| |
| |||||||
Log-Analyse und Auswertung: EVU Trojaner - Bitte um HilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.01.2013, 18:52
| #1 |
 |  EVU Trojaner - Bitte um Hilfe Das erste mal seit Jahren hat es mich nun auch einmal wieder erwischt. Seit dem 20.12.2012 habe ich den EVU Trojaner auf meinem Laptop mit dem bekannten Symptom -> beim Starten wird der Computer gesperrt und der EVU Bildschirm mit dem Hinweis 100 EUR zu überweisen angezeigt (Hat meine Freundin natürlich auch gleich gemacht, hat das Geld aber glücklicherweise wieder zurück bekommen...) Nun würde ich gern versuchen meinen Laptop wieder in Gang zu bekommen, wenn möglich unter Beibehaltung meiner Daten. Wiederherstellungspunkte gibt es leider keine aktuellen, da die Sicherungspartion scheinbar seit geraumer Zeit überfüllt ist. Folgendes habe ich gemacht: Scheinbar hatte ich Glück und komme ziemlich einfach ins Windows, nämlich durch Ausschalten des WLAN Routers (und anschließend natürlich gleich die Deaktivierung der WLAN Verbindung) Sobald aber wieder eine Internet Verbindung besteht kommt der EVU Bildschirm wieder. Ich hoffe es findet sich jemand, der mit helfen kann meinen Laptop wieder sauber zu kriegen, Danke schon mal im voraus. Kurze Frage vorab: Kann ich den Stick mit den Loggern wieder sorglos an einen nicht infizierten Rechner anschließen? (okay das Risiko musste ich soeben eingehen um die Logfiles auf diesen Rechner zu kopieren) Und: Wie verhält es sich mit der Festplatte auf die ich meine wichtigsten Daten kopiert habe? So jetzt zu den Logs: Schritt 1: Defrogger wurde erfolgreich ausgeführt und deaktiviert Schritt 2: OTL.txt Code:
ATTFilter OTL logfile created on: 04.01.2013 18:11:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maik\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,18% Memory free 6,00 Gb Paging File | 4,79 Gb Available in Paging File | 79,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 256,99 Gb Total Space | 127,08 Gb Free Space | 49,45% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 3,62 Gb Total Space | 3,61 Gb Free Space | 99,94% Space Free | Partition Type: FAT32 Computer Name: MAIK-PC | User Name: Maik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.04 17:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2013.01.04 17:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe PRC - [2012.11.10 14:40:07 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Maik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012.08.31 01:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.08.31 01:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.08.31 01:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.08.28 12:13:00 | 003,516,344 | ---- | M] (PC Drivers Headquarters) -- C:\Programme\DriverBoost\DriverBoost\DriverBoost.exe PRC - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Maik\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.26 14:08:56 | 003,665,752 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.07 17:18:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.20 16:05:30 | 000,040,960 | ---- | M] () -- C:\Programme\phonostar-Player\phonostarTimer.exe PRC - [2011.04.27 18:47:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.07 21:42:10 | 000,477,560 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.285\mcuicnt.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.05 13:43:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.19 09:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.06.22 14:07:46 | 002,478,080 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.06.08 21:52:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.02 13:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MSIService.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 18:00:03 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 17:59:52 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ffbf68f58f6b363a0bb4ad3b458b33b4\Kies.Theme.ni.dll MOD - [2012.11.17 17:59:51 | 000,608,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\424d49ddc7e0499eb7ad23a3383a5c39\DevicePodcast.ni.dll MOD - [2012.11.17 17:59:50 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\97251ffd3639785762de2192b1367bb0\DevicePhoto.ni.dll MOD - [2012.11.17 17:59:50 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\c255a0a3604f2af66f018a7cab34383a\DeviceVideo.ni.dll MOD - [2012.11.17 17:59:49 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\05048245f00f48565f4007853d821aff\DeviceMusic.ni.dll MOD - [2012.11.17 17:59:48 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\4b6ec7942074dec89819125afc57c363\VideoManager.ni.dll MOD - [2012.11.17 17:59:47 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\e8f2a64ef24cba8bcc406a0c38abf1df\PodcastService.ni.dll MOD - [2012.11.17 17:59:45 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\d4689f8d8ac3cc2cc730348b481348f9\Podcaster.ni.dll MOD - [2012.11.17 17:59:44 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\3157f5a031c1537160fab39c88f6a470\PhotoManager.ni.dll MOD - [2012.11.17 17:59:29 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3fb9963f643a6e43a5f3075e95071d39\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.11.17 17:59:28 | 005,678,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\138faa4f2701295e2c58ef89e363893b\DeviceHost.ni.dll MOD - [2012.11.17 17:59:17 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\9cb37a529eaf76d1a0e3bf6da1de62d5\Phonebook.ni.dll MOD - [2012.11.17 17:59:11 | 001,007,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\73b37cc93eb4c6dcf997809db7c6e4a4\CPKTMusicPlugin.ni.dll MOD - [2012.11.17 17:59:09 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\a3bc819952ed2ab66979d427ecfc9c18\MusicManager.ni.dll MOD - [2012.11.17 17:59:06 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\17e0fc1a2041fade4f25a2741687ffe0\EBookManager.ni.dll MOD - [2012.11.17 17:59:05 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\d3949fd50863ce70276048116448fe36\BATPlugin.ni.dll MOD - [2012.11.17 17:59:04 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\44c98acc33b8dea0c4d1ddf14e46a21f\AllShareController.ni.dll MOD - [2012.11.17 17:59:01 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\211991e13a1bd7147773b6a1c76cb5a9\Kies.Common.StoreManager.ni.dll MOD - [2012.11.17 17:59:00 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\55fbe9063179771c2a9d9fc27ff86cba\Kies.Common.MediaDB.ni.dll MOD - [2012.11.17 17:59:00 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f8c8f34f4703169ec8ef159f4a3eff05\ASF_cSharpAPI.ni.dll MOD - [2012.11.17 17:58:59 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\d0d50fad5e8fe8d3162afcb5d2b6bddb\Kies.Common.AllShare.ni.dll MOD - [2012.11.17 17:58:58 | 000,278,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\936e305e35268ee454999b6c93dc63ca\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.11.17 17:58:57 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\89399dbb7d69a67bc61d4860e394ccb0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.11.17 17:58:56 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\358c117e190bc7c3b30772129ba9abd4\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.11.17 17:58:56 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\e69aa79efffd2c4c86c9adb11a36e0a7\Interop.DevFileServiceLib.ni.dll MOD - [2012.11.17 17:58:55 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\424388d0957c8b7fb6d5ed0a2e7af878\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.11.17 17:58:54 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\74262e0140ce93c36cb628751d9c7ce9\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.11.17 17:58:53 | 000,902,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ec3f62c5f333c2cd143cee7fe47a40bc\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.11.17 17:58:52 | 001,025,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\299d5529a819e7f3d9cd548ca478c670\Kies.Common.DeviceService.ni.dll MOD - [2012.11.17 17:58:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll MOD - [2012.11.17 17:58:47 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\5911766cf78c9ff4b4b89dcd0d2f3899\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.11.17 17:58:47 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\b2991e7347afcb391a714b60ebf7fdff\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.11.17 17:58:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\1ea9d4d50c7fdf418de5c801ed76701d\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.11.17 17:58:47 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\4611b6c0f9fbf71ecb81eb8fd6b5f2c4\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.11.17 17:58:45 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\d3e68df5f9cb57209bed5add5c2a55a0\Kies.Common.Multimedia.ni.dll MOD - [2012.11.17 17:58:41 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\b65e465e082adf5a8051c32119784604\Kies.Common.MainUI.ni.dll MOD - [2012.11.17 17:58:40 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\e50e1a832f1285357f0fbbfa2b9e9a19\Kies.Common.DBManager.ni.dll MOD - [2012.11.17 17:58:39 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\a7d6c3e5b62fecc924bbb0032e13d440\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.11.17 17:58:39 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\dd6c740085ff9051f0b9d7aec72f889f\CabLib.ni.dll MOD - [2012.11.17 17:58:39 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\b588a9fc95ce714f3807256821cdff6f\Kies.Common.Util.ni.dll MOD - [2012.11.17 17:58:38 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\4b6a37da062543cb6a866f649ffa849e\Kies.Locale.ni.dll MOD - [2012.11.17 17:58:38 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\6a805942c8c6f80be2f6d60410b0fef9\Interop.DeviceSearchLib.ni.dll MOD - [2012.11.17 17:58:37 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f8e88004811df47a7f15a4286b481017\Kies.UI.ni.dll MOD - [2012.11.17 17:58:37 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\17fe14a98797cb83d09401fdbc5ddf2a\Kies.MVVM.ni.dll MOD - [2012.11.17 17:58:35 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\088676cc322e339363b855b240aa1105\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.11.17 17:58:33 | 001,185,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\76f0a312890f736489f4b2766ea45ad5\Kies.Interface.ni.dll MOD - [2012.11.17 17:58:21 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll MOD - [2012.11.17 17:58:07 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3ebb49cd31ae72ca680a647130a33e95\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 17:57:58 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll MOD - [2012.11.17 17:57:55 | 001,673,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\520f350554ab9e4da9b4048481146659\Kies.ni.exe MOD - [2012.11.17 17:54:05 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\c8ae107ef5d9e3a0765de835975b31a0\XPBurnComponent.ni.dll MOD - [2012.11.17 17:54:03 | 001,777,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\9cdd39ec1e0f467706d41144f6b46be1\RuleEngine.ni.dll