMaps Viewer 1.2.4.3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx" = MAGIX Fotos auf CD & DVD 10 Deluxe
"MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX Fotos auf CD & DVD 9 deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"P2400P Referenzhandbuch" = P2400P Referenzhandbuch
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"Photo Dose_is1" = PhotoDose 4.2
"ST5UNST #1" = Kaminfeuer Titanium Edition II
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Game Organizer" = EasyBits GO
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.06.2012 05:37:01 | Computer Name = Olli-Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f9207d9 Name des fehlerhaften Moduls: mozglue.dll, Version: 12.0.0.4493,
Zeitstempel: 0x4f91f34c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000374b ID des fehlerhaften
Prozesses: 0x1510 Startzeit der fehlerhaften Anwendung: 0x01cd4ba33cde04a0 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\mozglue.dll Berichtskennung: d25db700-b796-11e1-85e0-4061864ac134
Error - 23.06.2012 13:23:55 | Computer Name = Olli-Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f920759 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x5e529903 ID des fehlerhaften Prozesses: 0x1738 Startzeit der fehlerhaften Anwendung:
0x01cd5164bda99740 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll Berichtskennung: 3500eb90-bd58-11e1-97f2-4061864ac134
Error - 25.06.2012 03:17:20 | Computer Name = Olli-Rosi-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x0)
festgestellt.
Error - 28.06.2012 09:40:30 | Computer Name = Olli-Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
Zeitstempel: 0x4fb57c8f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x3628 Startzeit der fehlerhaften Anwendung: 0x01cd553391cfd7d8 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: d30cc508-c126-11e1-ba75-4061864ac134
Error - 03.07.2012 09:58:31 | Computer Name = Olli-Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
Version: 11.3.300.262, Zeitstempel: 0x4fe20fae Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
Version: 11.3.300.262, Zeitstempel: 0x4fe21212 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00005f0c ID des fehlerhaften Prozesses: 0x15e0 Startzeit der fehlerhaften Anwendung:
0x01cd592388fd5e70 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
2b6979f0-c517-11e1-a383-4061864ac134
Error - 07.07.2012 04:14:52 | Computer Name = Olli-Rosi-PC | Source = VSS | ID = 12310
Description =
Error - 07.07.2012 04:14:52 | Computer Name = Olli-Rosi-PC | Source = VSS | ID = 12298
Description =
Error - 15.08.2012 04:57:15 | Computer Name = Olli-Rosi-PC | Source = Windows Search Service | ID = 3007
Description =
Error - 16.09.2012 13:18:32 | Computer Name = Olli-Rosi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.116, Zeitstempel:
0x50001496 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
0x4ec49b60 Ausnahmecode: 0xc0000264 Fehleroffset: 0x000a1742 ID des fehlerhaften Prozesses:
0x96c Startzeit der fehlerhaften Anwendung: 0x01cd942aa70a6ce0 Pfad der fehlerhaften
Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 897c6841-0022-11e2-b580-4061864ac134
Error - 10.10.2012 04:54:47 | Computer Name = Olli-Rosi-PC | Source = Windows Search Service | ID = 3007
Description =
[ Media Center Events ]
Error - 11.07.2012 09:09:55 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 15:09:55 - Fehler beim Herstellen der Internetverbindung. 15:09:55
- Serververbindung konnte nicht hergestellt werden..
Error - 11.07.2012 09:10:02 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 15:10:00 - Fehler beim Herstellen der Internetverbindung. 15:10:00
- Serververbindung konnte nicht hergestellt werden..
Error - 24.07.2012 01:36:00 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 07:35:59 - Fehler beim Herstellen der Internetverbindung. 07:35:59
- Serververbindung konnte nicht hergestellt werden..
Error - 24.07.2012 01:36:11 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 07:36:05 - Fehler beim Herstellen der Internetverbindung. 07:36:05
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 11:24:24 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 17:24:24 - Fehler beim Herstellen der Internetverbindung. 17:24:24
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 11:24:32 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 17:24:29 - Fehler beim Herstellen der Internetverbindung. 17:24:29
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 12:25:46 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 18:25:45 - Fehler beim Herstellen der Internetverbindung. 18:25:45
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 12:25:56 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 18:25:51 - Fehler beim Herstellen der Internetverbindung. 18:25:51
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 13:26:52 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 19:26:52 - Fehler beim Herstellen der Internetverbindung. 19:26:52
- Serververbindung konnte nicht hergestellt werden..
