|
Plagegeister aller Art und deren Bekämpfung: gvu trojaner, (ukash) hat mich erwischt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.12.2012, 11:35 | #1 |
| gvu trojaner, (ukash) hat mich erwischt. guten tag, ich habe mir den gvu trojaner eingefangen. ich denke, ich konnte ihn beseitigen. bin mir aber nicht nicht sicher. mein vorletzter scan mit Malwarebytes brachte drei trojaner zum vorschein. die funde habe ich beseitigen lassen. der letzte scan brachte keine neuen funde. trotzdem bin ich unsicher. kann mir da jemand helfen?? gruß |
27.12.2012, 13:26 | #2 |
/// Malware-holic | gvu trojaner, (ukash) hat mich erwischt. Hi
__________________öffne Malwarebytes, Logdateien, poste Logs mit Funden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
27.12.2012, 14:31 | #3 |
| gvu trojaner, (ukash) hat mich erwischt. otl scanOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12/27/2012 2:12:10 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\meyer\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.97 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 72.83% Memory free 15.95 Gb Paging File | 12.54 Gb Available in Paging File | 78.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444.29 Gb Total Space | 346.48 Gb Free Space | 77.98% Space Free | Partition Type: NTFS Drive E: | 16.18 Gb Total Space | 2.43 Gb Free Space | 15.03% Space Free | Partition Type: NTFS Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32 Computer Name: LT138 | User Name: meyer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/27 14:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\meyer\Desktop\OTL.exe PRC - [2012/12/19 11:00:15 | 001,131,777 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/08/24 12:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/08/21 10:32:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/08/21 10:32:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/08/21 10:32:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/18 11:03:42 | 000,009,216 | ---- | M] (E+H Process Solutions AG) -- C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe PRC - [2012/06/18 11:01:02 | 000,171,008 | ---- | M] (Endress+Hauser Process Solutions AG) -- C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\SFG500CommDTMServer.exe PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/04/14 16:44:54 | 000,183,808 | ---- | M] (Tobit.Software) -- C:\Windows\SysWOW64\DV4TS.EXE PRC - [2011/03/03 18:32:16 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe PRC - [2011/02/11 01:44:28 | 000,076,344 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011/02/07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe PRC - [2011/01/29 00:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe PRC - [2011/01/28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe PRC - [2011/01/26 18:00:32 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011/01/26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/01/18 22:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011/01/18 22:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2011/01/15 15:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2011/01/13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe PRC - [2011/01/03 23:16:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/01/03 23:16:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010/11/11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe PRC - [2010/03/25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe ========== Modules (No Company Name) ========== MOD - [2012/11/15 11:03:10 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\21303503faca86dc22acdb09dea9caa6\IAStorUtil.ni.dll MOD - [2012/11/15 11:03:10 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\20e6ed751491ededa81930ae57e20a25\IAStorCommon.ni.dll MOD - [2012/11/15 07:21:38 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\616b25e9ad3de7ab58c67f200e21dbac\System.Web.ni.dll MOD - [2012/11/15 07:21:32 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/15 07:20:23 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/15 07:20:13 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/15 07:20:03 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/15 07:19:59 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/15 07:19:56 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/15 07:19:55 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/15 07:19:51 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/01/18 07:43:56 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll MOD - [2011/03/08 18:02:03 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/01/13 02:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll MOD - [2011/01/13 02:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/19 19:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2010/05/19 19:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010/05/19 19:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/04/22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll MOD - [2009/04/10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll MOD - [2009/03/03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009/03/03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009/03/03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009/03/03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll MOD - [2009/03/03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll MOD - [2009/03/03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll MOD - [2009/03/03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009/03/03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll MOD - [2009/03/03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/06/13 12:00:41 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2012/01/21 17:15:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2011/01/28 17:41:30 | 000,133,688 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2011/01/27 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2011/01/27 03:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2011/01/22 03:36:02 | 003,154,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2010/07/30 03:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/12/04 00:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/03 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/12/26 10:34:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/19 11:00:15 | 001,131,777 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe -- (AntiVir Security Management Center Agent) SRV - [2012/08/24 12:01:41 | 002,735,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/08/21 10:32:16 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012/08/21 10:32:16 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012/08/21 10:32:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/08/21 10:32:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/06/18 11:03:42 | 000,009,216 | ---- | M] (E+H Process Solutions AG) [Auto | Running] -- C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe -- (EH.SFG500.CommServer) SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/06/13 10:32:00 | 002,703,360 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011/03/03 18:32:16 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2011/02/07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2011/01/29 00:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2011/01/26 18:00:00 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/01/18 22:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2011/01/03 23:16:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/01/03 23:16:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/29 20:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010/11/11 08:43:00 | 000,502,464 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture) SRV - [2010/03/25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/28 10:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 10:32:17 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/08/21 10:32:17 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/08/21 10:32:17 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/08/20 16:23:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas) DRV:64bit: - [2012/06/13 12:00:40 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2012/06/13 12:00:40 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/22 01:25:16 | 010,497,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/01/21 16:36:52 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012/01/11 19:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/12/05 08:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/09/16 00:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/03/18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/04 01:05:58 | 000,277,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2011/02/28 22:24:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\h36wgps64.sys -- (h36wgps) DRV:64bit: - [2011/02/08 18:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2011/01/30 20:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011/01/27 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/12/16 09:05:12 | 000,201,680 | ---- | M] (Softing Industrial Automation GmbH) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\PROFIbrd.sys -- (PROFIbrd) DRV:64bit: - [2010/12/14 11:36:04 | 000,150,992 | ---- | M] (Softing Industrial Automation GmbH) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\PROFIstack.sys -- (PROFIstack) DRV:64bit: - [2010/12/14 10:54:28 | 000,023,376 | ---- | M] (Softing Industrial Automation GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\PROFIpnp.sys -- (PROFIpnp) DRV:64bit: - [2010/12/03 02:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010/11/20 04:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 04:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 02:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 02:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/11/20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/11 08:46:00 | 000,032,192 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2010/11/01 00:43:10 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2010/11/01 00:43:10 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:64bit: - [2010/11/01 00:43:10 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:64bit: - [2010/11/01 00:43:10 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/07/20 22:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/07/20 22:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/07/20 22:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/07/14 15:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010/03/10 11:30:04 | 000,049,720 | ---- | M] (Softing AG) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\PROFIprt.sys -- (PROFIprt) DRV:64bit: - [2010/03/10 11:29:08 | 000,047,032 | ---- | M] (Softing AG) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\PROFIusb.sys -- (PROFIusb) DRV:64bit: - [2010/03/02 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/02/24 03:25:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2010/02/24 03:25:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2010/01/26 21:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/08/18 13:06:36 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009/08/18 13:06:36 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009/08/18 13:06:36 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe (Broadcom Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DsMgr] C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [DV4TS.EXE] C:\Windows\SysWOW64\DV4TS.EXE (Tobit.Software) O4 - HKLM..\Run: [HPQuickWebProxy] c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - Startup: C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startmt.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = himteam.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FCA07D-F6CA-451B-9A80-5A0DE0FAB8D0}: DhcpNameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E6E76A-9AB2-4876-A573-69EFC08BD608}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3c60b3d5-21ba-11e2-a883-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{3c60b3d5-21ba-11e2-a883-028037ec0200}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^meyer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk - C:\windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/27 14:09:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\meyer\Desktop\OTL.exe [2012/12/27 09:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/12/27 09:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/12/21 09:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/12/20 14:27:22 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Roaming\Malwarebytes [2012/12/20 14:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/20 14:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/20 14:26:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/12/20 14:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/20 10:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/12/20 10:21:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2012/12/20 10:21:45 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe [2012/12/20 10:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2012/12/20 10:20:53 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Local\Programs [2012/12/14 12:58:06 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Roaming\Hewlett-Packard [2012/12/14 12:57:58 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Local\Hewlett-Packard [2012/12/10 14:36:16 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012/12/10 14:09:43 | 000,000,000 | ---D | C] -- C:\windows\pss [2012/12/10 12:14:48 | 000,000,000 | ---D | C] -- C:\Users\meyer\AppData\Local\Logitech® Webcam-Software [2012/11/28 10:42:06 | 000,402,272 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysWow64\rsnp2uvc.dll [2012/11/28 10:42:06 | 000,400,736 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\rsnp2uvc.dll [2012/11/28 10:42:06 | 000,379,232 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\vsnp2uvc.dll [2012/11/28 10:42:06 | 000,246,112 | ---- | C] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2012/12/27 14:11:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/12/27 14:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\meyer\Desktop\OTL.exe [2012/12/27 11:20:16 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/27 11:20:16 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/27 11:11:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/27 11:10:58 | 4268,077,055 | -HS- | M] () -- C:\hiberfil.sys [2012/12/21 11:01:00 | 000,359,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/12/21 09:26:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/12/20 14:26:58 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/20 10:22:26 | 001,799,538 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/12/20 10:22:26 | 000,764,936 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/12/20 10:22:26 | 000,718,878 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/12/20 10:22:26 | 000,174,210 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/12/20 10:22:26 | 000,147,060 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/12/20 10:21:48 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/12/19 10:56:13 | 000,000,432 | ---- | M] () -- C:\windows\BRWMARK.INI [2012/12/03 18:20:48 | 000,001,584 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2012/11/28 10:42:06 | 001,866,080 | ---- | M] () -- C:\windows\SysNative\drivers\snp2uvc.sys [2012/11/28 10:42:06 | 000,402,272 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysWow64\rsnp2uvc.dll [2012/11/28 10:42:06 | 000,400,736 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\rsnp2uvc.dll [2012/11/28 10:42:06 | 000,379,232 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\vsnp2uvc.dll [2012/11/28 10:42:06 | 000,246,112 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\windows\SysNative\csnp2uvc.dll [2012/11/28 10:42:06 | 000,026,464 | ---- | M] () -- C:\windows\snuvcdsm.exe ========== Files