MOD - [2012.11.17 17:54:03 | 000,235,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\2eb10cf495db12785e10d027d6a31016\Microsoft.ApplicationBlocks.Updater.ni.dll MOD - [2012.11.17 17:54:02 | 000,357,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\f230503357da39c9ed69181df137dee9\Microsoft.Win32.TaskScheduler.ni.dll MOD - [2012.11.17 17:54:01 | 000,837,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\69c7886eef7bb8ba8cb469bc40542baa\Agent.Communication.ni.dll MOD - [2012.11.17 17:54:01 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\a60794fb7ec1f25d7c3a28def07f1dc3\Interop.WUApiLib.ni.dll MOD - [2012.11.17 17:53:57 | 002,283,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\b5a37a653edf4594b60691ba7a1b3c12\Common.ni.dll MOD - [2012.11.17 17:53:57 | 000,060,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\e71477a45267d46fa8357af532e4c105\ExceptionLogging.ni.dll MOD - [2012.11.17 17:53:55 | 000,769,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\f714da3db09911a1cae7519644c6e75c\Agent.Common.ni.dll MOD - [2012.11.17 17:53:54 | 007,612,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\beca08ebf1bf1ac4bcb1dd104ace11ad\Agent.ni.exe MOD - [2012.11.17 17:51:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll MOD - [2012.11.17 17:51:44 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\616b25e9ad3de7ab58c67f200e21dbac\System.Web.ni.dll MOD - [2012.11.17 17:51:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 17:51:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012.11.17 17:51:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.17 17:50:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.17 17:50:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.17 17:50:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.17 17:50:27 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.17 17:50:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.11.16 23:30:39 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll MOD - [2012.11.16 23:30:23 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll MOD - [2012.11.16 23:30:12 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll MOD - [2012.11.16 23:30:12 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll MOD - [2012.11.16 23:27:35 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll MOD - [2012.11.16 23:27:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll MOD - [2012.11.16 23:27:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll MOD - [2012.11.16 23:27:08 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll MOD - [2012.11.16 23:26:59 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll MOD - [2012.11.16 23:26:58 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll MOD - [2012.11.16 23:26:51 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll MOD - [2012.09.01 16:17:57 | 000,115,137 | ---- | M] () -- C:\Users\Maik\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll MOD - [2012.08.31 01:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.08.28 12:13:02 | 000,703,432 | ---- | M] () -- C:\Programme\DriverBoost\DriverBoost\ThemePack.DriverBoost.dll MOD - [2012.08.28 11:58:18 | 000,309,224 | ---- | M] () -- C:\Programme\DriverBoost\DriverBoost\Agent.Communication.XmlSerializers.dll MOD - [2011.07.03 15:34:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.06.20 16:05:30 | 000,040,960 | ---- | M] () -- C:\Programme\phonostar-Player\phonostarTimer.exe MOD - [2011.06.15 13:07:10 | 002,293,248 | ---- | M] () -- C:\Programme\phonostar-Player\QtCore4.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.30 10:46:40 | 000,416,256 | ---- | M] () -- C:\Programme\phonostar-Player\plugins\sqldrivers\qsqlite4.dll MOD - [2011.03.30 07:16:34 | 008,173,568 | ---- | M] () -- C:\Programme\phonostar-Player\QtGui4.dll MOD - [2011.03.30 06:59:40 | 000,191,488 | ---- | M] () -- C:\Programme\phonostar-Player\QtSql4.dll MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.06.22 11:52:02 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3811.38670__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.06.22 11:52:02 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3811.38550__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3811.38570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.06.22 11:52:02 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3811.38672__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3811.38621__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3811.38558__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:02 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3811.38602__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3811.38641__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:02 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3811.38592__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3811.38564__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.06.22 11:52:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3811.38559__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3811.38672__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3811.38670__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 001,298,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3811.38666__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,856,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3811.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3811.38571__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3811.38615__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.06.22 11:52:01 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3811.38570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3811.38649__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3811.38594__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.06.22 11:52:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3811.38665__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3811.38574__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3811.38649__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3811.38589__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3811.38601__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3811.38575__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.06.22 11:52:00 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3811.38542__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3811.38540__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3811.38585__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3811.38621__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3811.38592__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3811.38606__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3811.38568__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.06.22 11:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3811.38602__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3811.38600__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3811.38539__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3811.38635__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3811.38616__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3811.38559__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3811.38567__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3811.38541__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3811.38542__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3811.38548__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3811.38541__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3811.38564__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3811.38540__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3811.38615__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3811.38640__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3811.38544__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.06.22 11:52:00 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3811.38541__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.06.22 11:52:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.06.22 11:52:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3811.38541__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.06.22 11:52:00 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3811.38548__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.06.22 11:52:00 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3811.38639__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.06.22 11:52:00 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3811.38543__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3811.38543__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3811.38646__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3811.38549__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.06.22 11:51:59 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3811.38554__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.06.22 11:51:59 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3811.38664__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3811.38629__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.06.22 11:51:59 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3811.38564__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.06.22 11:51:59 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3811.38635__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3811.38633__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3811.38547__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.06.22 11:51:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3811.38546__90ba9c70f846762e\APM.Server.dll MOD - [2010.06.22 11:51:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3811.38548__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.06.22 11:51:59 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3811.38544__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3811.38546__90ba9c70f846762e\AEM.Server.dll MOD - [2010.06.22 11:51:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3811.38646__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.06.22 11:51:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3811.38544__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.06.22 11:51:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3811.38553__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3811.38542__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.06.22 11:51:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.06.22 11:51:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3811.38543__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.06.22 11:51:59 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3811.38634__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3811.38563__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3811.38553__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3811.38569__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3811.38547__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.06.22 11:51:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3811.38545__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.06.22 11:51:59 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.11.02 13:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 13:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2012.12.13 19:09:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.06 20:16:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.26 14:08:56 | 003,665,752 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.07.07 17:18:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.04.27 18:47:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.01.11 09:48:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.07.07 17:18:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.07 17:18:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.31 18:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.06.09 00:53:34 | 005,551,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.06.08 21:19:18 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.12.21 14:56:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{06B10694-38BD-4D05-80F1-9A5B4412F98B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{468D310B-E6D5-4B11-A734-A1D22EEE4BE5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BEBFF2D5-FE36-4172-A96D-D9C96E1BE139&apn_sauid=B7CD90B6-3B7C-41B7-AC10-A62972CFBFF0 IE - HKCU\..