Error - 02.08.2012 13:27:00 | Computer Name = Olli-Rosi-PC | Source = MCUpdate | ID = 0
Description = 19:26:57 - Fehler beim Herstellen der Internetverbindung. 19:26:57
- Serververbindung konnte nicht hergestellt werden..
[ OSession Events ]
Error - 24.01.2011 09:18:06 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.01.2011 11:39:27 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.01.2011 12:58:25 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.01.2011 12:59:55 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.02.2011 01:49:12 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.02.2011 01:49:24 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09.03.2011 13:14:26 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 189
seconds with 180 seconds of active time. This session ended with a crash.
Error - 10.03.2011 15:52:21 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 472
seconds with 120 seconds of active time. This session ended with a crash.
Error - 02.06.2011 12:09:43 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.01.2012 10:09:13 | Computer Name = Olli-Rosi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 5501
seconds with 3060 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.12.2012 12:38:14 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
Dieser Dienst ist eventuell nicht installiert.
Error - 21.12.2012 12:38:14 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%2
Error - 21.12.2012 12:39:20 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
Dieser Dienst ist eventuell nicht installiert.
Error - 21.12.2012 12:39:20 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
Dieser Dienst ist eventuell nicht installiert.
Error - 21.12.2012 12:39:20 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%2
Error - 21.12.2012 12:39:20 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
Dieser Dienst ist eventuell nicht installiert.
Error - 21.12.2012 12:41:27 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
Dieser Dienst ist eventuell nicht installiert.
Error - 21.12.2012 12:41:27 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
Dieser Dienst ist eventuell nicht installiert.
Error - 21.12.2012 12:41:27 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
Dieser Dienst ist eventuell nicht installiert.
Error - 21.12.2012 12:41:27 | Computer Name = Olli-Rosi-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet: %%2
< End of report >
|
|
21.12.2012, 18:06
| #10 |
| /// Malware-holic | Pc war mit GVU infiziert, was nun? hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
SRV - [2011.12.10 16:13:23 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\tnns0xnif.dll File not found
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.12.2012, 10:30
| #11 |
| | Pc war mit GVU infiziert, was nun? Hi, ich schreib jetzt vom Laptop aus. Hab gestern den Fix gemacht, danach wurde ein Neustart verlangt und duchgeführt. Beim Anmelden wurde mehrere Minuten der Willkommensscreen gezeigt und er war danach auch für eine längere Zeit schwarz. Der PC erkennt nun leider nicht mehr das Heimnetz, gibt an es seien keine Verbindungen verfügbar und bei dem Problembericht meint er, es konnten keine Proxyeinstellungen des Netzwerks ermittelt werden. Weis nicht ob das so sein soll  Hier ist das Logfile was nach dem Fix angezeigt wurde: Code:
ATTFilter All processes killed
========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
C:\Windows\System32\UpdSvc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000010\ deleted successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 56504 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Olli-Rosi
->Flash cache emptied: 194041 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Olli-Rosi
->Temp folder emptied: 1466 bytes
->Temporary Internet Files folder emptied: 1404989023 bytes
->Java cache emptied: 15489003 bytes
->FireFox cache emptied: 224074601 bytes
->Google Chrome cache emptied: 819568 bytes
->Apple Safari cache emptied: 7829504 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4673164 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.581,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12212012_180909
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
27.12.2012, 15:51
| #12 |
| /// Malware-holic | Pc war mit GVU infiziert, was nun?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Pc war mit GVU infiziert, was nun? |
| abgesicherte, abgesicherten, ausreichend, bereinigt, cookies, erneut, flashplayer, folgende, g-data, gemeldet, gesetzt, hallo zusammen, infiziert, infiziert., interne, java, meldungen, pc normal, programm, programme, tagen, temporäre, trojan.agent.bewvgen, trojan.fakems, trojan.ransom.sugen, zusammen |
Linear-Darstellung