Created - No Company Name ========== [2012/12/26 10:34:22 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/12/21 09:26:49 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/12/20 14:26:58 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/12/20 10:21:48 | 000,002,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2012/12/20 10:21:48 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/11/28 10:42:06 | 001,866,080 | ---- | C] () -- C:\windows\SysNative\drivers\snp2uvc.sys [2012/11/28 10:42:06 | 000,026,464 | ---- | C] () -- C:\windows\snuvcdsm.exe [2012/11/07 10:18:20 | 000,000,208 | ---- | C] () -- C:\windows\ODBCINST.INI [2012/10/09 07:17:29 | 000,000,054 | ---- | C] () -- C:\windows\CoDeSysOPC.ini [2012/08/21 11:01:33 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI [2012/08/21 11:01:33 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD5250DN.DAT [2012/08/21 10:25:30 | 000,185,344 | ---- | C] () -- C:\windows\DVGRF.DLL [2012/08/21 10:25:30 | 000,099,840 | ---- | C] () -- C:\windows\IMGMSGMO.dll [2012/08/21 10:25:10 | 000,000,023 | ---- | C] () -- C:\windows\AVFD.INI [2012/08/21 10:25:08 | 008,621,568 | ---- | C] () -- C:\windows\TOBITCLT.DLL [2012/08/21 10:24:38 | 000,000,650 | ---- | C] () -- C:\windows\Tobit.ini [2012/08/21 10:17:38 | 000,002,592 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/06/13 12:29:04 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejfii.sys [2012/06/13 12:11:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012/06/13 12:08:13 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2012/06/13 12:07:18 | 000,030,028 | R--- | C] () -- C:\windows\ConnectionProfiles.dat [2012/06/12 20:34:59 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012/06/12 20:34:59 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012/06/12 20:34:59 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012/01/22 07:25:26 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2012/01/22 07:25:14 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll [2012/01/18 15:20:26 | 000,102,400 | R--- | C] () -- C:\windows\SysWow64\dtmMANAGERSatellite_01.dll [2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll [2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll [2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe [2011/03/08 18:12:59 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejghg.sys [2011/03/08 18:01:28 | 000,000,178 | ---- | C] () -- C:\windows\SysWow64\HPPA.ini [2011/03/08 17:56:16 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdejgie.sys [2011/03/08 17:27:28 | 001,826,808 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/02/25 23:32:12 | 000,012,144 | ---- | C] () -- C:\windows\HPun2430Version.dll [2011/01/22 20:40:54 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign [2010/03/15 20:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/06 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\DVDVideoSoft [2012/11/05 18:43:47 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Leadertech [2012/08/21 10:21:31 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Synaptics [2012/08/21 10:28:14 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Tobit [2012/10/29 20:25:12 | 000,000,000 | ---D | M] -- C:\Users\meyer\AppData\Roaming\Vodafone ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/09/03 11:20:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009/07/27 16:04:41 | 000,000,000 | -HSD | M] -- C:\boot [2012/08/20 11:58:30 | 000,000,000 | ---D | M] -- C:\dienst [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/03/08 17:21:48 | 000,000,000 | ---D | M] -- C:\EFI [2011/03/08 18:13:18 | 000,000,000 | -H-D | M] -- C:\hp [2012/08/17 09:22:32 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/12/21 09:26:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012/12/27 09:06:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012/12/27 11:07:15 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012/08/16 11:52:20 | 000,000,000 | ---D | M] -- C:\swsetup [2012/12/27 14:13:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012/08/16 11:58:56 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2012/09/03 11:20:22 | 000,000,000 | R--D | M] -- C:\Users [2012/12/27 14:04:59 | 000,000,000 | ---D | M] -- C:\Windows [2012/08/20 12:02:19 | 000,000,000 | ---D | M] -- C:\_inst < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 03:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,528 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012/12/26 10:34:22 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010/10/29 04:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010/10/29 04:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/10/29 04:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/10/29 04:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010/10/29 04:06:46 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/10/29 04:03:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/10/29 04:06:46 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe [2010/10/29 04:03:01 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\drivers\iaStor.sys [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys [2011/01/13 02:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010/05/12 09:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010/05/12 09:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010/11/20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/05/12 09:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2010/05/12 09:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010/11/20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010/11/20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010/11/20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010/11/20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/10/29 04:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/10/29 04:06:46 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012/11/14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\ieframe.dll < %USERPROFILE%\*.* > [2012/12/27 14:13:38 | 002,097,152 | -HS- | M] () -- C:\Users\meyer\ntuser.dat [2012/12/27 14:13:38 | 000,262,144 | -HS- | M] () -- C:\Users\meyer\ntuser.dat.LOG1 [2012/08/21 10:21:04 | 000,000,000 | -HS- | M] () -- C:\Users\meyer\ntuser.dat.LOG2 [2012/08/21 10:34:34 | 000,065,536 | -HS- | M] () -- C:\Users\meyer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012/08/21 10:34:34 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012/08/21 10:34:34 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/12/14 13:18:38 | 000,065,536 | -HS- | M] () -- C:\Users\meyer\ntuser.dat{19f6c973-45e4-11e2-b9cc-028037ec0200}.TM.blf [2012/12/14 13:18:38 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\ntuser.dat{19f6c973-45e4-11e2-b9cc-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2012/12/14 13:18:38 | 000,524,288 | -HS- | M] () -- C:\Users\meyer\ntuser.dat{19f6c973-45e4-11e2-b9cc-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2009/07/27 15:09:59 | 000,000,020 | -HS- | M] () -- C:\Users\meyer\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > malware bytes mit fund: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 meyer :: LT138 [Administrator] 27.12.2012 10:49:57 mbam-log-2012-12-27 (10-49-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 301894 Laufzeit: 1 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\meyer\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) danach Malwarebytes ohne fund: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.21.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 meyer :: LT138 [Administrator] 27.12.2012 11:43:53 mbam-log-2012-12-27 (11-43-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 492530 Laufzeit: 1 Stunde(n), 7 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
27.12.2012, 14:42 | #4 |
| gvu trojaner, (ukash) hat mich erwischt. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/27/2012 2:12:10 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\meyer\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7.97 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 72.83% Memory free 15.95 Gb Paging File | 12.54 Gb Available in Paging File | 78.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444.29 Gb Total Space | 346.48 Gb Free Space | 77.98% Space Free | Partition Type: NTFS Drive E: | 16.18 Gb Total Space | 2.43 Gb Free Space | 15.03% Space Free | Partition Type: NTFS Drive F: | 4.98 Gb Total Space | 2.13 Gb Free Space | 42.69% Space Free | Partition Type: FAT32 Computer Name: LT138 | User Name: meyer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{179CE942-A6A2-4978-8E6B-904DB93E33A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2691BF57-82A2-4A86-A348-2E120E70068D}" = rport=139 | protocol=6 | dir=out | app=system | "{2B389D5E-8FD8-4714-A041-38CBA796A6FC}" = lport=138 | protocol=17 | dir=in | app=system | "{38D20A0B-9DF5-41B7-948D-5BFA329CFF6B}" = rport=138 | protocol=17 | dir=out | app=system | "{417968E5-676A-47A1-B5D0-0466287B8A19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7A1856A1-E805-4105-A1DE-10654BB3A907}" = lport=445 | protocol=6 | dir=in | app=system | "{7F387B16-7006-4856-9855-1D46128C7C6B}" = rport=137 | protocol=17 | dir=out | app=system | "{7FD11283-F7B2-46F4-918C-B97664D744AD}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | "{933B31F4-AF06-4E4B-B8EC-6C036957E3D4}" = lport=137 | protocol=17 | dir=in | app=system | "{9AB8CA93-B2C0-485F-9E6C-890E6C09A504}" = lport=139 | protocol=6 | dir=in | app=system | "{BC52268D-405D-4D59-8AA8-91BE81D0550D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D0941B69-125F-4F50-842B-25B2D09CFFEE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E0E3C9BD-41C3-47A5-84D5-2D588307DA0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F3E31E1B-40BF-4362-A9CC-87926C7281BA}" = lport=3389 | protocol=6 | dir=in | app=system | "{F837022B-3079-4310-9ABD-0BFA358B9F33}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01266884-894A-48BB-B97E-FEA6C149E513}" = protocol=6 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\eh.sfg.sfg500.commserver.exe | "{0986E042-0FB2-461C-97F5-2BFDDA5A5602}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0A3C8BB1-83F5-42D1-B314-5F67919C90A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\gateway.exe | "{109EDFAF-E0CB-49AB-B9FB-68FC4A8CEE3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{19EFFAA1-A783-4BF6-9182-E40888701702}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{1B4D7D42-BD81-4062-8499-192355080966}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1EBD6116-4C78-49B2-AA51-63FF0241DFB3}" = protocol=17 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | "{25ECF474-3CE0-4431-B646-536AF0641A59}" = protocol=17 | dir=in | app=c:\windows\syswow64\gateway.exe | "{525B1953-63AD-4EB0-BAE7-B1485D53E9C4}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{60C3B891-F91D-4675-AFD4-77A6B35B9D26}" = protocol=6 | dir=in | app=c:\windows\syswow64\gateway.exe | "{63E93E17-3CD7-4AD1-9D7C-7D63D16EEC0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | "{7FD53F32-0CB0-4D29-8982-67D292C43588}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{9316900F-21AC-4A94-A6DD-2CE91CB57E32}" = protocol=17 | dir=in | app=c:\windows\syswow64\gateway.exe | "{94AADF10-713E-4AEF-9341-42C688E3F751}" = protocol=17 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\eh.sfg.sfg500.commserver.exe | "{9BBCA887-ABB6-43EA-84B6-4612F8E7B44A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9CEB4028-D0B4-40DC-B137-153B33464EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{DA2DDC66-52E6-47CF-B8D6-80BA0FCC39BD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{DDD3EEF7-FA99-4367-BC18-98C2DF3ECC3A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{DFFEA361-20CE-4DCF-AF37-8D4D7634608D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E8BB5F63-F0CB-4F35-83E8-961019AD6A0D}" = protocol=6 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\sfg500commdtmserver.exe | "{E8E8D975-0640-4306-8EFB-98C6FA0F01E0}" = protocol=17 | dir=in | app=c:\program files (x86)\endress+hauser\commdtm\profibus sfg500\sfg5xxcommsvr\sfg500commdtmserver.exe | "{E95E655D-25F0-41D0-9209-8EF7AC187AD9}" = protocol=6 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | "{F163AF12-3CE5-4798-AD06-0869DAA3BE11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{F2FA3F75-DA4D-4853-9FA0-CC09CB05581E}" = protocol=6 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | "{F364F837-8081-45D1-BE94-2EA4B44436CA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{F5643AD8-4A6F-4F51-A85E-FE63F2A001B6}" = dir=in | app=c:\program files (x86)\avira\avira security management center agent\agent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer "{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0 "{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client "{483D5A49-A26B-4CB8-AA2D-0D1811322061}" = HP DayStarter "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5438E1B0-6F68-4B87-92E8-7BF946883962}" = Softing Profibus Drivers and API "{5F790368-CC5C-4571-B3D3-BEA8EB068401}" = PCAN OEM 64-Bit "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{A1D577BD-692D-4AC9-98DF-8E3C33B792E4}" = Oracle VM VirtualBox 4.1.20 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera "{C8E7F1B9-A304-D655-A7BD-669020C47536}" = ccc-utility64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D0A76081-22E4-5B3F-5394-1229DDF73585}" = AMD Catalyst Install Manager "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver "498B9978CE49397903524B0761200F43EC650044" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02) "67170FB0228B69BCCBEF8CE14A76953A5505D8EA" = Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02) "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "Broadcom Wireless Utility" = Broadcom Wireless Utility "CCleaner" = CCleaner "D799FADEEBD9F7950736A4761F35786956C03D1B" = Windows-Treiberpaket - libusb-win32 (libusb0) libusb-win32 devices (10/02/2010 1.2.2.0) "LSI Soft Modem" = LSI HDA Modem "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "PROSet" = Intel(R) Network Connections Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003E5796-EF64-E4F4-E2EE-1E9F0D10E491}" = CCC Help Danish "{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0934A6DC-CFEF-45B3-89D7-D5F69008C4D2}" = MotionStudio "{098B3F8C-EE25-4EB2-98DF-0EC64E47B9E4}" = Endress+Hauser Profibus DTM Library Msi Setup Wrapper "{0C240737-D51D-4458-8F06-B9EA1F066417}" = ALPHAPLAN Client 2010 "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK "{1036E176-F5AD-4C6A-88B2-31A06D54BBEA}" = Endress+Hauser IPC (Level/Pressure) FXA193/291 DTMlibrary V2.33.00 "{119A4348-ED8B-4242-ADF7-544BE069A546}" = IOassistant "{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper "{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{1826494B-7A12-4D34-BFB8-0ED2D4A99A1E}" = CDI_Driver_Setup "{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager "{1ACD1A49-D6EA-489C-808D-1D9AA471D2EB}_is1" = XC/XV-Targets V2.3.9 SP2 (Patch 1) "{1B313630-25BC-4F48-5591-20C148CA4CDD}" = Endress+Hauser SFC162 Communication DTM V1.01.02.000 "{1D5743E5-8C9C-497F-AD8A-8E733EAF38A1}" = PAM Suite "{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam "{1E31DDD4-573F-480F-8D7C-B9048DA63C68}" = Endress+Hauser FF BasicDTM Msi Setup Wrapper "{1EA5EB62-B22E-420A-9136-397AABB6EEB0}" = Trebing + Himstedt DTM Library V4.0.4.