\SearchScopes\{77E1BADB-E50D-442C-9BC4-FB06E81EE7ED}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\..\SearchScopes\{78C422A2-3BE7-4A94-98F5-F749E5A6AC2B}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKCU\..\SearchScopes\{D81D3048-98AC-4046-8A8E-7430692A9614}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{F736B167-4030-45AC-B074-033055D992CF}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=BEBFF2D5-FE36-4172-A96D-D9C96E1BE139&apn_ptnrs=U3&apn_sauid=B7CD90B6-3B7C-41B7-AC10-A62972CFBFF0&apn_dtid=OSJ000YYDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:16:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:16:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.17 19:49:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:16:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:16:55 | 000,000,000 | ---D | M] [2011.05.30 17:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions [2011.05.30 17:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.06 20:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\nrnhh2x1.default\extensions [2012.12.06 20:23:04 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\nrnhh2x1.default\extensions\toolbar@ask.com [2012.11.16 23:02:55 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\extensions\toolbar@web.de.xpi [2011.05.16 18:02:38 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2012.11.16 23:02:57 | 000,000,911 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\11-suche.xml [2012.12.06 20:23:04 | 000,002,308 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\askcom.xml [2011.05.05 17:24:02 | 000,002,289 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\ecosia.xml [2012.11.16 23:02:57 | 000,002,273 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\englische-ergebnisse.xml [2012.11.16 23:02:57 | 000,010,563 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\gmx-suche.xml [2012.11.16 23:02:57 | 000,002,432 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\lastminute.xml [2012.11.16 23:02:57 | 000,005,545 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\webde-suche.xml [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 20:16:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.23 17:10:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 14:54:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.23 17:10:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 17:10:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 17:10:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 17:10:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DriverBoost] C:\Program Files\DriverBoost\DriverBoost\DriverBoost.exe (PC Drivers Headquarters) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [phonostarTimer] C:\Programme\phonostar-Player\phonostarTimer.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Maik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{117206FD-4549-4CC5-AE35-EC2EDEE8F0E3}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E88D494-88B0-4797-939A-DA56D45D1123}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{790ABDB0-69AF-4748-AE9F-5257E27B7A5C}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8201C594-566C-4F85-8DEC-DCFD24DDAB5A}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1ac2ada3-730a-11e0-9ee5-406186afb080}\Shell - "" = AutoRun O33 - MountPoints2\{1ac2ada3-730a-11e0-9ee5-406186afb080}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8fd3ee66-2f76-11e0-9a82-406186afb080}\Shell - "" = AutoRun O33 - MountPoints2\{8fd3ee66-2f76-11e0-9a82-406186afb080}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8fd3ee74-2f76-11e0-9a82-406186afb080}\Shell - "" = AutoRun O33 - MountPoints2\{8fd3ee74-2f76-11e0-9a82-406186afb080}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.04 18:10:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe [2012.12.30 20:36:47 | 000,000,000 | ---D | C] -- C:\Users\Maik\Desktop\Sicherung [2012.12.06 20:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.12.06 20:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.06 20:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.04 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.04 17:49:45 | 000,000,000 | ---- | M] () -- C:\Users\Maik\defogger_reenable [2013.01.04 17:48:18 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.04 17:48:18 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.04 17:48:18 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.04 17:48:18 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.04 17:41:00 | 000,357,376 | ---- | M] () -- C:\Users\Maik\Desktop\hetvdqfk.exe [2013.01.04 17:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe [2013.01.04 17:39:54 | 000,050,477 | ---- | M] () -- C:\Users\Maik\Desktop\Defogger.exe [2013.01.04 17:24:58 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.04 17:24:58 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.04 17:24:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.04 17:16:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.04 17:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.04 17:16:34 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.12.20 20:01:42 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.16 16:00:27 | 000,334,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.04 18:10:51 | 000,357,376 | ---- | C] () -- C:\Users\Maik\Desktop\hetvdqfk.exe [2013.01.04 18:10:51 | 000,050,477 | ---- | C] () -- C:\Users\Maik\Desktop\Defogger.exe [2013.01.04 17:49:45 | 000,000,000 | ---- | C] () -- C:\Users\Maik\defogger_reenable [2012.12.20 11:30:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.02 12:22:39 | 000,001,652 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.04.13 19:12:08 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2012.01.05 18:28:51 | 000,017,408 | ---- | C] () -- C:\Users\Maik\AppData\Local\WebpageIcons.db [2011.12.19 21:46:23 | 000,000,860 | ---- | C] () -- C:\Users\Maik\.recently-used.xbel [2011.02.28 13:58:51 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.02.12 23:32:21 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.12 23:32:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.16 15:22:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.26 20:58:02 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Amazon [2010.12.19 20:26:38 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Ashampoo [2013.01.04 17:17:12 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Dropbox [2012.02.01 21:18:41 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\elsterformular [2011.12.19 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\gtk-2.0 [2012.12.05 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\ICQ [2012.08.30 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Mp3tag [2011.07.03 15:35:26 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\OpenOffice.org [2010.08.26 20:00:36 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Opera [2012.08.29 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\PCCUStubInstaller [2011.05.24 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\phonostar GmbH [2010.10.13 15:43:53 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\PlayFirst [2012.09.01 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Samsung [2013.01.04 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\SoftGrid Client [2012.12.11 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Spotify [2012.09.02 12:32:29 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Systweak [2011.05.30 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Thunderbird [2012.04.13 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Tobit [2010.08.16 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\TP [2010.10.13 15:43:52 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:91486201 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.01.2013 17:51:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,60% Memory free
6,00 Gb Paging File | 4,87 Gb Available in Paging File | 81,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 127,08 Gb Free Space | 49,45% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 3,62 Gb Total Space | 3,61 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Computer Name: MAIK-PC | User Name: Maik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0900D24E-6695-4738-B815-7552D045F9ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{09883CE9-26FE-4A45-989B-37A0BD81E4D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C8C2D0D-7D9D-4C17-9100-C09547172459}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28187768-6E5D-4CF5-93FC-076F029C6EC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{29E2B73A-1EB0-4443-9187-81E823B61F17}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BE1D883-6EA8-4F69-B27F-C4DF8DA53F17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AC07D75-4EE6-4667-87BF-21169AFC217B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{481D8800-D9EB-4A76-87D9-6792E4CA4D16}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E47CB00-8DA5-4B8C-9517-4D0BD2B5288D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FD58E28-D3A2-4808-A36D-D8FD03B60F1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{50D2B6BF-EC45-473C-B5C0-DC03C3627A70}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A0012CD-DF43-4A6E-AA51-5326D4960721}" = rport=10243 | protocol=6 | dir=out | app=system |
"{685A581F-B0DF-45A6-8223-6BEFA1F120F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B7B4C0A-1EF2-44F7-A96A-477604EC4F32}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{707C00C0-4326-4A94-9E15-83629AB6DC0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BD7F9A7-A9B7-47AD-BBFE-B2B82FD0B224}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C862FE4-05EF-4FBD-ABE3-173716173733}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92E673F4-0836-4A19-A865-B68FE6711C1C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD16072-28D0-478E-92FD-CABE83F7B25D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2818382-7CF9-4197-AB43-CF1252D95EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB143DF5-4933-439B-B9E6-3850D8672933}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED9A3D3C-DD5F-4F92-A043-C0E95C1D9F56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE0B37C1-64CF-427C-BA77-ED32BB8C831D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017282CC-B9C6-4F83-B7D0-E39002E586B1}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{019B0A18-B262-4331-AEDA-1B18A178C2FC}" = protocol=17 | dir=in | app=c:\games\sid meier's civilization iv colonization\colonization.exe |
"{01BE9E87-562D-4F17-9FBD-C6A50BC539A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BB72CC1-76F2-434A-B734-799E94588E73}" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C5F5E67-C648-432F-B029-E4699CA57A1F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1092020F-1D01-4404-BE69-85E0370ECC19}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{15623B23-3FC9-4AD5-A80B-2BBC01DEFAE3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{15A2EFC3-4B58-4DBD-94F3-414D80464B77}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1DAB9A10-C92E-42A4-B713-672254D31D24}" = protocol=6 | dir=in | app=c:\games\sid meier's civilization iv colonization\colonization.exe |
"{2D7EB513-DFB3-46BB-AB9D-26C9AB2AD7BB}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{3097D33A-2001-4669-B97E-937181724DBB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{30D9D567-B6A7-4113-8F40-C6E899041CE4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{38212F2F-C530-464F-A2FA-211E04CBC478}" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\dropbox\bin\dropbox.exe |
"{3C208A52-FB9A-4FBF-894D-D2CDCE60FCC3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{47CDE574-A8C1-48F3-BD7E-8F72D016999C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4C3DE543-B759-4234-AA31-1ECF4D1BC5CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E368D31-5221-4C18-9403-709D85ECB00D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{52070E22-C55A-4568-B01F-338DCC7703DD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{5CDC7647-63B3-4844-B465-8A4A069BCD5A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5D5CC1EC-642C-49F6-AAAF-6A2808343BA4}" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"{605E4C49-2E01-4099-A5D3-688715614121}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62595E90-C346-4096-8108-E9230CCBD3B9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{66F62239-73B6-4CA1-963A-C1EE2A1BB18C}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{6D4A4784-DA64-4751-91BF-35D220619ADE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6D9EAF08-FF08-465E-8652-3312917B32B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70FCC29E-0449-4327-A023-B9178CB33E48}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{73AFFDA9-F71A-469E-8E2D-1ED236910727}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7617349D-1BB2-4EDA-A4ED-D3F085B63337}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{76939125-8A24-4527-B83E-1FC430D56AD5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{79799078-695C-467F-A2FF-F03609CF9D64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8040E519-CB35-44EF-8F13-9A6F3FB96ED6}" = protocol=6 | dir=out | app=system |
"{8049B4DD-E71F-4D32-98B7-0768A4BACA38}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8BE75A45-116F-4299-8443-F15182E26BA7}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{901E0D6A-14ED-4E50-833C-8427070193E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{960A77FD-514F-4A45-B934-2F55BAB2658C}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{9A4CE18C-72AD-4317-AD25-BF1682C652EC}" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"{A00C48BC-4047-4E03-8C13-15E0683FA55A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B82A8525-CA2F-4E9C-B759-A7537EF0F6B5}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{BA740B85-B3E9-47AC-B39B-A0A63EE28C9B}" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"{BFF2B489-25DC-44E8-B478-E454DCADF293}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C10ADB8D-E88C-4073-A2B3-8557D04C7E50}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C1BC7DF3-7F08-4052-BE11-8D150A150951}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3DB9B85-65A2-4FF4-8FB2-FF176DE8856D}" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"{C64B0979-FD56-49A4-9EE2-9E1546A2DD5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDBADB6C-C476-4251-9794-3E8256DDEED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDC24F17-F230-426D-A6DE-31792454A343}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D977F5DB-D223-4F10-ADF0-7716663EFB06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E46949A2-2660-4D55-9A37-38F87D89D62A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAE8F5D4-09BE-4824-A915-EA87ED32B866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1645387-F581-451A-8CB1-02A1EC8AC102}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F29B57A1-FAC2-4591-BF5E-827C2F3745A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7B0EF98-12F8-4559-8E9D-D0B98E220E16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{01DA4821-4498-47B9-B1F5-B7D687C1E51E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{3A67921A-E25F-48B9-9DB9-EA17ABF79FB5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{84318DCA-18AD-4B28-9427-0D4D34232DAB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{9816E7EE-09B0-400F-B8F0-87B3AE0439AA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{D383FA5C-21AF-43B3-97D1-E7F316640F83}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{E11E0C58-B97F-4E53-8650-461993D30468}C:\users\maik\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F4C97BC5-72CF-41AB-A308-515049A736BB}C:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{28F00575-13CF-408A-9616-BD606A00771E}C:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{2B306031-E0D4-43AF-BC51-4FCBC1C6607D}C:\users\maik\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3335C837-0668-4B6D-A1C2-8441D09048D3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{641CE1FD-1645-4125-A948-3BC1D484D2DA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B880465B-2D00-4021-B71B-C0F21F2D3622}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{C126564B-BEC7-45D6-B4F6-9F129B522CF1}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{F175A39E-3F6E-4037-8FC3-11E6B7A75FA4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}" = DriverBoost
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1534483D-EB1B-ACF8-2472-7C68F87516D9}" = CCC Help French
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1DE5C23D-29D2-43B7-05E3-1ACF799779C2}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23236274-1FB3-7DB1-061B-32D349AF5DB8}" = CCC Help Chinese Traditional
"{25AA04C1-8D88-6124-71CE-EA67DBCD68EE}" = Catalyst Control Center Graphics Previews Common
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C6B21B1-48D7-BDD8-B4C8-B289C9B61EA2}" = CCC Help Japanese
"{3004D82D-7D27-B373-71FC-E9CE7F1295A1}" = CCC Help Spanish
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37171C81-9EFC-D36B-2295-3F898A4D9E12}" = CCC Help Polish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62182F69-C225-5955-3EA0-02A927692F09}" = CCC Help Turkish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{679A8F3C-4B1A-A459-7EE6-9F877D4B337A}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FEDB652-96FB-28EF-1583-A3773667136B}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78370AE2-D852-90F9-2444-88DFED91EF4D}" = Catalyst Control Center Localization All
"{7C41022B-88D3-54E3-78BE-0182F390E640}" = Catalyst Control Center Graphics Previews Vista
"{82123B01-A183-A7DE-A61C-BF4BF65680C1}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C202CD3-9427-D3E9-4295-61EB3249A90E}" = Catalyst Control Center Graphics Full Existing
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}" = IndustrieGigant 2
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light
"{91B78AB4-3F74-17E2-85BA-C814F87B0FF1}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9958E1F2-AF56-B67E-4585-BA2066AA9601}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD813AC-7D0E-F9FE-55E9-572AB783CA76}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D18475C-CA21-447A-6688-007243BBF1C8}" = ccc-core-static
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A19EF447-CF86-C430-366A-469E5C0E3CCD}" = Catalyst Control Center Core Implementation
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F580B5-7123-3DEE-A0BB-BBF9ED230BC1}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0139DA-1C8D-7DBD-F765-80211E11B8CB}" = CCC Help Chinese Standard
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AFF77101-460F-55A0-19FD-CABCFC11C8B0}" = CCC Help Thai
"{B025146A-1687-9076-6E43-8A36DA2E15FD}" = CCC Help Czech
"{B362DC31-BC97-49E3-1E83-5603F01C5769}" = CCC Help Dutch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C08F9290-C0A6-A310-2901-9E25373B6DCD}" = CCC Help Norwegian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6111BC3-3EB5-5D43-C1C8-A825F12737D5}" = Catalyst Control Center InstallProxy
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D76D5FC8-4655-0E6D-6D74-C944E08290CA}" = ATI Catalyst Install Manager
"{D7F70031-2AE0-D959-40A6-F7C91CBD540F}" = CCC Help German
"{DA0B78ED-4274-C842-D9B9-3C2F85FDBDDC}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EA76784A-8127-25C6-908A-E5175566FF0A}" = CCC Help Russian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F53C1A29-3980-CFB8-EA37-10357922D0B1}" = CCC Help Swedish
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F6BC885F-F971-31DD-2F2B-086A9C2F1A93}" = CCC Help Italian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA886756-403E-5C8A-6039-1323D196B929}" = ccc-utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Diner Dash" = Diner Dash
"Diner Dash" = Diner Dash
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"FastImageResizer" = FastImageResizer (remove only)
"FreePDF_XP" = FreePDF (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"No23 Recorder" = No23 Recorder
"Norton PC Checkup_is1" = Norton PC Checkup
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.11.1661" = Opera 12.11
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.2
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SCHLECKER Fotobuch und mehr ..._is1" = SCHLECKER Fotobuch und mehr ... 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Diner Dash 2 Deluxe" = Diner Dash 2 Deluxe
"Dropbox" = Dropbox
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2012 13:56:20 | Computer Name = Maik-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
werden.