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20976B1F-E910-404D-9261-C16EE7E12DC8}" = HP QuickWeb "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{225C4860-9D03-49F5-B983-943EB938E0B0}" = HP GPS and Location "{226F6E94-8E57-29D5-FD6D-7C89A3AD2F90}" = CCC Help German "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{2663F89C-AAB5-496F-8ECC-0E4456AC3A6E}" = FieldCare Profibus Profile "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{26FE0551-FBE8-72A0-7584-D5BCDE41FE33}" = CCC Help Swedish "{28D9389B-FB3E-B1D4-2EFD-EEAAFCD31523}" = CCC Help Italian "{2B045220-B747-3DB3-AD03-A494DF676BA7}" = CCC Help Chinese Traditional "{2B571236-978D-4DA8-B53B-98670DE2FF56}_is1" = MXpro V2.3.6 SP1 "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0 "{2C49E498-26AD-415E-8CFA-79DDB1C024BD}" = FieldCare "{2D2F83A9-6424-4529-930B-39DD87A2771C}" = Endress+Hauser PCP DTMlibrary V2.33.00 "{2E830895-851C-30C2-F3D2-3995E57896E7}" = CCC Help Polish "{30DC9571-4DBC-4641-B52D-C8993DAE7AAB}" = Endress+Hauser EnvelopeCurveViewer 2011 "{310358D8-48D1-4B35-A984-7DE3E88B6469}" = SEW-Communication-Server "{32A172F1-6D60-4EB4-B370-94747E313CAA}" = FieldCare HART Modem "{344A1AA2-AC8E-4741-BDB0-65B68FDA883C}" = HP SoftPaq Download Manager "{37F52BBE-2D75-55D4-8933-29D9C49A7197}" = CCC Help French "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver "{3E084D68-4C18-5565-9C14-E1C9218F8059}" = CCC Help Turkish "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{41F7F0D5-72E4-406F-B782-6D3AB619E167}" = Endress+Hauser FF DTM Library Msi Setup Wrapper "{43194BC8-4119-47EF-B187-9F91DDBCFEFC}_is1" = MXpro V2.3.6 "{4600190B-3A7C-46B7-9BD5-77E3BA833159}" = FieldCare FF commDTM "{46510B5B-5DF6-40EE-BBA3-2469D4583FE9}" = TXU10 Setup "{46898964-A7F1-46F8-980F-7C1482769DB7}" = Endress+Hauser PROFIBUS DTMlibrary V2.33.00 "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{46C954CF-5417-04EE-409A-F473BC7AE6E6}" = CCC Help Norwegian "{4889F684-216D-4EA3-9A0C-729DA5EC6BFB}" = Endress+Hauser SFC173 Communication DTM V1.01.01 "{48B08845-0CB0-45EC-893C-15319ADDA312}" = Microsoft SQL Server 2008 R2 Setup (English) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A83AB47-06EC-43C4-92C6-48A4F7FBF074}" = PLCEditor für MOVITOOLS MotionStudio "{4BE1D9D9-45B6-48D1-1CAE-F44E7936CD3B}" = Catalyst Control Center "{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 SP1 Database Engine Shared "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload "{531000B3-DBEE-4115-BBF3-DA48B67C053F}" = HP Software Setup "{53FDFECD-6A30-4CFA-82C1-BBB0A4685387}" = Endress+Hauser CDI DTM Library Msi Setup Wrapper "{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 SP1 Database Engine Services "{5A4EBA17-3E32-43f9-9F95-A9E660440310}" = FieldCare "{61A8DCC3-336D-4EB1-A00A-37BD38A02042}" = Endress+Hauser HART DTM Library Msi Setup Wrapper "{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}" = HP Documentation "{646E8C34-C88B-42F9-9F41-985A801219E1}" = HP Mobile Broadband Drivers "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{681B6343-F429-451F-9023-110C52F85C7C}_is1" = XC/XV-Targets V2.3.9 SP2 "{682F03E6-91C2-47DF-AD57-6BEC8EB8F992}" = FieldCare "{682F03E6-91C2-47DF-AD57-6BEC8EB8F992}_FIM" = FieldCare "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{699BE9A3-731B-4FF3-92E6-24C75A1EE9BC}" = FieldCare PlantView "{6A2D840F-065F-40F7-8F92-9EE1188EDD9B}" = MOVITOOLS® 4.70 "{6DE35E38-F7EE-4747-569A-0DBA92C51D66}" = Catalyst Control Center Localization All "{6E9B0E05-5557-9148-0E22-C73F3343DBBE}" = CCC Help Russian "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{73B0212E-9031-4256-913B-C5C663EBB8DB}" = Endress+Hauser HART DTMlibrary V2.33.00 "{76093D95-0E4A-D8A7-80AD-4B57B27FD417}" = CCC Help Greek "{7961278A-8FCE-43D7-8F97-AE5C97858F6E}" = Endress+Hauser IPC (Level/Pressure) FXA193/291 CommDTM V1.02.12 "{7ED95A62-1B99-4263-80D1-58187F02F484}" = Endress+Hauser HART Generic DTM V3.1.7 "{7FD171B9-A7DB-4FD5-BCE1-7DAB215CFE56}" = Endress+Hauser Flow Communication DTM FXA193/291 V3.18.00 "{824AF3BF-D1F9-472D-A4FF-30CF6168EB6A}" = Endress+Hauser CDI DTMlibrary V2.33.00 "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{867FF927-4191-46AF-91F2-E3ABA70ADEA1}" = Endress+Hauser PCP (ReadWin) Communication DTM 1.01.14 "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AB89B00-65A7-4DC6-99E8-122DF6491641}" = Endress+Hauser FXA520 DTM V1.05.09 "{8B3EF86B-8F3F-45C6-816A-58CB6FEE8D8D}" = Endress+Hauser SFG500 Comm DTM "{8B7137F8-8C9E-4C71-B4B4-E739D6EE445C}" = Endress+Hauser PCP DTM Library Msi Setup Wrapper "{8F13C519-143C-4A03-8E3B-22E8273C302D}" = FieldCare HART OPC commDTM "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite "{93968FB2-C67A-4A9B-80C2-5D4D9393058E}" = Microsoft SQL Server 2008 R2 RsFx Driver "{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97E66FE1-622E-4EC9-AB4F-2F4B78F0B55D}" = Endress+Hauser FF DTMLibrary V2.33.00 "{980214D9-E52D-4515-A5C6-0547A9474486}" = HART OPC Server "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A424C13D-E878-FCC9-6129-D4FC425142ED}" = Catalyst Control Center Profiles Mobile "{A787E44A-57D1-CFEC-9551-502499996E23}" = CCC Help Korean "{A98F7C8E-72FE-E619-C3CC-AF4AF659801F}" = CCC Help Finnish "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF36D380-57FA-48C5-8215-13A07E5709C8}" = Endress+Hauser IPC DTM Library Msi Setup Wrapper "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{AFBB25F4-4D53-4894-8987-90FB5CF34159}" = FieldCare CM CommServer "{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2 "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 SP1 Database Engine Services "{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework "{BCF5BFD6-BA3F-3970-6715-44147EBABAC1}" = CCC Help Portuguese "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser "{C171E354-7AF7-4FBD-8705-58EF4AB5DF20}" = FieldCare CM Application "{C3E884E5-63A4-450D-B66F-D53AA97BAD66}" = Endress+Hauser Basic DTM Foundation fieldbus V2.33.00 "{C5CDA101-CD15-4C7B-A761-5944D9EE7368}" = FieldCare Profibus "{C8367983-0E5E-47A3-AB53-D157279938A3}" = FieldCare Documentation & NLS "{C837152A-3F26-DD7F-D144-4EAB6C619240}" = CCC Help Spanish "{C8E9D816-DFEE-4D7F-AB9C-193AE4B6D893}" = Endress+Hauser FF CommDTM SFC162 Msi Setup Wrapper "{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP1 Common Files "{CDAB0996-9AEB-4B64-8492-D4C40ABB3B7C}" = PLCEditorGatewayServer "{CE74CF53-8037-419A-9FE1-EED8AAADD011}" = MailStore Client 6.0.5.6910 "{CF3CDFC6-B615-4634-BDB8-639BE63FAB3A}" = SEW sCAN "{CF67CAEE-90A0-A12C-00D4-378F22190106}" = CCC Help Chinese Standard "{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7 "{D2738E50-4C79-40FC-B4E1-54FE984BE914}" = Catalyst Control Center - Branding "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files "{D54AFC4A-9FE7-4AE7-9C2E-FA3ABA0C0B41}" = FXA291_Driver_Setup "{D5C9EB0B-CD13-4BB7-E884-39C436DCCD60}" = Catalyst Control Center Graphics Previews Common "{D804E4A8-9D03-4812-B65E-991AEE5BA377}" = Endress+Hauser CDI Communication DTM V1.08.00 "{DD76BE0B-92AA-ADE0-513A-0B8A05C51FBA}" = CCC Help Thai "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E860BF84-1B83-0EA1-CDFD-399F137CFD68}" = Catalyst Control Center InstallProxy "{EBD1C6DF-9F2D-4B5B-DBCF-9F3AC71490F6}" = CCC Help English "{ED507148-8CD2-DC5F-11D9-83C7C6E60F04}" = CCC Help Dutch "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F01B3840-A620-4557-BFBC-0BFD1AC64E76}" = ISSDeviceDTMSetup "{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 SP1 Database Engine Shared "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F15D678A-D703-6D1E-9C30-AE88BDE85414}" = CCC Help Czech "{F161BC21-EE74-4B48-85F1-25978358D73C}" = FieldCare CM Adapter "{F1742903-373B-F0BF-47D9-C80FAA1F8965}" = CCC Help Hungarian "{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver "{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}" = Avira Management Console Agent "{F47D468F-2934-4968-BA7D-A2D3310D0851}" = FXA195_Driver_Setup "{F4EDA228-A919-0E9E-BBB0-1E4ADD332DCB}" = CCC Help Japanese "{F8E3BC5B-3461-480B-A5B1-669441F34F09}" = Pepperl+Fuchs Point to bus HART V1.5.9 "{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP1 Common Files "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Professional Security "Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "David Client" = David Client "Eaton Automation XSoft-CoDeSys V2.3.9 SP2_is1" = XSoft-CoDeSys V2.3.9 SP2 "Free Video to Nokia Phones Converter_is1" = Free Video to Nokia Phones Converter version 5.0.17.903 "Galileo8.0.3.12065_is1" = Galileo V8.0.3 (12065) "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Micro Innovation MXpro V2.3.9 SP1_is1" = MXpro V2.3.9 SP1 "Micro Innovation MXpro V2.3.9_is1" = MXpro V2.3.9 (Patch 2) "Micro Innovation XV-Targets V2.3.9 SP1_is1" = XV-Targets V2.3.9 SP1 "Micro Innovation XV-Targets V2.3.9_is1" = XV-Targets V2.3.9 (Patch 2) "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "NETLink-S7-NET" = NETLink-S7-NET "NetSetMan_is1" = NetSetMan 3.4.5 "Office14.SingleImage" = Microsoft Office Home and Business 2010 "SEW MotionStudio Uninstall" = MOVITOOLS-MotionStudio "SZCCID" = Alcor Micro Smart Card Reader Driver "TeamViewer 7" = TeamViewer 7 "Totalcmd" = Total Commander (Remove or Repair) "VIP Access SDK" = VIP Access SDK x64(1.0.0.50) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/10/2012 9:09:45 AM | Computer Name = LT138.himteam.local | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16455, Zeitstempel: 0x507284ba Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x11c8 Startzeit der fehlerhaften Anwendung: 0x01cdd6d5b5246cd0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: dd968e2b-42ca-11e2-a4c5-b4b52f2996e3 Error - 12/10/2012 9:11:35 AM | Computer Name = LT138.himteam.local | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 12/10/2012 9:14:27 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129 Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 12/10/2012 9:36:40 AM | Computer Name = LT138.himteam.local | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 12/10/2012 9:39:37 AM | Computer Name = LT138.himteam.local | Source = System Restore | ID = 8204 Description = Error - 12/10/2012 10:14:37 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129 Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 12/10/2012 11:14:37 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129 Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 12/10/2012 11:15:06 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129 Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. Error - 12/10/2012 11:39:58 AM | Computer Name = LT138.himteam.local | Source = Validity USDK | ID = 262184 Description = SSL alert by host: Description is: 47. Error - 12/11/2012 4:41:01 AM | Computer Name = LT138.himteam.local | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 12/11/2012 4:41:08 AM | Computer Name = LT138.himteam.local | Source = Avira Antivirus | ID = 4129 Description = Das Update von LT138 (192.168.56.1) ist fehlgeschlagen. Während des Herunterladens ist ein Fehler aufgetreten. . Es wurden keine neuen Dateien geladen. [ HP Power Assistant Events ] Error - 8/17/2012 3:59:51 AM | Computer Name = cvspc | Source = HP PA Application | ID = 1001 Description = An error occurred in HP Power Assistant application. Please restart HP Power Assistant application. Additional details may be available in the Details section. DETAILS Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. [ System Events ] Error - 12/10/2012 9:39:01 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12/10/2012 9:39:31 AM | Computer Name = LT138.himteam.local | Source = TermService | ID = 1067 Description = Error - 12/10/2012 9:39:31 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HP Power Assistant Service erreicht. Error - 12/10/2012 9:39:31 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HP Power Assistant Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12/11/2012 4:40:24 AM | Computer Name = LT138.himteam.local | Source = NETLOGON | ID = 5719 Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller in der Domäne HIMTEAM aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein. Error - 12/11/2012 4:40:51 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000 Description = Der Dienst "McAfee Endpoint Encryption Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12/11/2012 4:42:24 AM | Computer Name = LT138.himteam.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 12/11/2012 4:42:26 AM | Computer Name = LT138.himteam.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129 Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator. Error - 12/11/2012 4:43:19 AM | Computer Name = LT138.himteam.local | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12/11/2012 4:44:05 AM | Computer Name = LT138.himteam.local | Source = TermService | ID = 1067 Description = < End of report > |
27.12.2012, 16:32 | #5 |
/// Malware-holic | gvu trojaner, (ukash) hat mich erwischt. Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.12.2012, 17:59 | #6 |
| gvu trojaner, (ukash) hat mich erwischt. 17:47:17.0418 6100 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 17:47:19.0398 6100 ============================================================ 17:47:19.0398 6100 Current date / time: 2012/12/27 17:47:19.0398 17:47:19.0398 6100 SystemInfo: 17:47:19.0398 6100 17:47:19.0398 6100 OS Version: 6.1.7601 ServicePack: 1.0 17:47:19.0398 6100 Product type: Workstation 17:47:19.0398 6100 ComputerName: LT138 17:47:19.0399 6100 UserName: meyer 17:47:19.0399 6100 Windows directory: C:\windows 17:47:19.0399 6100 System windows directory: C:\windows 17:47:19.0399 6100 Running under WOW64 17:47:19.0399 6100 Processor architecture: Intel x64 17:47:19.0399 6100 Number of processors: 4 17:47:19.0399 6100 Page size: 0x1000 17:47:19.0399 6100 Boot type: Normal boot 17:47:19.0399 6100 ============================================================ 17:47:19.0944 6100 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:47:19.0956 6100 ============================================================ 17:47:19.0956 6100 \Device\Harddisk0\DR0: 17:47:19.0957 6100 MBR partitions: 17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000 17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x37894000 17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3792A800, BlocksNum 0x205A000 17:47:19.0957 6100 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39984800, BlocksNum 0x9FD800 17:47:19.0957 6100 ============================================================ 17:47:19.0977 6100 C: <-> \Device\Harddisk0\DR0\Partition2 17:47:20.0017 6100 E: <-> \Device\Harddisk0\DR0\Partition3 17:47:20.0027 6100 F: <-> \Device\Harddisk0\DR0\Partition4 17:47:20.0027 6100 ============================================================ 17:47:20.0027 6100 Initialize success 17:47:20.0027 6100 ============================================================ 17:48:43.0144 2700 ============================================================ 17:48:43.0144 2700 Scan started 17:48:43.0144 2700 Mode: Manual; SigCheck; TDLFS; 17:48:43.0144 2700 ============================================================ 17:48:43.0602 2700 ================ Scan system memory ======================== 17:48:43.0602 2700 System memory - ok 17:48:43.0602 2700 ================ Scan services ============================= 17:48:43.0736 2700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 17:48:43.0850 2700 1394ohci - ok 17:48:43.0881 2700 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys 17:48:43.0894 2700 Accelerometer - ok 17:48:43.0913 2700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 17:48:43.0925 2700 ACPI - ok 17:48:43.0951 2700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 17:48:44.0019 2700 AcpiPmi - ok 17:48:44.0099 2700 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 17:48:44.0105 2700 AdobeARMservice - ok 17:48:44.0223 2700 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 17:48:44.0232 2700 AdobeFlashPlayerUpdateSvc - ok 17:48:44.0269 2700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 17:48:44.0285 2700 adp94xx - ok 17:48:44.0316 2700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 17:48:44.0332 2700 adpahci - ok 17:48:44.0359 2700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 17:48:44.0368 2700 adpu320 - ok 17:48:44.0389 2700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 17:48:44.0507 2700 AeLookupSvc - ok 17:48:44.0583 2700 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe 17:48:44.0641 2700 AESTFilters - ok 17:48:44.0681 2700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 17:48:44.0747 2700 AFD - ok 17:48:44.0794 2700 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe 17:48:44.0800 2700 AgereModemAudio - ok 17:48:44.0835 2700 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys 17:48:44.0913 2700 AgereSoftModem - ok 17:48:44.0947 2700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 17:48:44.0955 2700 agp440 - ok 17:48:44.0985 2700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 17:48:45.0045 2700 ALG - ok 17:48:45.0069 2700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 17:48:45.0076 2700 aliide - ok 17:48:45.0106 2700 [ 3D31B3DD621C8F9605FC9C06C182339F ] AMD External Events Utility C:\windows\system32\atiesrxx.exe 17:48:45.0184 2700 AMD External Events Utility - ok 17:48:45.0197 2700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 17:48:45.0204 2700 amdide - ok 17:48:45.0222 2700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 17:48:45.0279 2700 AmdK8 - ok 17:48:45.0444 2700 [ C54C97BD5F39031BA9B5648211063008 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys 17:48:45.0693 2700 amdkmdag - ok 17:48:45.0726 2700 [ C4D8FF7CF6BBCCD180E75B5C960F9418 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys 17:48:45.0764 2700 amdkmdap - ok 17:48:45.0791 2700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 17:48:45.0817 2700 AmdPPM - ok 17:48:45.0849 2700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 17:48:45.0860 2700 amdsata - ok 17:48:45.0883 2700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 17:48:45.0893 2700 amdsbs - ok 17:48:45.0905 2700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 17:48:45.0912 2700 amdxata - ok 17:48:45.0987 2700 [ B6F00907FD8053AF04607DC7EE5A8717 ] AntiVir Security Management Center Agent C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe 17:48:46.0027 2700 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - warning 17:48:46.0027 2700 AntiVir Security Management Center Agent - detected UnsignedFile.Multi.Generic (1) 17:48:46.0080 2700 [ 56BEB1292DC71E49C824455EC582BFCE ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 17:48:46.0092 2700 AntiVirMailService - ok 17:48:46.0106 2700 [ 7ABE4092C35E7D4596487DFA075D84E1 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 17:48:46.0112 2700 AntiVirSchedulerService - ok 17:48:46.0124 2700 [ 5A37FFA608AE126C9702F5C07E07FC08 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 17:48:46.0130 2700 AntiVirService - ok 17:48:46.0147 2700 [ 5F2F39626586536CA86F402A1C947463 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 17:48:46.0160 2700 AntiVirWebService - ok 17:48:46.0185 2700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 17:48:46.0293 2700 AppID - ok 17:48:46.0315 2700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 17:48:46.0364 2700 AppIDSvc - ok 17:48:46.0385 2700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 17:48:46.0436 2700 Appinfo - ok 17:48:46.0476 2700 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll 17:48:46.0531 2700 AppMgmt - ok 17:48:46.0558 2700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys 17:48:46.0569 2700 arc - ok 17:48:46.0593 2700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 17:48:46.0601 2700 arcsas - ok 17:48:46.0622 2700 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys 17:48:46.0628 2700 ARCVCAM - ok 17:48:46.0719 2700 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:48:46.0726 2700 aspnet_state - ok 17:48:46.0750 2700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 17:48:46.0805 2700 AsyncMac - ok 17:48:46.0837 2700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 17:48:46.0844 2700 atapi - ok 17:48:46.0885 2700 [ 2B3B05C0A7768BF033217EB8F33F9C35 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys 17:48:46.0893 2700 AtiHDAudioService - ok 17:48:46.0930 2700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 17:48:46.0982 2700 AudioEndpointBuilder - ok 17:48:47.0013 2700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 17:48:47.0041 2700 AudioSrv - ok 17:48:47.0053 2700 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 17:48:47.0060 2700 avgntflt - ok 17:48:47.0083 2700 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 17:48:47.0090 2700 avipbb - ok 17:48:47.0099 2700 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 17:48:47.0105 2700 avkmgr - ok 17:48:47.0140 2700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 17:48:47.0210 2700 AxInstSV - ok 17:48:47.0239 2700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys 17:48:47.0293 2700 b06bdrv - ok 17:48:47.0332 2700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 17:48:47.0362 2700 b57nd60a - ok 17:48:47.0403 2700 [ CCABEAC61E8D8ADD9DA16E319ED6BF07 ] BCM42RLY C:\windows\system32\drivers\BCM42RLY.sys 17:48:47.0409 2700 BCM42RLY - ok 17:48:47.0480 2700 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys 17:48:47.0556 2700 BCM43XX - ok 17:48:47.0596 2700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 17:48:47.0645 2700 BDESVC - ok 17:48:47.0676 2700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 17:48:47.0730 2700 Beep - ok 17:48:47.0822 2700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 17:48:47.0886 2700 BFE - ok 17:48:47.0926 2700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 17:48:47.0982 2700 BITS - ok 17:48:48.0016 2700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 17:48:48.0059 2700 blbdrive - ok 17:48:48.0093 2700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 17:48:48.0142 2700 bowser - ok 17:48:48.0177 2700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 17:48:48.0254 2700 BrFiltLo - ok 17:48:48.0269 2700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 17:48:48.0279 2700 BrFiltUp - ok 17:48:48.0302 2700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 17:48:48.0354 2700 Browser - ok 17:48:48.0379 2700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 17:48:48.0425 2700 Brserid - ok 17:48:48.0448 2700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 17:48:48.0481 2700 BrSerWdm - ok 17:48:48.0520 2700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 17:48:48.0530 2700 BrUsbMdm - ok 17:48:48.0551 2700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 17:48:48.0577 2700 BrUsbSer - ok 17:48:48.0620 2700 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 17:48:48.0699 2700 BthEnum - ok 17:48:48.0729 2700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 17:48:48.0755 2700 BTHMODEM - ok 17:48:48.0799 2700 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 17:48:48.0810 2700 BthPan - ok 17:48:48.0843 2700 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 17:48:48.0905 2700 BTHPORT - ok 17:48:48.0931 2700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 17:48:48.0975 2700 bthserv - ok 17:48:48.0999 2700 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 17:48:49.0029 2700 BTHUSB - ok 17:48:49.0073 2700 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\windows\system32\drivers\btwampfl.sys 17:48:49.0085 2700 btwampfl - ok 17:48:49.0108 2700 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\windows\system32\drivers\btwaudio.sys 17:48:49.0115 2700 btwaudio - ok 17:48:49.0140 2700 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\windows\system32\drivers\btwavdt.sys 17:48:49.0147 2700 btwavdt - ok 17:48:49.0219 2700 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 17:48:49.0239 2700 btwdins - ok 17:48:49.0245 2700 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys 17:48:49.0251 2700 btwl2cap - ok 17:48:49.0258 2700 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys 17:48:49.0264 2700 btwrchid - ok 17:48:49.0301 2700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 17:48:49.0344 2700 cdfs - ok 17:48:49.0380 2700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 17:48:49.0408 2700 cdrom - ok 17:48:49.0449 2700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 17:48:49.0504 2700 CertPropSvc - ok 17:48:49.0548 2700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys 17:48:49.0586 2700 circlass - ok 17:48:49.0629 2700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 17:48:49.0643 2700 CLFS - ok 17:48:49.0686 2700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:48:49.0693 2700 clr_optimization_v2.0.50727_32 - ok 17:48:49.0720 2700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:48:49.0728 2700 clr_optimization_v2.0.50727_64 - ok 17:48:49.0772 2700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:48:49.0781 2700 clr_optimization_v4.0.30319_32 - ok 17:48:49.0795 2700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:48:49.0803 2700 clr_optimization_v4.0.30319_64 - ok 17:48:49.0830 2700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 17:48:49.0860 2700 CmBatt - ok 17:48:49.0892 2700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 17:48:49.0901 2700 cmdide - ok 17:48:49.0944 2700 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys 17:48:49.0968 2700 CNG - ok 17:48:49.0985 2700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 17:48:49.0992 2700 Compbatt - ok 17:48:50.0016 2700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 17:48:50.0040 2700 CompositeBus - ok 17:48:50.0063 2700 COMSysApp - ok 17:48:50.0078 2700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 17:48:50.0086 2700 crcdisk - ok 17:48:50.0121 2700 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 17:48:50.0174 2700 CryptSvc - ok 17:48:50.0202 2700 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys 17:48:50.0262 2700 CSC - ok 17:48:50.0288 2700 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll 17:48:50.0328 2700 CscService - ok 17:48:50.0377 2700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 17:48:50.0405 2700 DcomLaunch - ok 17:48:50.0427 2700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 17:48:50.0474 2700 defragsvc - ok 17:48:50.0518 2700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 17:48:50.0561 2700 DfsC - ok 17:48:50.0592 2700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 17:48:50.0642 2700 Dhcp - ok 17:48:50.0661 2700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 17:48:50.0699 2700 discache - ok 17:48:50.0739 2700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys 17:48:50.0747 2700 Disk - ok 17:48:50.0771 2700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 17:48:50.0822 2700 Dnscache - ok 17:48:50.0849 2700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 17:48:50.0893 2700 dot3svc - ok 17:48:50.0925 2700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 17:48:50.0967 2700 DPS - ok 17:48:51.0006 2700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 17:48:51.0032 2700 drmkaud - ok 17:48:51.0074 2700 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 17:48:51.0098 2700 DXGKrnl - ok 17:48:51.0129 2700 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys 17:48:51.0141 2700 e1cexpress - ok 17:48:51.0184 2700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 17:48:51.0230 2700 EapHost - ok 17:48:51.0299 2700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys 17:48:51.0386 2700 ebdrv - ok 17:48:51.0433 2700 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\windows\system32\Drivers\wwuss64.sys 17:48:51.0439 2700 ecnssndis - ok 17:48:51.0449 2700 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\windows\system32\Drivers\wwussf64.sys 17:48:51.0455 2700 ecnssndisfltr - ok 17:48:51.0481 2700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 17:48:51.0514 2700 EFS - ok 17:48:51.0604 2700 [ 06503009663CDF85608F3AE5951EC97C ] EH.SFG500.CommServer C:\Program Files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe 17:48:51.0629 2700 EH.SFG500.CommServer ( UnsignedFile.Multi.Generic ) - warning 17:48:51.0630 2700 EH.SFG500.CommServer - detected UnsignedFile.Multi.Generic (1) 17:48:51.0684 2700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 17:48:51.0742 2700 ehRecvr - ok 17:48:51.0763 2700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 17:48:51.0812 2700 ehSched - ok 17:48:51.0843 2700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 17:48:51.0859 2700 elxstor - ok 17:48:51.0878 2700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 17:48:51.0907 2700 ErrDev - ok 17:48:51.0957 2700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 17:48:52.0001 2700 EventSystem - ok 17:48:52.0044 2700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 17:48:52.0087 2700 exfat - ok 17:48:52.0112 2700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 17:48:52.0162 2700 fastfat - ok 17:48:52.0211 2700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 17:48:52.0264 2700 Fax - ok 17:48:52.0275 2700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys 17:48:52.0308 2700 fdc - ok 17:48:52.0340 2700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 17:48:52.0366 2700 fdPHost - ok 17:48:52.0371 2700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 17:48:52.0413 2700 FDResPub - ok 17:48:52.0441 2700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 17:48:52.0451 2700 FileInfo - ok 17:48:52.0462 2700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 17:48:52.0509 2700 Filetrace - ok 17:48:52.0526 2700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 17:48:52.0555 2700 flpydisk - ok 17:48:52.0599 2700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 17:48:52.0616 2700 FltMgr - ok 17:48:52.0653 2700 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 17:48:52.0713 2700 FontCache - ok 17:48:52.0761 2700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:48:52.0767 2700 FontCache3.0.0.0 - ok 17:48:52.0789 2700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 17:48:52.0797 2700 FsDepends - ok 17:48:52.0823 2700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 17:48:52.0830 2700 Fs_Rec - ok 17:48:52.0868 2700 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\windows\system32\drivers\ftdibus.sys 17:48:52.0874 2700 FTDIBUS - ok 17:48:52.0899 2700 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\windows\system32\drivers\ftser2k.sys 17:48:52.0908 2700 FTSER2K - ok 17:48:52.0949 2700 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 17:48:52.0968 2700 fvevol - ok 17:48:52.0992 2700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 17:48:53.0000 2700 gagp30kx - ok 17:48:53.0025 2700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 17:48:53.0075 2700 gpsvc - ok 17:48:53.0110 2700 [ C864875E87E6B790471516856FC1F5C2 ] h36wgps C:\windows\system32\DRIVERS\h36wgps64.sys 17:48:53.0120 2700 h36wgps - ok 17:48:53.0135 2700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 17:48:53.0157 2700 hcw85cir - ok 17:48:53.0205 2700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 17:48:53.0238 2700 HdAudAddService - ok 17:48:53.0272 2700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 17:48:53.0304 2700 HDAudBus - ok 17:48:53.0333 2700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 17:48:53.0359 2700 HidBatt - ok 17:48:53.0390 2700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 17:48:53.0416 2700 HidBth - ok 17:48:53.0444 2700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys 17:48:53.0472 2700 HidIr - ok 17:48:53.0497 2700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 17:48:53.0540 2700 hidserv - ok 17:48:53.0585 2700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 17:48:53.0593 2700 HidUsb - ok 17:48:53.0618 2700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 17:48:53.0668 2700 hkmsvc - ok 17:48:53.0710 2700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 17:48:53.0763 2700 HomeGroupListener - ok 17:48:53.0788 2700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 17:48:53.0818 2700 HomeGroupProvider - ok 17:48:53.0886 2700 [ 02C2108111D9656A9729995D2219FB99 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe 17:48:53.0893 2700 HP Power Assistant Service - ok 17:48:53.0955 2700 [ A9FC4D7EA174BBF5A675B299FFAD80A2 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe 17:48:53.0961 2700 HPDayStarterService - ok 17:48:53.0984 2700 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys 17:48:53.0990 2700 hpdskflt - ok 17:48:54.0072 2700 [ 0ADC6AFAB2B17FFC9C6E24DD1583F888 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe 17:48:54.0082 2700 hpHotkeyMonitor - ok 17:48:54.0099 2700 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys 17:48:54.0107 2700 HpqKbFiltr - ok 17:48:54.0171 2700 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 17:48:54.0188 