Error - 20.11.2012 14:17:40 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 26.11.2012 14:13:48 | Computer Name = Maik-PC | Source = Windows Backup | ID = 4104
Description =
Error - 27.11.2012 14:17:59 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 02.12.2012 14:04:51 | Computer Name = Maik-PC | Source = Windows Backup | ID = 4104
Description =
Error - 03.12.2012 03:46:14 | Computer Name = Maik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll,
Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00009c56 ID des fehlerhaften Prozesses: 0x3e4 Startzeit der fehlerhaften Anwendung:
0x01cdd12a1cc3d5a8 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 82b33b83-3d1d-11e2-a46a-406186afb080
Error - 04.12.2012 06:14:56 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.12.2012 09:52:55 | Computer Name = Maik-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 07.12.2012 15:29:04 | Computer Name = Maik-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 09.12.2012 08:58:18 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 09.12.2012 06:14:48 | Computer Name = Maik-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 09.12.2012 16:36:20 | Computer Name = Maik-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle
Auftragsanzahl für den Maik-PC\Maik-Benutzer ("60") ist gleich oder größer als das
durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem
beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt
festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend
neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator,
die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro
Computer zu erhöhen.
Error - 10.12.2012 03:19:45 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 10.12.2012 05:13:33 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 10.12.2012 12:55:21 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 10.12.2012 13:49:16 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 16.12.2012 13:15:18 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 20.12.2012 08:53:17 | Computer Name = Maik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?12.?2012 um 12:26:43 unerwartet heruntergefahren.
Error - 20.12.2012 09:32:42 | Computer Name = Maik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?12.?2012 um 14:02:08 unerwartet heruntergefahren.
Error - 20.12.2012 14:59:52 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report >
gmer.txt Code:
ATTFilter GMER 2.0.18327 - hxxp://www.gmer.net
Rootkit scan 2013-01-04 18:49:15
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000058 Hitachi_ rev.FC4O 298,09GB
Running: hetvdqfk.exe; Driver: C:\Users\Maik\AppData\Local\Temp\pwldypoc.sys
---- System - GMER 2.0 ----
SSDT 90D308AE ZwCreateSection
SSDT 90D308B3 ZwSetContextThread
SSDT 90D3084F ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E47A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E814D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E8862C 4 Bytes [AE, 08, D3, 90] {SCASB ; OR BL, DL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E889CC 4 Bytes [B3, 08, D3, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82E88AA4 4 Bytes [4F, 08, D3, 90] {DEC EDI; OR BL, DL; NOP }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90E1F000, 0x2FC0BA, 0xE8000020]
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[2216] kernel32.dll!SetUnhandledExceptionFilter 7666F4FB 5 Bytes JMP 00642C40 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2728] ntdll.dll!DbgUiRemoteBreakin 778FF17D 1 Byte [C3]
---- EOF - GMER 2.0 ----
|
|
04.01.2013, 19:36
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | EVU Trojaner - Bitte um Hilfe Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
04.01.2013, 19:52
| #3 |
| | EVU Trojaner - Bitte um Hilfe Den folgenden Anti-Vir Suchlauf habe ich gemacht an dem Tag als das Problem auftrat, direkt nachdem ich es geschafft hatte WLAN zu deaktivieren und wieder im Windows war.
__________________Danach habe ich WLAN wieder eingeschaltet und sofort kam der EVU Bildschirm wieder. Danach habe ich WLAN wieder deaktivert und den Laptop noch ein paar mal angehabt aber nur um Daten zu sichern, habe bisher aus Zeitgründen noch nix weiter unternommen. Einziges was mir noch einfällt: Ich habe den Laptop heute eingschaltet nachdem er wegen leerem Akku ausgegangen war, da hat er vor dem Start eine automatischen Fehlerbehebung bzw. Systemwiederherstellung versucht... Sollte er damit das Problem schon beseitigt haben? Wiederherstellungspunkte hab ich wie gesagt eigentich keine gehabt in den letzten Monaten... Soll ich das WLAN nocheinmal aktivieren und versuchen ob der Fehler bereits behoben ist? Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Donnerstag, 20. Dezember 2012 14:35
Es wird nach 4597149 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MAIK-PC
Versionsinformationen:
BUILD.DAT : 10.2.0.719 36070 Bytes 25.10.2012 10:38:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 07.07.2011 16:18:18
AVSCAN.DLL : 10.0.5.0 57192 Bytes 07.07.2011 16:18:18
LUKE.DLL : 10.3.0.5 45416 Bytes 07.07.2011 16:18:19
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 07.07.2011 16:18:20
AVREG.DLL : 10.3.0.9 88833 Bytes 12.07.2011 15:53:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:21:06
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:24:26
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:36:46
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 04:52:00
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 16:19:52
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:47:54
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 17:16:28
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 17:16:28
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 17:16:28
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 17:16:28
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 17:16:28
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 17:16:28
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 17:16:28
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 17:24:39
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 17:24:39
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 07:30:15
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 16:48:27
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 08:04:06
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 18:17:52
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 19:05:56
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 19:54:51
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 18:33:48
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 18:33:48
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 17:50:52
VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 15:02:26
VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 17:39:41
VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 18:07:06
VBASE028.VDF : 7.11.54.68 2048 Bytes 18.12.2012 18:07:07
VBASE029.VDF : 7.11.54.69 2048 Bytes 18.12.2012 18:07:07
VBASE030.VDF : 7.11.54.70 2048 Bytes 18.12.2012 18:07:07
VBASE031.VDF : 7.11.54.114 161792 Bytes 20.12.2012 10:01:31
Engineversion : 8.2.10.222
AEVDF.DLL : 8.1.2.10 102772 Bytes 16.07.2012 17:55:35
AESCRIPT.DLL : 8.1.4.76 467324 Bytes 13.12.2012 17:50:55
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 17:50:54
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:28:18
AERDL.DLL : 8.2.0.74 643445 Bytes 09.11.2012 07:12:54
AEPACK.DLL : 8.3.1.0 819574 Bytes 13.12.2012 17:50:54
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 19:34:01
AEHEUR.DLL : 8.1.4.160 5624184 Bytes 06.12.2012 19:06:00
AEHELP.DLL : 8.1.25.2 258423 Bytes 13.10.2012 12:14:32
AEGEN.DLL : 8.1.6.12 434549 Bytes 13.12.2012 17:50:54
AEEXP.DLL : 8.3.0.0 184692 Bytes 13.12.2012 17:50:55
AEEMU.DLL : 8.1.3.2 393587 Bytes 16.07.2012 17:55:31
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 17:50:53
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 19:33:58
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.3.2 44904 Bytes 07.07.2011 16:18:18
AVREP.DLL : 10.0.0.10 174120 Bytes 17.05.2011 18:36:34
AVARKT.DLL : 10.0.26.1 255336 Bytes 07.07.2011 16:18:18
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 07.07.2011 16:18:18
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 07.07.2011 16:18:17
RCTEXT.DLL : 10.0.64.0 98664 Bytes 07.07.2011 16:18:17
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PFS,+SPR,
Beginn des Suchlaufs: Donnerstag, 20. Dezember 2012 14:35
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-1809649647-3722367740-903643459-1000\Software\ATI\ACE\Settings\Runtime\runtime graphics caste initialize loaddem proctime
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'SpotifyWebHelper.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'DriverBoost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'phonostarTimer.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVBg.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'MGSysCtrl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'rfx-server.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SymcPCCULaunchSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSIService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCSHelper.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '164' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'Q:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1321' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <BOOT>
C:\Users\Maik\AppData\Local\Mozilla\Firefox\Profiles\nrnhh2x1.default\Cache\4\FD\434CDd01
[FUND] Enthält Erkennungsmuster des Exploits EXP/JS.Expack.CO
C:\Users\Maik\AppData\Local\Temp\c2zyIZUY.exe.part
--> Object
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Maik\AppData\Local\Temp\M555BGpm.exe.part
--> Object
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!