2700 hpqwmiex - ok 17:48:54.0218 2700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 17:48:54.0229 2700 HpSAMD - ok 17:48:54.0246 2700 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\windows\system32\Hpservice.exe 17:48:54.0252 2700 hpsrv - ok 17:48:54.0300 2700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 17:48:54.0354 2700 HTTP - ok 17:48:54.0383 2700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 17:48:54.0391 2700 hwpolicy - ok 17:48:54.0432 2700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys 17:48:54.0447 2700 i8042prt - ok 17:48:54.0470 2700 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 17:48:54.0480 2700 iaStor - ok 17:48:54.0547 2700 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 17:48:54.0552 2700 IAStorDataMgrSvc - ok 17:48:54.0589 2700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 17:48:54.0600 2700 iaStorV - ok 17:48:54.0637 2700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:48:54.0658 2700 idsvc - ok 17:48:54.0679 2700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 17:48:54.0689 2700 iirsp - ok 17:48:54.0766 2700 [ CE1EE31FFF730CA975A5535D8A71AF61 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE 17:48:54.0773 2700 IJPLMSVC - ok 17:48:54.0833 2700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 17:48:54.0893 2700 IKEEXT - ok 17:48:54.0927 2700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 17:48:54.0937 2700 intelide - ok 17:48:54.0955 2700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 17:48:54.0984 2700 intelppm - ok 17:48:55.0006 2700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 17:48:55.0031 2700 IPBusEnum - ok 17:48:55.0060 2700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 17:48:55.0105 2700 IpFilterDriver - ok 17:48:55.0143 2700 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 17:48:55.0199 2700 iphlpsvc - ok 17:48:55.0219 2700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 17:48:55.0249 2700 IPMIDRV - ok 17:48:55.0280 2700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 17:48:55.0322 2700 IPNAT - ok 17:48:55.0350 2700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 17:48:55.0384 2700 IRENUM - ok 17:48:55.0421 2700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 17:48:55.0428 2700 isapnp - ok 17:48:55.0451 2700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 17:48:55.0462 2700 iScsiPrt - ok 17:48:55.0493 2700 [ 3B794CA0DE73790420DEBA3C759F1502 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 17:48:55.0501 2700 jhi_service - ok 17:48:55.0527 2700 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys 17:48:55.0534 2700 JMCR - ok 17:48:55.0569 2700 [ C6A3593D397B111C1DBBC1BE6384B548 ] johci C:\windows\system32\DRIVERS\johci.sys 17:48:55.0575 2700 johci - ok 17:48:55.0600 2700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys 17:48:55.0608 2700 kbdclass - ok 17:48:55.0632 2700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 17:48:55.0656 2700 kbdhid - ok 17:48:55.0680 2700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 17:48:55.0690 2700 KeyIso - ok 17:48:55.0715 2700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 17:48:55.0723 2700 KSecDD - ok 17:48:55.0750 2700 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 17:48:55.0758 2700 KSecPkg - ok 17:48:55.0779 2700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 17:48:55.0803 2700 ksthunk - ok 17:48:55.0829 2700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 17:48:55.0877 2700 KtmRm - ok 17:48:55.0918 2700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 17:48:55.0966 2700 LanmanServer - ok 17:48:56.0014 2700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 17:48:56.0055 2700 LanmanWorkstation - ok 17:48:56.0118 2700 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 17:48:56.0137 2700 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 17:48:56.0137 2700 LightScribeService - detected UnsignedFile.Multi.Generic (1) 17:48:56.0185 2700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 17:48:56.0224 2700 lltdio - ok 17:48:56.0254 2700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 17:48:56.0280 2700 lltdsvc - ok 17:48:56.0294 2700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 17:48:56.0318 2700 lmhosts - ok 17:48:56.0368 2700 [ DE75F2EA497DA4B3A764D4EAC43135E9 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 17:48:56.0377 2700 LMS - ok 17:48:56.0406 2700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 17:48:56.0414 2700 LSI_FC - ok 17:48:56.0431 2700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 17:48:56.0439 2700 LSI_SAS - ok 17:48:56.0455 2700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 17:48:56.0463 2700 LSI_SAS2 - ok 17:48:56.0486 2700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 17:48:56.0494 2700 LSI_SCSI - ok 17:48:56.0520 2700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 17:48:56.0562 2700 luafv - ok 17:48:56.0608 2700 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys 17:48:56.0620 2700 LVRS64 - ok 17:48:56.0708 2700 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys 17:48:56.0828 2700 LVUVC64 - ok 17:48:56.0889 2700 [ 7AEAC0B5B185CB5601673A0462C7EC36 ] massfilter C:\windows\system32\DRIVERS\massfilter.sys 17:48:56.0932 2700 massfilter - ok 17:48:56.0955 2700 [ 0845DA0BFF1AF5C57DE4DD97ACAF2FCD ] Mbm3CBus C:\windows\system32\DRIVERS\Mbm3CBus.sys 17:48:56.0969 2700 Mbm3CBus - ok 17:48:56.0982 2700 [ DB6FA599AA79324E287C4EAF6020DA37 ] Mbm3DevMt C:\windows\system32\DRIVERS\Mbm3DevMt.sys 17:48:56.0995 2700 Mbm3DevMt - ok 17:48:57.0003 2700 [ 2F71EDB697752D409B9983F0E1D88F70 ] Mbm3mdfl C:\windows\system32\DRIVERS\Mbm3mdfl.sys 17:48:57.0008 2700 Mbm3mdfl - ok 17:48:57.0023 2700 [ 21B412A36DE3CCFE4E13383B88CFC90C ] Mbm3Mdm C:\windows\system32\DRIVERS\Mbm3Mdm.sys 17:48:57.0034 2700 Mbm3Mdm - ok 17:48:57.0059 2700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 17:48:57.0093 2700 Mcx2Svc - ok 17:48:57.0126 2700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys 17:48:57.0133 2700 megasas - ok 17:48:57.0163 2700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 17:48:57.0175 2700 MegaSR - ok 17:48:57.0209 2700 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 17:48:57.0215 2700 MEIx64 - ok 17:48:57.0235 2700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 17:48:57.0285 2700 MMCSS - ok 17:48:57.0317 2700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 17:48:57.0358 2700 Modem - ok 17:48:57.0389 2700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 17:48:57.0420 2700 monitor - ok 17:48:57.0458 2700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 17:48:57.0466 2700 mouclass - ok 17:48:57.0489 2700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 17:48:57.0520 2700 mouhid - ok 17:48:57.0552 2700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 17:48:57.0560 2700 mountmgr - ok 17:48:57.0573 2700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 17:48:57.0581 2700 mpio - ok 17:48:57.0609 2700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 17:48:57.0633 2700 mpsdrv - ok 17:48:57.0664 2700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 17:48:57.0712 2700 MpsSvc - ok 17:48:57.0732 2700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 17:48:57.0767 2700 MRxDAV - ok 17:48:57.0803 2700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 17:48:57.0859 2700 mrxsmb - ok 17:48:57.0884 2700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 17:48:57.0896 2700 mrxsmb10 - ok 17:48:57.0909 2700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 17:48:57.0953 2700 mrxsmb20 - ok 17:48:57.0984 2700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 17:48:57.0991 2700 msahci - ok 17:48:58.0015 2700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 17:48:58.0023 2700 msdsm - ok 17:48:58.0039 2700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 17:48:58.0070 2700 MSDTC - ok 17:48:58.0100 2700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 17:48:58.0124 2700 Msfs - ok 17:48:58.0146 2700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 17:48:58.0186 2700 mshidkmdf - ok 17:48:58.0213 2700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 17:48:58.0220 2700 msisadrv - ok 17:48:58.0247 2700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 17:48:58.0291 2700 MSiSCSI - ok 17:48:58.0293 2700 msiserver - ok 17:48:58.0341 2700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 17:48:58.0365 2700 MSKSSRV - ok 17:48:58.0379 2700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 17:48:58.0418 2700 MSPCLOCK - ok 17:48:58.0441 2700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 17:48:58.0482 2700 MSPQM - ok 17:48:58.0516 2700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 17:48:58.0530 2700 MsRPC - ok 17:48:58.0548 2700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 17:48:58.0555 2700 mssmbios - ok 17:48:58.0604 2700 MSSQL$SQLFIELDCARE - ok 17:48:58.0633 2700 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 17:48:58.0639 2700 MSSQLServerADHelper100 - ok 17:48:58.0671 2700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 17:48:58.0718 2700 MSTEE - ok 17:48:58.0738 2700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 17:48:58.0771 2700 MTConfig - ok 17:48:58.0804 2700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 17:48:58.0811 2700 Mup - ok 17:48:58.0834 2700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 17:48:58.0882 2700 napagent - ok 17:48:58.0924 2700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 17:48:58.0959 2700 NativeWifiP - ok 17:48:59.0006 2700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 17:48:59.0029 2700 NDIS - ok 17:48:59.0055 2700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 17:48:59.0100 2700 NdisCap - ok 17:48:59.0127 2700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 17:48:59.0168 2700 NdisTapi - ok 17:48:59.0204 2700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 17:48:59.0251 2700 Ndisuio - ok 17:48:59.0273 2700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 17:48:59.0315 2700 NdisWan - ok 17:48:59.0350 2700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 17:48:59.0376 2700 NDProxy - ok 17:48:59.0405 2700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 17:48:59.0449 2700 NetBIOS - ok 17:48:59.0476 2700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 17:48:59.0518 2700 NetBT - ok 17:48:59.0542 2700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 17:48:59.0552 2700 Netlogon - ok 17:48:59.0580 2700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 17:48:59.0608 2700 Netman - ok 17:48:59.0638 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:48:59.0646 2700 NetMsmqActivator - ok 17:48:59.0649 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:48:59.0656 2700 NetPipeActivator - ok 17:48:59.0668 2700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 17:48:59.0710 2700 netprofm - ok 17:48:59.0732 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:48:59.0739 2700 NetTcpActivator - ok 17:48:59.0742 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:48:59.0749 2700 NetTcpPortSharing - ok 17:48:59.0779 2700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 17:48:59.0786 2700 nfrd960 - ok 17:48:59.0806 2700 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 17:48:59.0843 2700 NlaSvc - ok 17:48:59.0873 2700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 17:48:59.0897 2700 Npfs - ok 17:48:59.0922 2700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 17:48:59.0969 2700 nsi - ok 17:48:59.0990 2700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 17:49:00.0039 2700 nsiproxy - ok 17:49:00.0090 2700 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 17:49:00.0138 2700 Ntfs - ok 17:49:00.0162 2700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 17:49:00.0207 2700 Null - ok 17:49:00.0241 2700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 17:49:00.0250 2700 nvraid - ok 17:49:00.0283 2700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 17:49:00.0292 2700 nvstor - ok 17:49:00.0304 2700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 17:49:00.0313 2700 nv_agp - ok 17:49:00.0336 2700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 17:49:00.0358 2700 ohci1394 - ok 17:49:00.0394 2700 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:49:00.0401 2700 ose - ok 17:49:00.0529 2700 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:49:00.0643 2700 osppsvc - ok 17:49:00.0671 2700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 17:49:00.0726 2700 p2pimsvc - ok 17:49:00.0753 2700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 17:49:00.0790 2700 p2psvc - ok 17:49:00.0826 2700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys 17:49:00.0837 2700 Parport - ok 17:49:00.0859 2700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 17:49:00.0867 2700 partmgr - ok 17:49:00.0938 2700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 17:49:00.0965 2700 PcaSvc - ok 17:49:01.0004 2700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 17:49:01.0014 2700 pci - ok 17:49:01.0042 2700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 17:49:01.0049 2700 pciide - ok 17:49:01.0069 2700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 17:49:01.0078 2700 pcmcia - ok 17:49:01.0099 2700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 17:49:01.0110 2700 pcw - ok 17:49:01.0154 2700 [ 8F924F00F2F81422FD7C340FDA0E00D8 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe 17:49:01.0161 2700 PdiService - ok 17:49:01.0180 2700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 17:49:01.0229 2700 PEAUTH - ok 17:49:01.0265 2700 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll 17:49:01.0317 2700 PeerDistSvc - ok 17:49:01.0364 2700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 17:49:01.0402 2700 PerfHost - ok 17:49:01.0451 2700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 17:49:01.0509 2700 pla - ok 17:49:01.0558 2700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 17:49:01.0609 2700 PlugPlay - ok 17:49:01.0625 2700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 17:49:01.0656 2700 PNRPAutoReg - ok 17:49:01.0676 2700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 17:49:01.0688 2700 PNRPsvc - ok 17:49:01.0720 2700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 17:49:01.0771 2700 PolicyAgent - ok 17:49:01.0814 2700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 17:49:01.0854 2700 Power - ok 17:49:01.0892 2700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 17:49:01.0941 2700 PptpMiniport - ok 17:49:01.0965 2700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys 17:49:01.0992 2700 Processor - ok 17:49:02.0028 2700 [ 6FA0BC406989E500E332CE17CC3D0A8F ] PROFIbrd C:\windows\system32\drivers\PROFIbrd.sys 17:49:02.0037 2700 PROFIbrd - ok 17:49:02.0057 2700 [ 6B086F7D69DA24A9B966C7063B0AD199 ] PROFIpnp C:\windows\system32\drivers\PROFIpnp.sys 17:49:02.0065 2700 PROFIpnp - ok 17:49:02.0080 2700 [ ACA283350F62F1D843D1947EE022BFE4 ] PROFIprt C:\windows\system32\drivers\PROFIprt.sys 17:49:02.0086 2700 PROFIprt - ok 17:49:02.0106 2700 [ 6D7DE08F88AEA5E1BCC8E3FF9F65B13A ] PROFIstack C:\windows\system32\drivers\PROFIstack.sys 17:49:02.0117 2700 PROFIstack - ok 17:49:02.0135 2700 [ BB74D13BA72F84612500D35DFB4D955B ] PROFIusb C:\windows\system32\drivers\PROFIusb.sys 17:49:02.0141 2700 PROFIusb - ok 17:49:02.0176 2700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 17:49:02.0230 2700 ProfSvc - ok 17:49:02.0244 2700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 17:49:02.0254 2700 ProtectedStorage - ok 17:49:02.0287 2700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 17:49:02.0330 2700 Psched - ok 17:49:02.0377 2700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 17:49:02.0418 2700 ql2300 - ok 17:49:02.0447 2700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 17:49:02.0455 2700 ql40xx - ok 17:49:02.0474 2700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 17:49:02.0487 2700 QWAVE - ok 17:49:02.0509 2700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 17:49:02.0538 2700 QWAVEdrv - ok 17:49:02.0561 2700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 