Beginne mit der Suche in 'D:\' <Recover>
D:\MAIK-PC\Backup Set 2011-02-03 190929\Backup Files 2011-02-03 190929\Backup files 1.zip
[0] Archivtyp: ZIP
--> C/Users/Maik/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/14/34524d4e-1343c5b3
[1] Archivtyp: ZIP
--> vload.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/LoadClass.A
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.DU
--> C/Users/Maik/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/20/19e4c9d4-4769f30f
[1] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0842
--> C/Users/Maik/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/56bf0f5a-67eaba7f
[1] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.2009-3867
--> C/Users/Maik/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/26/77ca675a-25f35654
[1] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE.2009.3869.R
Beginne mit der Suche in 'Q:\'
Der zu durchsuchende Pfad Q:\ konnte nicht geöffnet werden!
Systemfehler [5]: Zugriff verweigert
Beginne mit der Desinfektion:
D:\MAIK-PC\Backup Set 2011-02-03 190929\Backup Files 2011-02-03 190929\Backup files 1.zip
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE.2009.3869.R
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54a79709.qua' verschoben!
C:\Users\Maik\AppData\Local\Mozilla\Firefox\Profiles\nrnhh2x1.default\Cache\4\FD\434CDd01
[FUND] Enthält Erkennungsmuster des Exploits EXP/JS.Expack.CO
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c01bf45.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 20. Dezember 2012 16:50
Benötigte Zeit: 2:11:45 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
33285 Verzeichnisse wurden überprüft
1405756 Dateien wurden geprüft
6 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1405750 Dateien ohne Befall
26736 Archive wurden durchsucht
4 Warnungen
3 Hinweise
613923 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
|
|
04.01.2013, 20:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EVU Trojaner - Bitte um Hilfe Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.01.2013, 09:38
| #5 |
| | EVU Trojaner - Bitte um Hilfe Erster Lauf: 1 Problem gefunden und behoben mbar-log-2013-01-04 (22-06-51).txt Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.04.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Maik :: MAIK-PC [administrator]
04.01.2013 22:06:51
mbar-log-2013-01-04 (22-06-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System |
Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29870
Time elapsed: 15 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Delete on
reboot.
(end)
Fehlerfrei mbar-log-2013-01-05 (02-08-43).txt Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.04.08
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Maik :: MAIK-PC [administrator]
05.01.2013 02:08:43
mbar-log-2013-01-05 (02-08-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29761
Time elapsed: 18 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
05.01.2013, 15:34
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EVU Trojaner - Bitte um Hilfe Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> EVU Trojaner - Bitte um Hilfe |
|
06.01.2013, 01:41
| #7 |
| | EVU Trojaner - Bitte um Hilfe combofix.txt Code:
ATTFilter ComboFix 13-01-05.01 - Maik 06.01.2013 1:17.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.2213 [GMT 1:00]
ausgeführt von:: c:\users\Maik\Desktop\gvu virus\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Maik\4.0
c:\users\Maik\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-06 bis 2013-01-06 ))))))))))))))))))))))))))))))
.
.
2013-01-06 00:26 . 2013-01-06 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 20:49 . 2013-01-04 20:49 -------- d-----w- c:\programdata\Malwarebytes
2012-12-13 17:56 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 18:09 . 2012-04-04 16:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 18:09 . 2011-05-15 16:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-06 19:11 . 2012-12-06 19:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-06 19:11 . 2012-06-10 18:03 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-06 19:11 . 2010-06-22 11:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-16 07:39 . 2012-11-28 18:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 17:57 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 17:57 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-12-06 19:16 . 2012-12-06 19:16 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-16 1521352]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-10-16 23:46 1521352 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Maik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Maik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Maik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phonostarTimer"="c:\program files\phonostar-Player\phonostarTimer.exe" [2011-06-20 40960]
"DriverBoost"="c:\program files\DriverBoost\DriverBoost\DriverBoost.exe" [2012-08-28 3516344]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"Spotify Web Helper"="c:\users\Maik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-10 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-08 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-06-22 2478080]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-06-08 1481320]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-16 1573576]
.
c:\users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Maik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:09]
.
2012-12-03 c:\windows\Tasks\DriverBoost-RTMRules.job
- c:\program files\DriverBoost\DriverBoost\DriverBoost.exe [2012-08-28 11:13]
.
2012-12-03 c:\windows\Tasks\DriverBoost-RTMScan.job
- c:\program files\DriverBoost\DriverBoost\DriverBoost.exe [2012-08-28 11:13]
.
2012-12-03 c:\windows\Tasks\DriverBoost-RTMUpdater.job
- c:\program files\DriverBoost\DriverBoost\DriverBoost.exe [2012-08-28 11:13]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 15:58]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 15:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{117206FD-4549-4CC5-AE35-EC2EDEE8F0E3}: NameServer = 212.23.97.2 212.23.97.3
TCP: Interfaces\{6E88D494-88B0-4797-939A-DA56D45D1123}: NameServer = 212.23.97.2 212.23.97.3
FF - ProfilePath - c:\users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/tb/mff_startpage_home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=BEBFF2D5-FE36-4172-A96D-D9C96E1BE139&apn_ptnrs=U3&apn_sauid=B7CD90B6-3B7C-41B7-AC10-A62972CFBFF0&apn_dtid=OSJ000YYDE&&q=
FF - ExtSQL: 2012-12-06 20:23; toolbar@ask.com; c:\users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\extensions\toolbar@ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1528)
c:\users\Maik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-06 01:39:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-06 00:39
.
Vor Suchlauf: 9 Verzeichnis(se), 138.082.160.640 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 138.904.612.864 Bytes frei
.
- - End Of File - - C46FF29C80B26B3D6D6D838A7F5FEAD0
|
|
06.01.2013, 02:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EVU Trojaner - Bitte um Hilfe 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2013, 11:21
| #9 |
| | EVU Trojaner - Bitte um Hilfe aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 10:54:31
-----------------------------
10:54:31.855 OS Version: Windows 6.1.7601 Service Pack 1
10:54:31.855 Number of processors: 2 586 0x603
10:54:31.855 ComputerName: MAIK-PC UserName: Maik
10:54:33.353 Initialize success
11:01:42.791 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
11:01:42.806 Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 11
11:01:42.806 Disk 0 MBR read successfully
11:01:42.822 Disk 0 MBR scan
11:01:42.822 Disk 0 unknown MBR code
11:01:42.822 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:01:42.837 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 263157 MB offset 206848
11:01:42.853 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 539152384
11:01:42.869 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 623038464
11:01:42.884 Disk 0 scanning sectors +625139712
11:01:42.931 Disk 0 scanning C:\Windows\system32\drivers
11:01:52.697 Service scanning
11:02:10.527 Modules scanning
11:02:20.433 Disk 0 trace - called modules:
11:02:20.449 ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys halmacpi.dll amdsata.sys
11:02:20.465 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862c39e0]
11:02:20.465 3 CLASSPNP.SYS[8b59859e] -> nt!IofCallDriver -> [0x8626f8b8]
11:02:20.480 5 amdxata.sys[8b1c86b3] -> nt!IofCallDriver -> \Device\00000059[0x8616bc68]
11:02:20.480 Scan finished successfully
11:11:38.010 Disk 0 MBR has been saved successfully to "C:\Users\Maik\Desktop\MBR.dat"
11:11:38.010 The log file has been saved successfully to "C:\Users\Maik\Desktop\aswMBR.txt"
Code:
ATTFilter 11:12:34.0997 3564 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:12:35.0013 3564 ============================================================
11:12:35.0013 3564 Current date / time: 2013/01/06 11:12:35.0013
11:12:35.0013 3564 SystemInfo:
11:12:35.0013 3564
11:12:35.0013 3564 OS Version: 6.1.7601 ServicePack: 1.0
11:12:35.0013 3564 Product type: Workstation
11:12:35.0013 3564 ComputerName: MAIK-PC
11:12:35.0013 3564 UserName: Maik
11:12:35.0013 3564 Windows directory: C:\Windows
11:12:35.0013 3564 System windows directory: C:\Windows
11:12:35.0013 3564 Processor architecture: Intel x86
11:12:35.0013 3564 Number of processors: 2
11:12:35.0013 3564 Page size: 0x1000
11:12:35.0013 3564 Boot type: Normal boot