17:49:02.0603 2700 RasAcd - ok 17:49:02.0632 2700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 17:49:02.0670 2700 RasAgileVpn - ok 17:49:02.0696 2700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 17:49:02.0737 2700 RasAuto - ok 17:49:02.0769 2700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 17:49:02.0812 2700 Rasl2tp - ok 17:49:02.0843 2700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 17:49:02.0874 2700 RasMan - ok 17:49:02.0890 2700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 17:49:02.0931 2700 RasPppoe - ok 17:49:02.0965 2700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 17:49:02.0990 2700 RasSstp - ok 17:49:03.0014 2700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 17:49:03.0063 2700 rdbss - ok 17:49:03.0097 2700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 17:49:03.0107 2700 rdpbus - ok 17:49:03.0126 2700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 17:49:03.0173 2700 RDPCDD - ok 17:49:03.0206 2700 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys 17:49:03.0257 2700 RDPDR - ok 17:49:03.0280 2700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 17:49:03.0321 2700 RDPENCDD - ok 17:49:03.0342 2700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 17:49:03.0367 2700 RDPREFMP - ok 17:49:03.0395 2700 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys 17:49:03.0436 2700 RdpVideoMiniport - ok 17:49:03.0451 2700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 17:49:03.0499 2700 RDPWD - ok 17:49:03.0517 2700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 17:49:03.0530 2700 rdyboost - ok 17:49:03.0553 2700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 17:49:03.0598 2700 RemoteAccess - ok 17:49:03.0623 2700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 17:49:03.0668 2700 RemoteRegistry - ok 17:49:03.0715 2700 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 17:49:03.0742 2700 RFCOMM - ok 17:49:03.0780 2700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 17:49:03.0824 2700 RpcEptMapper - ok 17:49:03.0850 2700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 17:49:03.0874 2700 RpcLocator - ok 17:49:03.0907 2700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 17:49:03.0934 2700 RpcSs - ok 17:49:03.0960 2700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 17:49:04.0004 2700 rspndr - ok 17:49:04.0029 2700 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys 17:49:04.0074 2700 s3cap - ok 17:49:04.0089 2700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 17:49:04.0099 2700 SamSs - ok 17:49:04.0124 2700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 17:49:04.0132 2700 sbp2port - ok 17:49:04.0157 2700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 17:49:04.0204 2700 SCardSvr - ok 17:49:04.0234 2700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 17:49:04.0279 2700 scfilter - ok 17:49:04.0317 2700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 17:49:04.0365 2700 Schedule - ok 17:49:04.0395 2700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 17:49:04.0422 2700 SCPolicySvc - ok 17:49:04.0452 2700 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys 17:49:04.0466 2700 sdbus - ok 17:49:04.0489 2700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 17:49:04.0543 2700 SDRSVC - ok 17:49:04.0606 2700 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 17:49:04.0623 2700 SDScannerService - ok 17:49:04.0663 2700 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 17:49:04.0682 2700 SDUpdateService - ok 17:49:04.0702 2700 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 17:49:04.0710 2700 SDWSCService - ok 17:49:04.0732 2700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 17:49:04.0776 2700 secdrv - ok 17:49:04.0801 2700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 17:49:04.0842 2700 seclogon - ok 17:49:04.0877 2700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 17:49:04.0919 2700 SENS - ok 17:49:04.0947 2700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 17:49:04.0991 2700 SensrSvc - ok 17:49:05.0011 2700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys 17:49:05.0036 2700 Serenum - ok 17:49:05.0075 2700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys 17:49:05.0106 2700 Serial - ok 17:49:05.0156 2700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 17:49:05.0186 2700 sermouse - ok 17:49:05.0221 2700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 17:49:05.0264 2700 SessionEnv - ok 17:49:05.0292 2700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 17:49:05.0339 2700 sffdisk - ok 17:49:05.0348 2700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 17:49:05.0375 2700 sffp_mmc - ok 17:49:05.0396 2700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 17:49:05.0427 2700 sffp_sd - ok 17:49:05.0445 2700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 17:49:05.0475 2700 sfloppy - ok 17:49:05.0507 2700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 17:49:05.0554 2700 SharedAccess - ok 17:49:05.0588 2700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 17:49:05.0629 2700 ShellHWDetection - ok 17:49:05.0661 2700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 17:49:05.0669 2700 SiSRaid2 - ok 17:49:05.0691 2700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 17:49:05.0702 2700 SiSRaid4 - ok 17:49:05.0746 2700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 17:49:05.0753 2700 SkypeUpdate - ok 17:49:05.0781 2700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 17:49:05.0822 2700 Smb - ok 17:49:05.0874 2700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 17:49:05.0901 2700 SNMPTRAP - ok 17:49:05.0958 2700 [ 80B683DF156771E30D33E01AF09ABE3C ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys 17:49:06.0003 2700 SNP2UVC - ok 17:49:06.0025 2700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 17:49:06.0032 2700 spldr - ok 17:49:06.0064 2700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 17:49:06.0115 2700 Spooler - ok 17:49:06.0181 2700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 17:49:06.0251 2700 sppsvc - ok 17:49:06.0294 2700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 17:49:06.0337 2700 sppuinotify - ok 17:49:06.0373 2700 [ 230C6AA1091190D2FDB40766CBD3DBBD ] SQLAgent$SQLFIELDCARE c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLFIELDCARE\MSSQL\Binn\SQLAGENT.EXE 17:49:06.0385 2700 SQLAgent$SQLFIELDCARE - ok 17:49:06.0433 2700 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 17:49:06.0443 2700 SQLBrowser - ok 17:49:06.0464 2700 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 17:49:06.0471 2700 SQLWriter - ok 17:49:06.0502 2700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 17:49:06.0555 2700 srv - ok 17:49:06.0582 2700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 17:49:06.0615 2700 srv2 - ok 17:49:06.0641 2700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 17:49:06.0668 2700 srvnet - ok 17:49:06.0700 2700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 17:49:06.0743 2700 SSDPSRV - ok 17:49:06.0766 2700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 17:49:06.0793 2700 SstpSvc - ok 17:49:06.0958 2700 [ 0CDEA5ACBB69C45F642E96D81E906CCD ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe 17:49:06.0968 2700 STacSV - ok 17:49:06.0993 2700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 17:49:07.0000 2700 stexstor - ok 17:49:07.0036 2700 [ 5C8D6072D1D09F11789C6A014688048A ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys 17:49:07.0070 2700 STHDA - ok 17:49:07.0108 2700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 17:49:07.0146 2700 stisvc - ok 17:49:07.0188 2700 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys 17:49:07.0199 2700 storflt - ok 17:49:07.0223 2700 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll 17:49:07.0267 2700 StorSvc - ok 17:49:07.0287 2700 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys 17:49:07.0295 2700 storvsc - ok 17:49:07.0310 2700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys 17:49:07.0317 2700 swenum - ok 17:49:07.0341 2700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 17:49:07.0393 2700 swprv - ok 17:49:07.0439 2700 [ 0B0AE2373FF3B31CD02F30BD71C7D14C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 17:49:07.0452 2700 SynTP - ok 17:49:07.0505 2700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 17:49:07.0552 2700 SysMain - ok 17:49:07.0574 2700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 17:49:07.0609 2700 TabletInputService - ok 17:49:07.0648 2700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 17:49:07.0693 2700 TapiSrv - ok 17:49:07.0731 2700 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\windows\system32\DRIVERS\tapoas.sys 17:49:07.0780 2700 tapoas - ok 17:49:07.0803 2700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 17:49:07.0828 2700 TBS - ok 17:49:07.0871 2700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 17:49:07.0931 2700 Tcpip - ok 17:49:07.0978 2700 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 17:49:08.0011 2700 TCPIP6 - ok 17:49:08.0050 2700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 17:49:08.0080 2700 tcpipreg - ok 17:49:08.0106 2700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 17:49:08.0157 2700 TDPIPE - ok 17:49:08.0180 2700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 17:49:08.0207 2700 TDTCP - ok 17:49:08.0254 2700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 17:49:08.0300 2700 tdx - ok 17:49:08.0381 2700 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 17:49:08.0446 2700 TeamViewer7 - ok 17:49:08.0463 2700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys 17:49:08.0470 2700 TermDD - ok 17:49:08.0500 2700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 17:49:08.0528 2700 TermService - ok 17:49:08.0553 2700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 17:49:08.0584 2700 Themes - ok 17:49:08.0616 2700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 17:49:08.0641 2700 THREADORDER - ok 17:49:08.0676 2700 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys 17:49:08.0687 2700 TPM - ok 17:49:08.0719 2700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 17:49:08.0744 2700 TrkWks - ok 17:49:08.0793 2700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 17:49:08.0833 2700 TrustedInstaller - ok 17:49:08.0866 2700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 17:49:08.0911 2700 tssecsrv - ok 17:49:08.0941 2700 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 17:49:08.0968 2700 TsUsbFlt - ok 17:49:09.0011 2700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 17:49:09.0052 2700 tunnel - ok 17:49:09.0081 2700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 17:49:09.0089 2700 uagp35 - ok 17:49:09.0126 2700 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe 17:49:09.0137 2700 uArcCapture - ok 17:49:09.0154 2700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 17:49:09.0209 2700 udfs - ok 17:49:09.0240 2700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 17:49:09.0249 2700 UI0Detect - ok 17:49:09.0285 2700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 17:49:09.0296 2700 uliagpkx - ok 17:49:09.0320 2700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 17:49:09.0343 2700 umbus - ok 17:49:09.0376 2700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys 17:49:09.0410 2700 UmPass - ok 17:49:09.0439 2700 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll 17:49:09.0469 2700 UmRdpService - ok 17:49:09.0534 2700 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 17:49:09.0546 2700 UMVPFSrv - ok 17:49:09.0644 2700 [ 2955A9ADBC618B6A09E3D3BECC3CCB3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 17:49:09.0708 2700 UNS - ok 17:49:09.0734 2700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 17:49:09.0779 2700 upnphost - ok 17:49:09.0827 2700 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys 17:49:09.0838 2700 usbaudio - ok 17:49:09.0852 2700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 17:49:09.0897 2700 usbccgp - ok 17:49:09.0925 2700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 17:49:09.0936 2700 usbcir - ok 17:49:09.0952 2700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 17:49:09.0976 2700 usbehci - ok 17:49:10.0009 2700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 17:49:10.0036 2700 usbhub - ok 17:49:10.0074 2700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 17:49:10.0095 2700 usbohci - ok 17:49:10.0125 2700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 17:49:10.0155 2700 usbprint - ok 17:49:10.0190 2700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 17:49:10.0237 2700 USBSTOR - ok 17:49:10.0254 2700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 17:49:10.0277 2700 usbuhci - ok 17:49:10.0302 2700 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 17:49:10.0334 2700 usbvideo - ok 17:49:10.0365 2700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 17:49:10.0390 2700 UxSms - ok 17:49:10.0405 2700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 17:49:10.0415 2700 VaultSvc - ok 17:49:10.0447 2700 [ CF619CAFDABFF0A46E17509D5A24D8A6 ] VBoxDrv C:\windows\system32\DRIVERS\VBoxDrv.sys 17:49:10.0456 2700 VBoxDrv - ok 17:49:10.0470 2700 [ A20B65C4C40AA8E5C351DBEA4CE45636 ] VBoxNetAdp C:\windows\system32\DRIVERS\VBoxNetAdp.sys 17:49:10.0478 2700 VBoxNetAdp - ok 17:49:10.0494 2700 [ 08202237262B9D9654B609FFBD8BD725 ] VBoxNetFlt C:\windows\system32\DRIVERS\VBoxNetFlt.sys 17:49:10.0506 2700 VBoxNetFlt - ok 17:49:10.0540 2700 [ D24505CF9AF80ACEC8CD1FEDB230A356 ] VBoxUSB C:\windows\system32\Drivers\VBoxUSB.sys 17:49:10.0548 2700 VBoxUSB - ok 17:49:10.0599 2700 [ 14EB14D8FC182C0D1CF82220025486B5 ] VBoxUSBMon C:\windows\system32\DRIVERS\VBoxUSBMon.sys 17:49:10.0610 2700 VBoxUSBMon - ok 17:49:10.0674 2700 [ 41EEF971DD82A3674D07F275A4DEF702 ] vcsFPService C:\windows\system32\vcsFPService.exe 17:49:10.0718 2700 vcsFPService - ok 17:49:10.0744 2700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 17:49:10.0751 2700 vdrvroot - ok 17:49:10.0774 2700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 17:49:10.0824 2700 vds - ok 17:49:10.0857 2700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 17:49:10.0867 2700 vga - ok 17:49:10.0883 2700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 17:49:10.0928 2700 VgaSave - ok 17:49:10.0957 2700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 17:49:10.0966 2700 vhdmp - ok 17:49:10.0989 2700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 17:49:10.0997 2700 viaide - ok 17:49:11.0016 2700 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys 17:49:11.0026 2700 vmbus - ok 17:49:11.0036 2700 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys 17:49:11.0043 2700 VMBusHID - ok 17:49:11.0120 2700 [ 8719BCFBAA239CCDAA3054973661F3E6 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 17:49:11.0144 2700 VMCService ( UnsignedFile.Multi.Generic ) - warning 17:49:11.0144 2700 VMCService - detected UnsignedFile.Multi.Generic (1) 17:49:11.0170 2700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 17:49:11.0177 2700 volmgr - ok 17:49:11.0204 2700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 17:49:11.0217 2700 volmgrx - ok 17:49:11.0243 2700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 17:49:11.0258 2700 volsnap - ok 17:49:11.0286 2700 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys 17:49:11.0294 2700 vpcbus - ok 17:49:11.0319 2700 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys 17:49:11.0372 2700 vpcnfltr - ok 17:49:11.0405 2700 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys 17:49:11.0432 2700 vpcusb - ok 17:49:11.0483 2700 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys 17:49:11.0496 2700 vpcvmm - ok 17:49:11.0522 2700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 17:49:11.0531 2700 vsmraid - ok 17:49:11.0577 2700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 17:49:11.0632 2700 VSS - ok 17:49:11.0669 2700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 17:49:11.0695 2700 vwifibus - ok 17:49:11.0724 2700 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 17:49:11.0752 2700 vwififlt - ok 17:49:11.0793 