11:12:35.0013 3564 ============================================================
11:12:35.0933 3564 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:12:35.0933 3564 Drive \Device\Harddisk1\DR2 - Size: 0xE858EE00 (3.63 Gb), SectorSize: 0x200, Cylinders: 0x1D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:12:35.0933 3564 ============================================================
11:12:35.0933 3564 \Device\Harddisk0\DR0:
11:12:35.0933 3564 MBR partitions:
11:12:35.0933 3564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:12:35.0933 3564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x201FA800
11:12:35.0933 3564 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2022D000, BlocksNum 0x5000000
11:12:35.0933 3564 \Device\Harddisk1\DR2:
11:12:35.0933 3564 MBR partitions:
11:12:35.0933 3564 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x73F25A
11:12:35.0933 3564 ============================================================
11:12:35.0964 3564 C: <-> \Device\Harddisk0\DR0\Partition2
11:12:36.0011 3564 D: <-> \Device\Harddisk0\DR0\Partition3
11:12:36.0027 3564 ============================================================
11:12:36.0027 3564 Initialize success
11:12:36.0027 3564 ============================================================
11:13:32.0733 2340 ============================================================
11:13:32.0733 2340 Scan started
11:13:32.0733 2340 Mode: Manual; SigCheck; TDLFS;
11:13:32.0733 2340 ============================================================
11:13:33.0123 2340 ================ Scan system memory ========================
11:13:33.0123 2340 System memory - ok
11:13:33.0139 2340 ================ Scan services =============================
11:13:33.0310 2340 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:13:33.0404 2340 1394ohci - ok
11:13:33.0451 2340 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:13:33.0482 2340 ACPI - ok
11:13:33.0497 2340 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:13:33.0529 2340 AcpiPmi - ok
11:13:33.0607 2340 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:13:33.0638 2340 AdobeFlashPlayerUpdateSvc - ok
11:13:33.0653 2340 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:13:33.0685 2340 adp94xx - ok
11:13:33.0716 2340 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:13:33.0731 2340 adpahci - ok
11:13:33.0763 2340 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:13:33.0778 2340 adpu320 - ok
11:13:33.0794 2340 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:13:33.0809 2340 AeLookupSvc - ok
11:13:33.0856 2340 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:13:33.0887 2340 AFD - ok
11:13:33.0919 2340 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:13:33.0934 2340 agp440 - ok
11:13:33.0950 2340 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:13:33.0965 2340 aic78xx - ok
11:13:33.0981 2340 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:13:34.0028 2340 ALG - ok
11:13:34.0043 2340 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:13:34.0059 2340 aliide - ok
11:13:34.0090 2340 [ A7406A311896BDDA7E382D206FD19DC7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:13:34.0121 2340 AMD External Events Utility - ok
11:13:34.0137 2340 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:13:34.0153 2340 amdagp - ok
11:13:34.0168 2340 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:13:34.0168 2340 amdide - ok
11:13:34.0199 2340 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:13:34.0231 2340 AmdK8 - ok
11:13:34.0387 2340 [ 88E064F0DDD48394EFE9368DC54A679B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:13:34.0496 2340 amdkmdag - ok
11:13:34.0511 2340 [ 744E88CDA1E8C46D2EE37319456405CB ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:13:34.0543 2340 amdkmdap - ok
11:13:34.0574 2340 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:13:34.0605 2340 AmdPPM - ok
11:13:34.0636 2340 [ AF8E6573058C7B88651E76B4426F9E05 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
11:13:34.0652 2340 amdsata - ok
11:13:34.0667 2340 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:13:34.0699 2340 amdsbs - ok
11:13:34.0714 2340 [ 1FB960FB68C75AAE203C50D6B8004C16 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
11:13:34.0714 2340 amdxata - ok
11:13:34.0792 2340 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:13:34.0823 2340 AntiVirSchedulerService - ok
11:13:34.0839 2340 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:13:34.0839 2340 AntiVirService - ok
11:13:34.0886 2340 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:13:34.0917 2340 AppID - ok
11:13:34.0933 2340 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:13:34.0979 2340 AppIDSvc - ok
11:13:35.0011 2340 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
11:13:35.0089 2340 Appinfo - ok
11:13:35.0167 2340 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:13:35.0198 2340 arc - ok
11:13:35.0213 2340 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:13:35.0229 2340 arcsas - ok
11:13:35.0245 2340 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:13:35.0260 2340 AsyncMac - ok
11:13:35.0307 2340 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:13:35.0338 2340 atapi - ok
11:13:35.0354 2340 [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
11:13:35.0369 2340 AtiHdmiService - ok
11:13:35.0385 2340 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
11:13:35.0401 2340 AtiPcie - ok
11:13:35.0447 2340 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:13:35.0494 2340 AudioEndpointBuilder - ok
11:13:35.0494 2340 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:13:35.0525 2340 Audiosrv - ok
11:13:35.0557 2340 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:13:35.0572 2340 avgntflt - ok
11:13:35.0603 2340 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:13:35.0619 2340 avipbb - ok
11:13:35.0650 2340 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:13:35.0697 2340 AxInstSV - ok
11:13:35.0744 2340 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:13:35.0775 2340 b06bdrv - ok
11:13:35.0806 2340 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:13:35.0822 2340 b57nd60x - ok
11:13:35.0884 2340 [ 483F1162EEEBD10BF77FBB32DB963370 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
11:13:35.0915 2340 BBSvc - ok
11:13:35.0962 2340 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
11:13:35.0978 2340 BBUpdate - ok
11:13:35.0993 2340 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:13:36.0056 2340 BDESVC - ok
11:13:36.0071 2340 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:13:36.0118 2340 Beep - ok
11:13:36.0165 2340 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
11:13:36.0212 2340 BFE - ok
11:13:36.0274 2340 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
11:13:36.0337 2340 BITS - ok
11:13:36.0352 2340 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:13:36.0383 2340 blbdrive - ok
11:13:36.0415 2340 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:13:36.0461 2340 bowser - ok
11:13:36.0477 2340 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:13:36.0524 2340 BrFiltLo - ok
11:13:36.0539 2340 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:13:36.0571 2340 BrFiltUp - ok
11:13:36.0602 2340 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:13:36.0633 2340 BridgeMP - ok
11:13:36.0664 2340 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:13:36.0680 2340 Browser - ok
11:13:36.0695 2340 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:13:36.0742 2340 Brserid - ok
11:13:36.0758 2340 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:13:36.0805 2340 BrSerWdm - ok
11:13:36.0820 2340 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:13:36.0851 2340 BrUsbMdm - ok
11:13:36.0883 2340 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:13:36.0914 2340 BrUsbSer - ok
11:13:36.0945 2340 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:13:36.0961 2340 BTHMODEM - ok
11:13:36.0976 2340 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:13:37.0007 2340 bthserv - ok
11:13:37.0101 2340 catchme - ok
11:13:37.0117 2340 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:13:37.0179 2340 cdfs - ok
11:13:37.0210 2340 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:13:37.0257 2340 cdrom - ok
11:13:37.0304 2340 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:13:37.0382 2340 CertPropSvc - ok
11:13:37.0397 2340 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:13:37.0413 2340 circlass - ok
11:13:37.0444 2340 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:13:37.0460 2340 CLFS - ok
11:13:37.0522 2340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:13:37.0569 2340 clr_optimization_v2.0.50727_32 - ok
11:13:37.0600 2340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:13:37.0616 2340 clr_optimization_v4.0.30319_32 - ok
11:13:37.0631 2340 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:13:37.0647 2340 CmBatt - ok
11:13:37.0694 2340 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:13:37.0694 2340 cmdide - ok
11:13:37.0741 2340 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
11:13:37.0772 2340 CNG - ok
11:13:37.0803 2340 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:13:37.0803 2340 Compbatt - ok
11:13:37.0819 2340 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:13:37.0850 2340 CompositeBus - ok
11:13:37.0850 2340 COMSysApp - ok
11:13:37.0881 2340 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:13:37.0897 2340 crcdisk - ok
11:13:37.0928 2340 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:13:37.0943 2340 CryptSvc - ok