2700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 17:49:11.0825 2700 W32Time - ok 17:49:11.0847 2700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 17:49:11.0875 2700 WacomPen - ok 17:49:11.0914 2700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 17:49:11.0938 2700 WANARP - ok 17:49:11.0946 2700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 17:49:11.0970 2700 Wanarpv6 - ok 17:49:12.0020 2700 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 17:49:12.0045 2700 WatAdminSvc - ok 17:49:12.0077 2700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 17:49:12.0135 2700 wbengine - ok 17:49:12.0155 2700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 17:49:12.0168 2700 WbioSrvc - ok 17:49:12.0189 2700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 17:49:12.0224 2700 wcncsvc - ok 17:49:12.0249 2700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 17:49:12.0299 2700 WcsPlugInService - ok 17:49:12.0317 2700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys 17:49:12.0324 2700 Wd - ok 17:49:12.0347 2700 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 17:49:12.0368 2700 Wdf01000 - ok 17:49:12.0389 2700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 17:49:12.0466 2700 WdiServiceHost - ok 17:49:12.0468 2700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 17:49:12.0481 2700 WdiSystemHost - ok 17:49:12.0508 2700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 17:49:12.0544 2700 WebClient - ok 17:49:12.0566 2700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 17:49:12.0615 2700 Wecsvc - ok 17:49:12.0633 2700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 17:49:12.0679 2700 wercplsupport - ok 17:49:12.0707 2700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 17:49:12.0747 2700 WerSvc - ok 17:49:12.0779 2700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 17:49:12.0825 2700 WfpLwf - ok 17:49:12.0847 2700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 17:49:12.0854 2700 WIMMount - ok 17:49:12.0868 2700 WinDefend - ok 17:49:12.0872 2700 WinHttpAutoProxySvc - ok 17:49:12.0915 2700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 17:49:12.0963 2700 Winmgmt - ok 17:49:13.0021 2700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 17:49:13.0104 2700 WinRM - ok 17:49:13.0147 2700 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys 17:49:13.0178 2700 WinUSB - ok 17:49:13.0215 2700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 17:49:13.0259 2700 Wlansvc - ok 17:49:13.0298 2700 [ 9E281477BF61B1CF77CE725851B144CE ] wltrysvc C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE 17:49:13.0301 2700 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 17:49:13.0301 2700 wltrysvc - detected UnsignedFile.Multi.Generic (1) 17:49:13.0335 2700 WMCoreService - ok 17:49:13.0358 2700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 17:49:13.0391 2700 WmiAcpi - ok 17:49:13.0420 2700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 17:49:13.0450 2700 wmiApSrv - ok 17:49:13.0473 2700 WMPNetworkSvc - ok 17:49:13.0496 2700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 17:49:13.0522 2700 WPCSvc - ok 17:49:13.0545 2700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 17:49:13.0579 2700 WPDBusEnum - ok 17:49:13.0601 2700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 17:49:13.0645 2700 ws2ifsl - ok 17:49:13.0676 2700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 17:49:13.0709 2700 wscsvc - ok 17:49:13.0711 2700 WSearch - ok 17:49:13.0774 2700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 17:49:13.0828 2700 wuauserv - ok 17:49:13.0856 2700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 17:49:13.0897 2700 WudfPf - ok 17:49:13.0913 2700 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 17:49:13.0945 2700 WUDFRd - ok 17:49:13.0974 2700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 17:49:14.0001 2700 wudfsvc - ok 17:49:14.0030 2700 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 17:49:14.0043 2700 WwanSvc - ok 17:49:14.0084 2700 [ 39A502A36AAE7FBD0D2F57491C1001FA ] WwanUsbServ C:\windows\system32\DRIVERS\WwanUsbMp64.sys 17:49:14.0092 2700 WwanUsbServ - ok 17:49:14.0121 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys 17:49:14.0142 2700 ZTEusbmdm6k - ok 17:49:14.0162 2700 [ 9E74E0D096F8023A68A262A012153182 ] ZTEusbnet C:\windows\system32\DRIVERS\ZTEusbnet.sys 17:49:14.0213 2700 ZTEusbnet - ok 17:49:14.0228 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys 17:49:14.0235 2700 ZTEusbnmea - ok 17:49:14.0272 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys 17:49:14.0280 2700 ZTEusbser6k - ok 17:49:14.0302 2700 [ BCD008C9FC4B57C107CBCFC3E77B58BA ] ZTEusbvoice C:\windows\system32\DRIVERS\ZTEusbvoice.sys 17:49:14.0312 2700 ZTEusbvoice - ok 17:49:14.0332 2700 ================ Scan global =============================== 17:49:14.0352 2700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 17:49:14.0374 2700 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll 17:49:14.0385 2700 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll 17:49:14.0400 2700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 17:49:14.0429 2700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 17:49:14.0431 2700 [Global] - ok 17:49:14.0431 2700 ================ Scan MBR ================================== 17:49:14.0439 2700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 17:49:14.0741 2700 \Device\Harddisk0\DR0 - ok 17:49:14.0741 2700 ================ Scan VBR ================================== 17:49:14.0743 2700 [ E5E1A44B776D7D72FE33CBEE13499CF5 ] \Device\Harddisk0\DR0\Partition1 17:49:14.0744 2700 \Device\Harddisk0\DR0\Partition1 - ok 17:49:14.0781 2700 [ 37704F41C23129D148E30518B880DDC7 ] \Device\Harddisk0\DR0\Partition2 17:49:14.0783 2700 \Device\Harddisk0\DR0\Partition2 - ok 17:49:14.0813 2700 [ 1C00A767E54C132E18985FEEEBB597C4 ] \Device\Harddisk0\DR0\Partition3 17:49:14.0816 2700 \Device\Harddisk0\DR0\Partition3 - ok 17:49:14.0827 2700 [ 811CFFDF4CE879F0DC16C8CF326DBCC3 ] \Device\Harddisk0\DR0\Partition4 17:49:14.0828 2700 \Device\Harddisk0\DR0\Partition4 - ok 17:49:14.0828 2700 ============================================================ 17:49:14.0828 2700 Scan finished 17:49:14.0828 2700 ============================================================ 17:49:14.0833 4808 Detected object count: 5 17:49:14.0833 4808 Actual detected object count: 5 17:49:31.0695 4808 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - skipped by user 17:49:31.0695 4808 AntiVir Security Management Center Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:31.0695 4808 EH.SFG500.CommServer ( UnsignedFile.Multi.Generic ) - skipped by user 17:49:31.0695 4808 EH.SFG500.CommServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:31.0696 4808 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 17:49:31.0696 4808 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:31.0697 4808 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user 17:49:31.0697 4808 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:49:31.0697 4808 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 17:49:31.0697 4808 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip |
27.12.2012, 19:48 | #7 | |
/// Malware-holic | gvu trojaner, (ukash) hat mich erwischt. hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.12.2012, 21:07 | #8 |
| gvu trojaner, (ukash) hat mich erwischt. nach dem scan habe ich avira wieder aktiviert!!! hier das ergebnis. vielen dank noch mal. Combofix Logfile: Code:
ATTFilter ComboFix 12-12-27.03 - meyer 27.12.2012 20:57:37.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8166.5655 [GMT 1:00] ausgeführt von:: c:\users\meyer\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db c:\windows\pkunzip.pif c:\windows\pkzip.pif c:\windows\SysWow64\regobj.dll . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-27 bis 2012-12-27 )))))))))))))))))))))))))))))) . . 2012-12-27 20:00 . 2012-12-27 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-27 20:00 . 2012-12-27 20:00 -------- d-----w- c:\users\cvs\AppData\Local\temp 2012-12-27 20:00 . 2012-12-27 20:00 -------- d-----w- c:\users\schneider\AppData\Local\temp 2012-12-27 20:00 . 2012-12-27 20:00 -------- d-----w- c:\users\administrator.HIMTEAM\AppData\Local\temp 2012-12-27 20:00 . 2012-12-27 20:00 -------- d-----w- c:\users\Administrator.cvspc\AppData\Local\temp 2012-12-27 08:07 . 2012-12-27 08:07 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-27 08:06 . 2012-12-27 08:06 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-27 08:06 . 2012-12-27 08:06 -------- d-----w- c:\program files (x86)\Java 2012-12-21 09:57 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 09:57 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:57 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 09:57 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-21 08:26 . 2012-12-21 08:26 -------- d-----w- c:\program files\CCleaner 2012-12-20 13:27 . 2012-12-20 13:27 -------- d-----w- c:\users\meyer\AppData\Roaming\Malwarebytes 2012-12-20 13:26 . 2012-12-20 13:26 -------- d-----w- c:\programdata\Malwarebytes 2012-12-20 13:26 . 2012-12-20 13:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-20 13:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-20 09:21 . 2012-12-27 19:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-20 09:21 . 2012-12-27 19:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2012-12-20 09:20 . 2012-12-20 09:20 -------- d-----w- c:\users\meyer\AppData\Local\Programs 2012-12-14 12:19 . 2012-11-14 06:06 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-12-14 12:19 . 2012-11-14 06:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-12-14 12:19 . 2012-11-14 02:01 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2012-12-14 12:19 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-12-14 12:19 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-12-14 12:00 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-14 12:00 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-14 11:58 . 2012-12-14 11:58 -------- d-----w- c:\users\meyer\AppData\Roaming\Hewlett-Packard 2012-12-14 11:57 . 2012-12-14 11:57 -------- d-----w- c:\users\meyer\AppData\Local\Hewlett-Packard 2012-12-10 11:14 . 2012-12-10 11:14 -------- d-----w- c:\users\meyer\AppData\Local\Logitech® Webcam-Software 2012-12-01 10:05 . 2011-06-17 20:58 89952 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL 2012-12-01 10:01 . 2012-03-14 04:00 385024 ----a-w- c:\windows\system32\CNMLMAT.DLL 2012-12-01 09:55 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-12-01 09:55 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-12-01 09:55 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2012-12-01 09:55 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-12-01 09:55 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2012-12-01 09:55 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2012-12-01 09:55 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-12-01 09:55 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-12-01 09:55 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-11-28 09:42 . 2012-11-28 09:42 402272 ----a-w- c:\windows\SysWow64\rsnp2uvc.dll 2012-11-28 09:42 . 2012-11-28 09:42 400736 ----a-w- c:\windows\system32\rsnp2uvc.dll 2012-11-28 09:42 . 2012-11-28 09:42 379232 ----a-w- c:\windows\system32\vsnp2uvc.dll 2012-11-28 09:42 . 2012-11-28 09:42 26464 ----a-w- c:\windows\snuvcdsm.exe 2012-11-28 09:42 . 2012-11-28 09:42 246112 ----a-w- c:\windows\system32\csnp2uvc.dll 2012-11-28 09:42 . 2012-11-28 09:42 1866080 ----a-w- c:\windows\system32\drivers\snp2uvc.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-27 08:06 . 2012-08-17 09:31 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-27 08:06 . 2012-08-17 09:31 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-26 09:34 . 2012-08-20 10:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-26 09:34 . 2012-08-20 10:56 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 12:22 . 2012-08-16 15:07 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-12 11:07 . 2012-08-21 09:32 140936 ----a-w- c:\windows\system32\drivers\avfwot.sys 2012-11-12 11:07 . 2012-08-21 09:32 114168 ----a-w- c:\windows\system32\drivers\avfwim.sys 2012-11-07 09:18 . 2012-11-07 09:18 86016 ----a-w- c:\windows\SysWow64\OdbcJdbcSetup.dll 2012-11-07 09:18 . 2012-11-07 09:18 225280 ----a-w- c:\windows\SysWow64\IscDbc.dll 2012-11-07 09:18 . 2012-11-07 09:18 200704 ----a-w- c:\windows\SysWow64\OdbcJdbc.dll 2012-11-05 17:43 . 2012-11-05 17:43 53248 ----a-r- c:\users\meyer\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-10-16 08:38 . 2012-12-01 09:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-01 09:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-01 09:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-14 14:49 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 14:49 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 14:49 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 14:49 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-14 12:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-14 14:50 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-14 14:50 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-14 14:50 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-14 14:50 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-14 14:50 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-14 14:50 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-14 14:50 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-14 14:50 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-14 14:50 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 14:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-14 14:50 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-22 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-02-11 76344] "DsMgr"="c:\program files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe" [2011-03-10 93240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "DV4TS.EXE"="c:\windows\system32\DV4TS.EXE" [2011-04-14 183808] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-21 348664] "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ startmt.cmd [2012-8-21 388] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R2 AntiVir Security Management Center Agent;Avira Management Console Agent;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe [2012-12-19 1131777] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-08-18 11776] R3 PROFIpnp;PROFIBUS PnP Hardware Driver (Softing); [x] R3 PROFIusb;PROFIusb Device Driver (Softing AG); [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-08-20 117080] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-19 1255736] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-08-18 135168] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-08-18 119680] R4 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-08-21 375760] R4 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-08-21 465360] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896] R4 SQLAgent$SQLFIELDCARE;SQL Server Agent (SQLFIELDCARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLFIELDCARE\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 370016] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-08-21 27760] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-08-20 224088] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-08-20 130904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-01-21 204288] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-21 86224] S2 EH.SFG500.CommServer;E+H SFG500 CommServer;c:\program files (x86)\Endress+Hauser\CommDTM\PROFIBUS SFG500\SFG5XXCommSvr\EH.Sfg.Sfg500.CommServer.exe [2012-06-18 9216] S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-01-27 131128] S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-01-28 133688] S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-01-28 281656] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896] S2 MSSQL$SQLFIELDCARE;SQL Server (SQLFIELDCARE);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.SQLFIELDCARE\MSSQL\Binn\sqlservr.exe [2011-06-17 43040096] S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-01-18 113264] S2 PROFIbrd;PROFIBUS V5 Hardware Driver (Softing); [x] S2 PROFIprt;PROFIBUS Protocol Driver (Softing); [x] S2 PROFIstack;PROFIBUS V6 Hardware Driver (Softing); [x] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528] S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224] S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2010-03-25 9216] S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x] S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2010-02-24 26664] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2010-02-24 30248] S3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys [2011-02-28 101416] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168] S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712] S3 Mbm3CBus;HP hs2340 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-10-31 411208] S3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-10-31 419912] S3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-10-31 19528] S3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-10-31 472648] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-08-20 147288] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-08-20 166232] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-03-04 277032] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 70014878 *Deregistered* - 70014878 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-20 09:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880] "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2012-06-13 5398528] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-04-07 2779024] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-12-27 21:02:25 ComboFix-quarantined-files.txt 2012-12-27 20:02 . Vor Suchlauf: 10 Verzeichnis(se), 371.582.050.304 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 371.550.593.024 Bytes frei . - - End Of File - - 430AF080F6860508020BAC5E769620E1 |
28.12.2012, 15:33 | #9 |
/// Malware-holic | gvu trojaner, (ukash) hat mich erwischt. Hi, lade den CCleaner standard: CCleaner Download - CCleaner 3.26.1888 falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.12.2012, 11:38 | #10 |
| gvu trojaner, (ukash) hat mich erwischt. ich hoffe, du kannst da etwas mit anfangen. Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 26.12.2012 6,00 MB 11.5.502.135 "notwendig" Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 20.08.2012 121 MB 10.1.4 "notwendig" Alcor Micro Smart Card Reader Driver Alcor Micro Corp. 13.06.2012 88,0 KB 1.7.16.0 "notwendig" ALPHAPLAN Client 2010 CVS Ingenieurgesellschaft mbH 21.08.2012 2,92 MB 3.12.2010 "notwendig" AMD Catalyst Install Manager Advanced Micro Devices, Inc. 13.06.2012 22,7 MB 3.0.851.0 "notwendig" ArcSoft Webcam Sharing Manager ArcSoft 13.06.2012 7,78 MB 2.0.0.30 "notwendig" Avira Management Console Agent Avira Operations GmbH & Co. KG 21.08.2012 "notwendig" Avira Professional Security Avira 07.12.2012 130 MB 12.1.9.1580 "notwendig" Broadcom 2070 Bluetooth 3.0 Broadcom Corporation 13.06.2012 183 MB 6.3.0.6300 "notwendig" Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 13.06.2012 5.60.48.61 "notwendig" Broadcom Wireless Utility Broadcom Corporation 13.06.2012 5.60.48.61 "notwendig" Canon IJ Network Scanner Selector EX 24.09.2012 "notwendig" Canon IJ Network Tool 24.09.2012 "notwendig" Canon Inkjet Printer/Scanner/Fax Extended Survey Program 24.09.2012 "notwendig" Canon MG5300 series Benutzerregistrierung 24.09.2012 "notwendig" Canon MG5300 series MP Drivers 24.09.2012 "notwendig" Canon My Printer 24.09.2012 "notwendig" CCleaner Piriform 19.12.2012 3.26 "notwendig" CDI_Driver_Setup E+H Process Solutions AG 07.11.2012 28,0 KB 1.0.0 "notwendig" Cisco EAP-FAST Module Cisco Systems, Inc. 13.06.2012 1,55 MB 2.2.14 "unbekannt" Cisco LEAP Module Cisco Systems, Inc. 13.06.2012 644 KB 1.0.19 "unbekannt" Cisco PEAP Module Cisco Systems, Inc. 13.06.2012 1,23 MB 1.1.6 "unbekannt" David Client Tobit.Software 21.08.2012 11.00a "notwendig" Endress+Hauser Basic DTM Foundation fieldbus V2.33.00 Endress+Hauser 07.11.2012 27,5 MB 2.0.71.0"notwendig" Endress+Hauser CDI DTMlibrary V2.33.00 Endress+Hauser 07.11.2012 820 MB 1.7.680 "notwendig" Endress+Hauser EnvelopeCurveViewer 2011 Endress+Hauser 07.11.2012 9,55 MB 3.00.03.0408 "notwendig" Endress+Hauser FF DTMLibrary V2.33.00 ENDRESS+HAUSER 07.11.2012 415 MB 1.7.109 "notwendig" Endress+Hauser FXA520 DTM V1.05.09 Endress+Hauser 07.11.2012 29,4 MB 1.05.09 "notwendig" Endress+Hauser HART DTMlibrary V2.33.00 Endress+Hauser 07.11.2012 1,92 GB 1.7.454 "notwendig" Endress+Hauser HART Generic DTM V3.1.7 Endress+Hauser 07.11.2012 7,68 MB 3.1.7 "notwendig" Endress+Hauser IPC (Level/Pressure) FXA193/291 DTMlibrary V2.33.00 Endress+Hauser 07.11.2012 1,01 GB 1.7.453 "notwendig" Endress+Hauser PCP DTMlibrary V2.33.00 Endress+Hauser 07.11.2012 30,8 MB 1.7.452 "notwendig" Endress+Hauser PROFIBUS DTMlibrary V2.33.00 Endress+Hauser 07.11.2012 2,35 GB 1.7.318 "notwendig" Endress+Hauser SFC162 Communication DTM V1.01.02.000 Endress+Hauser Process Solutions AG 07.11.2012 14,5 MB 1.01.02.000 "notwendig" Endress+Hauser SFC173 Communication DTM V1.01.01 Endress+Hauser 07.11.2012 6,95 MB 1.1.1.1 "notwendig" Endress+Hauser SFG500 Comm DTM Endress+Hauser Process Solutions AG 07.11.2012 45,4 MB 1.00.04.107 "notwendig" Energy Star Digital Logo Hewlett-Packard 13.06.2012 300 KB 1.0.1 "notwendig" FieldCare Endress+Hauser 07.11.2012 8,01 MB 2.09.00.1617 "notwendig" FieldCare FF commDTM Metso Endress+Hauser Technology AG 07.11.2012 1,37 MB 1.5.2.0 "notwendig" FieldCare HART Modem Metso Endress+Hauser Technology AG 07.11.2012 2,46 MB 1.0.42.0 "notwendig" FieldCare HART OPC commDTM Metso Endress+Hauser Technology AG 07.11.2012 2,43 MB 2.0.0.186 "notwendig" FieldCare Profibus Metso Endress+Hauser Technology AG 07.11.2012 16,5 MB 2.11 "notwendig" FieldCare Profibus Profile Endress+Hauser Process Solutions AG 07.11.2012 78,5 MB 1.5.67012 "notwendig" Free Video to Nokia Phones Converter version 5.0.17.903 DVDVideoSoft Ltd. 06.09.2012 74,0 MB 5.0.17.903 "unnötig" FXA195_Driver_Setup E+H Process Solutions AG 07.11.2012 6,51 MB 1.00.00 "notwendig" FXA291_Driver_Setup E+H Process Solutions AG 07.11.2012 3,15 MB 1.00.00 "notwendig" Galileo V8.0.3 (12065) Eaton Automation 19.10.2012 8.0.3.12065 "notwendig" HART OPC Server Metso Endress+Hauser Technology AG 07.11.2012 4,96 MB 3.2.0 "notwendig" HP 3D DriveGuard Hewlett-Packard Company 08.03.2011 9,67 MB 4.1.4.1 "notwendig" HP Client Automation Agent Preload Hewlett-Packard 08.03.2011 5,87 MB 7.5 "notwendig" HP DayStarter Hewlett-Packard Company 13.06.2012 18,6 MB 2.0.0.12 "notwendig" HP Documentation Hewlett-Packard 13.06.2012 0,96 GB 1.1.0.0 "notwendig" HP ESU for Microsoft Windows 7 Hewlett-Packard Company 08.03.2011 16,1 MB 1.1.11.1"notwendig" HP GPS and Location Hewlett-Packard Company 13.06.2012 14,7 MB 1.0.26.1 "notwendig" HP HotKey Support Hewlett-Packard Company 08.03.2011 12,3 MB 4.0.10.1 "notwendig" HP Mobile Broadband Drivers Ericsson AB 13.06.2012 6.3.5.3 "notwendig" HP Power Assistant Hewlett-Packard Company 08.03.2011 37,3 MB 2.0.2.0 "notwendig" HP QuickWeb Hewlett-Packard Company 13.06.2012 4,35 MB 3.0.0.9057 "notwendig" HP Setup Hewlett-Packard Company 08.03.2011 8.5.4526.3645 "notwendig" HP SoftPaq Download Manager Hewlett-Packard Company 08.03.2011 13,9 MB 3.2.0.0 "notwendig" HP Software Framework Hewlett-Packard Company 13.06.2012 2,81 MB 4.0.112.1 "notwendig" HP Software Setup Hewlett-Packard Company 08.03.2011 14,1 MB 8.2.1.1 "notwendig" HP System Default Settings Hewlett-Packard Company 08.03.2011 1,58 MB 2.1.2 "notwendig" HP Wallpaper Hewlett-Packard Company 08.03.2011 44,3 MB 2.00 "notwendig" HP Webcam Roxio 13.06.2012 9,76 MB 1.0.25.0 "notwendig" HP Webcam Driver Sonix 13.06.2012 5.8.50058.0 "notwendig" IDT Audio IDT 13.06.2012 1.0.6325.0 "notwendig" Intel(R) Identity Protection Technology 1.0.71.0 Intel Corporation 13.06.2012 1,13 MB 1.0.71.0 "notwendig" Intel(R) Management Engine Components Intel Corporation 08.03.2011 7.0.0.1144 "notwendig" Intel(R) Network Connections Drivers Intel 13.06.2012 916 KB 15.4 "notwendig" Intel(R) Rapid Storage Technology Intel Corporation 13.06.2012 10.1.2.1004 "notwendig" IOassistant Eaton 03.09.2012 59,1 MB 2.6.4000 "notwendig" ISSDeviceDTMSetup Endress+Hauser 07.11.2012 145 MB 6.06.2100 "notwendig" Java 7 Update 10 Oracle 27.12.2012 128 MB 7.0.100 "notwendig" JMicron 1394 Filter Driver JMicron Technology Corp. 13.06.2012 1.00.21.00 "notwendig" JMicron Flash Media Controller Driver JMicron Technology Corp. 13.06.2012 1.0.57.2 "notwendig" LightScribe System Software LightScribe 08.03.2011 24,5 MB 1.18.15.1 "notwendig" Logitech Vid HD Logitech Inc.. 05.11.2012 7.2 (7248) "notwendig" Logitech Webcam Software Logitech Inc. 05.11.2012 2.0 "notwendig" LSI HDA Modem LSI Corporation 13.06.2012 16,0 KB 2.2.100 "notwendig" MailStore Client 6.0.5.6910 deepinvent Software GmbH 21.08.2012 29,8 MB 6.15.0 "notwendig" Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 20.12.2012 19,4 MB 1.65.1.1000 "notwendig" Microsoft .NET Compact Framework 2.0 SP2 Microsoft Corporation 16.10.2012 93,2 MB 2.0.7045 "notwendig" Microsoft .NET Framework 4 Client Profile Microsoft Corporation 08.03.2011 38,8 MB 4.0.30319 "notwendig" Microsoft .NET Framework 4 Extended Microsoft Corporation 08.03.2011 51,9 MB 4.0.30319 "notwendig" Microsoft Office Home and Business 2010 Microsoft Corporation 21.08.2012 14.0.6029.1000 "notwendig" Microsoft Silverlight Microsoft Corporation 20.08.2012 40,3 MB 4.1.10329.0 "notwendig" Microsoft SQL Server 2008 R2 Microsoft Corporation 07.11.2012 "notwendig" Microsoft SQL Server 2008 R2 Native Client Microsoft Corporation 01.12.2012 6,09 MB 10.51.2500.0 "notwendig" Microsoft SQL Server 2008 R2 Setup (English) Microsoft Corporation 01.12.2012 26,6 MB 10.51.2500.0 "notwendig" Microsoft SQL Server 2008 Setup Support Files Microsoft Corporation 07.11.2012 21,6 MB 10.1.2731.0 "notwendig" Microsoft SQL Server Browser Microsoft Corporation 01.12.2012 9,19 MB 10.51.2500.0 "notwendig" Microsoft SQL Server VSS Writer Microsoft Corporation 01.12.2012 3,64 MB 10.51.2500.0 "notwendig" Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 20.08.2012 300 KB 8.0.61001 "notwendig" Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 13.06.2012 612 KB 8.0.61000 "notwendig" Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 08.03.2011 788 KB 9.0.30729 "notwendig" Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 20.08.2012 788 KB 9.0.30729.6161 "notwendig" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.03.2011 596 KB 9.0.30729 "notwendig" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.08.2012 224 KB 9.0.30729.4148 "notwendig" Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 20.08.2012 600 KB 9.0.30729.6161 "notwendig" Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 20.08.2012 13,7 MB 10.0.30319 "notwendig" Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 21.08.2012 16,5 MB 10.0.40219 "notwendig" Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 15.10.2012 "notwendig" MotionStudio SEW-EURODRIVE GmbH & Co KG 16.10.2012 226 MB 5.8.0 "notwendig" MOVITOOLS-MotionStudio SEW-EURODRIVE GmbH & Co KG 16.10.2012 "notwendig" MOVITOOLS® 4.70 SEW-EURODRIVE GmbH & Co KG 15.10.2012 409 MB 4.7.0 "notwendig" MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2012 1,27 MB 4.20.9870.0 "notwendig" MSXML 4.0 SP2 (KB973688) Microsoft Corporation 12.11.2012 1,33 MB 4.20.9876.0 "notwendig" MXpro V2.3.6 Micro Innovation AG 03.09.2012 2.3.6 "notwendig" MXpro V2.3.6 SP1 Micro Innovation AG 03.09.2012 2.3.6 SP1 "notwendig" MXpro V2.3.9 (Patch 2) Micro Innovation 03.09.2012 2.3.9 (990) "notwendig" MXpro V2.3.9 SP1 Micro Innovation 03.09.2012 2.3.9 SP1 (1122) "notwendig" NETLink-S7-NET 06.09.2012 "notwendig" NetSetMan 3.4.5 Ilja Herlein 09.10.2012 7,45 MB 3.4.5 "notwendig" Oracle VM VirtualBox 4.1.20 Oracle Corporation 03.09.2012 139 MB 4.1.20 "notwendig" PCAN OEM 64-Bit 16.10.2012 18,6 MB "unbekannt" Pepperl+Fuchs Point to bus HART V1.5.9 Pepperl+Fuchs GmbH 07.11.2012 32,8 MB 1.5.9.1 "notwendig" PLCEditor für MOVITOOLS MotionStudio SEW Eurodrive GmbH & Co. KG 16.10.2012 "notwendig" PLCEditorGatewayServer SEW Eurodrive GmbH & Co. KG 16.10.2012 1,83 MB 2.3.0925 "notwendig" SEW sCAN SEW EURODRIVE 15.10.2012 18,1 MB 1.3.0 "notwendig" SEW-Communication-Server SEW Eurodrive GmbH 16.10.2012 8,56 MB 1.0.0 "notwendig" Skype™ 5.10 Skype Technologies S.A. 06.09.2012 19,4 MB 5.10.116 "notwendig" Softing Profibus Drivers and API Softing AG 07.11.2012 11,2 MB 5.45.6 "notwendig" Synaptics Pointing Device Driver Synaptics Incorporated 16.08.2012 46,4 MB 15.3.25.0 "notwendig" TeamViewer 7 TeamViewer 06.09.2012 7.0.14484 "notwendig" Total Commander (Remove or Repair) Ghisler Software GmbH 20.08.2012 8.01 "notwendig" Trebing + Himstedt DTM Library V4.0.4.0 Trebing & Himstedt Prozeßautomation GmbH & Co. KG 07.11.2012 47,6 MB 4.0.4.0 "notwendig" TXU10 Setup E+H Process Solutions AG 07.11.2012 4,87 MB 1.00.00 "notwendig" Validity Fingerprint Sensor Driver Validity Sensors, Inc. 13.06.2012 24,8 MB 4.3.117.0 "notwendig" VIP Access SDK x64(1.0.0.50) Symantec Inc. 13.06.2012 1.0.0.50 "notwendig" Vodafone Mobile Connect Lite Vodafone 29.10.2012 34,1 MB 9.4.9.22273 "notwendig" Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02) FTDI 16.10.2012 07/12/2010 2.08.02 "notwendig" Windows-Treiberpaket - FTDI CDM Driver Package (07/12/2010 2.08.02) FTDI 16.10.2012 07/12/2010 2.08.02 "notwendig" Windows-Treiberpaket - libusb-win32 (libusb0) libusb-win32 devices (10/02/2010 1.2.2.0) libusb-win32 16.10.2012 10/02/2010 1.2.2.0 "notwendig" XC/XV-Targets V2.3.9 SP2 Eaton Automation 03.09.2012 2.3.9 SP2 (1384) "notwendig" XC/XV-Targets V2.3.9 SP2 (Patch 1) Eaton Automation 19.10.2012 2.3.9 SP2 (1517) "notwendig" XSoft-CoDeSys V2.3.9 SP2 Eaton Automation 03.09.2012 2.3.9 SP2 (1384) "notwendig" XV-Targets V2.3.9 (Patch 2) Micro Innovation 03.09.2012 2.3.9 (990) "notwendig" XV-Targets V2.3.9 SP1 Micro Innovation 03.09.2012 2.3.9 SP1 (1122) "notwendig" |
02.01.2013, 21:11 | #11 |
/// Malware-holic | gvu trojaner, (ukash) hat mich erwischt. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Free Video Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.01.2013, 09:52 | #12 |
| gvu trojaner, (ukash) hat mich erwischt. # AdwCleaner v2.104 - Datei am 03/01/2013 um 09:45:51 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : meyer - LT138 # Bootmodus : Normal # Ausgeführt unter : C:\Users\meyer\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\meyer\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R3].txt - [982 octets] - [03/01/2013 09:45:51] ########## EOF - C:\AdwCleaner[R3].txt - [1041 octets] ########## |
03.01.2013, 18:06 | #13 |
/// Malware-holic | gvu trojaner, (ukash) hat mich erwischt. Hi Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.01.2013, 21:07 | #14 |
| gvu trojaner, (ukash) hat mich erwischt. ein neustart hat gereicht. hier die datei: # AdwCleaner v2.104 - Datei am 03/01/2013 um 21:02:05 erstellt # Aktualisiert am 29/12/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : meyer - LT138 # Bootmodus : Normal # Ausgeführt unter : C:\Users\meyer\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\meyer\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R5].txt - [1108 octets] - [03/01/2013 21:01:33] AdwCleaner[S1].txt - [1044 octets] - [03/01/2013 21:02:05] ########## EOF - C:\AdwCleaner[S1].txt - [1104 octets] ########## rechner läuft unauffällig!!! Geändert von kreuz as (03.01.2013 um 21:08 Uhr) Grund: vergessen |
05.01.2013, 16:34 | #15 |
/// Malware-holic | gvu trojaner, (ukash) hat mich erwischt. Hi öffne OTL, bereinigen, PC startet neu,löscht Remover. Falls setups etc über bleiben, löschen, papierkorb leeren. PC absichern: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. http://www.trojaner-board.de/103809-...i-malware.html testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu gvu trojaner, (ukash) hat mich erwischt. |
erwischt, funde, guten, gvu trojaner, konnte, malwarebytes, neue, neuen, scan, troja, trojaner, ukash |