11:13:38.0037 2340 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:13:38.0084 2340 cvhsvc - ok
11:13:38.0115 2340 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:13:38.0146 2340 DcomLaunch - ok
11:13:38.0240 2340 [ 3B604417EBAE4E1E66E6ABD8CC55FD76 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
11:13:38.0287 2340 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
11:13:38.0287 2340 DCService.exe - detected UnsignedFile.Multi.Generic (1)
11:13:38.0318 2340 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:13:38.0380 2340 defragsvc - ok
11:13:38.0411 2340 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:13:38.0458 2340 DfsC - ok
11:13:38.0536 2340 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:13:38.0583 2340 Dhcp - ok
11:13:38.0630 2340 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:13:38.0708 2340 discache - ok
11:13:38.0739 2340 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:13:38.0739 2340 Disk - ok
11:13:38.0786 2340 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:13:38.0833 2340 Dnscache - ok
11:13:38.0864 2340 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
11:13:38.0957 2340 dot3svc - ok
11:13:38.0973 2340 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:13:39.0020 2340 DPS - ok
11:13:39.0051 2340 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:13:39.0082 2340 drmkaud - ok
11:13:39.0129 2340 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:13:39.0145 2340 DXGKrnl - ok
11:13:39.0176 2340 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:13:39.0207 2340 EapHost - ok
11:13:39.0301 2340 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:13:39.0379 2340 ebdrv - ok
11:13:39.0410 2340 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
11:13:39.0441 2340 EFS - ok
11:13:39.0519 2340 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:13:39.0613 2340 ehRecvr - ok
11:13:39.0644 2340 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:13:39.0675 2340 ehSched - ok
11:13:39.0706 2340 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:13:39.0722 2340 elxstor - ok
11:13:39.0737 2340 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:13:39.0753 2340 ErrDev - ok
11:13:39.0800 2340 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:13:39.0831 2340 EventSystem - ok
11:13:39.0862 2340 [ 95BCB4321962028799EB2EA53319BB0C ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
11:13:39.0909 2340 ewusbnet - ok
11:13:39.0940 2340 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:13:39.0971 2340 ew_hwusbdev - ok
11:13:39.0987 2340 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:13:40.0049 2340 exfat - ok
11:13:40.0065 2340 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:13:40.0096 2340 fastfat - ok
11:13:40.0143 2340 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:13:40.0205 2340 Fax - ok
11:13:40.0237 2340 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:13:40.0252 2340 fdc - ok
11:13:40.0283 2340 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:13:40.0315 2340 fdPHost - ok
11:13:40.0330 2340 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:13:40.0377 2340 FDResPub - ok
11:13:40.0408 2340 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:13:40.0424 2340 FileInfo - ok
11:13:40.0439 2340 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:13:40.0471 2340 Filetrace - ok
11:13:40.0502 2340 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:13:40.0517 2340 flpydisk - ok
11:13:40.0549 2340 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:13:40.0564 2340 FltMgr - ok
11:13:40.0627 2340 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
11:13:40.0673 2340 FontCache - ok
11:13:40.0736 2340 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:13:40.0767 2340 FontCache3.0.0.0 - ok
11:13:40.0798 2340 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:13:40.0829 2340 FsDepends - ok
11:13:40.0861 2340 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:13:40.0876 2340 Fs_Rec - ok
11:13:40.0907 2340 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:13:40.0954 2340 fvevol - ok
11:13:40.0985 2340 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:13:41.0001 2340 gagp30kx - ok
11:13:41.0063 2340 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:13:41.0126 2340 gpsvc - ok
11:13:41.0235 2340 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:13:41.0251 2340 gupdate - ok
11:13:41.0251 2340 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:13:41.0266 2340 gupdatem - ok
11:13:41.0313 2340 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:13:41.0360 2340 gusvc - ok
11:13:41.0391 2340 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:13:41.0422 2340 hcw85cir - ok
11:13:41.0453 2340 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:13:41.0500 2340 HdAudAddService - ok
11:13:41.0531 2340 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:13:41.0547 2340 HDAudBus - ok
11:13:41.0563 2340 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:13:41.0594 2340 HidBatt - ok
11:13:41.0625 2340 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:13:41.0656 2340 HidBth - ok
11:13:41.0687 2340 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:13:41.0703 2340 HidIr - ok
11:13:41.0719 2340 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
11:13:41.0765 2340 hidserv - ok
11:13:41.0781 2340 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:13:41.0797 2340 HidUsb - ok
11:13:41.0828 2340 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:13:41.0859 2340 hkmsvc - ok
11:13:41.0906 2340 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:13:41.0921 2340 HomeGroupListener - ok
11:13:41.0953 2340 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:13:42.0015 2340 HomeGroupProvider - ok
11:13:42.0046 2340 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:13:42.0062 2340 HpSAMD - ok
11:13:42.0124 2340 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:13:42.0171 2340 HTTP - ok
11:13:42.0202 2340 [ 92548543D50C9BCCDB31FFB7EC39249D ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:13:42.0218 2340 huawei_enumerator - ok
11:13:42.0280 2340 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:13:42.0327 2340 hwdatacard - ok
11:13:42.0358 2340 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:13:42.0389 2340 hwpolicy - ok
11:13:42.0436 2340 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:13:42.0483 2340 i8042prt - ok
11:13:42.0514 2340 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:13:42.0561 2340 iaStorV - ok
11:13:42.0639 2340 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:13:42.0701 2340 idsvc - ok
11:13:42.0717 2340 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:13:42.0733 2340 iirsp - ok
11:13:42.0795 2340 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
11:13:42.0857 2340 IKEEXT - ok
11:13:42.0951 2340 [ 5A4AAD2240CB8B50FFEAEDB2BF747ABD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:13:43.0045 2340 IntcAzAudAddService - ok
11:13:43.0060 2340 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:13:43.0076 2340 intelide - ok
11:13:43.0107 2340 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:13:43.0107 2340 intelppm - ok
11:13:43.0138 2340 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:13:43.0185 2340 IPBusEnum - ok
11:13:43.0216 2340 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:13:43.0263 2340 IpFilterDriver - ok
11:13:43.0310 2340 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:13:43.0341 2340 iphlpsvc - ok
11:13:43.0388 2340 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:13:43.0435 2340 IPMIDRV - ok
11:13:43.0466 2340 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:13:43.0497 2340 IPNAT - ok
11:13:43.0497 2340 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:13:43.0513 2340 IRENUM - ok
11:13:43.0528 2340 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:13:43.0544 2340 isapnp - ok
11:13:43.0575 2340 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:13:43.0622 2340 iScsiPrt - ok
11:13:43.0637 2340 [ 858CE8CCD0FA4845AEB1A9C89EC3A0F2 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
11:13:43.0653 2340 JMCR - ok
11:13:43.0669 2340 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:13:43.0684 2340 kbdclass - ok
11:13:43.0700 2340 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:13:43.0731 2340 kbdhid - ok
11:13:43.0747 2340 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
11:13:43.0762 2340 KeyIso - ok
11:13:43.0793 2340 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:13:43.0825 2340 KSecDD - ok
11:13:43.0840 2340 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:13:43.0856 2340 KSecPkg - ok
11:13:43.0871 2340 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:13:43.0934 2340 KtmRm - ok
11:13:43.0949 2340 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
11:13:44.0012 2340 LanmanServer - ok
11:13:44.0043 2340 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:13:44.0090 2340 LanmanWorkstation - ok
11:13:44.0121 2340 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:13:44.0183 2340 lltdio - ok
11:13:44.0215 2340 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:13:44.0293 2340 lltdsvc - ok
11:13:44.0324 2340 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:13:44.0339 2340 lmhosts - ok
11:13:44.0371 2340 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:13:44.0386 2340 LSI_FC - ok
11:13:44.0402 2340 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:13:44.0417 2340 LSI_SAS - ok
11:13:44.0449 2340 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:13:44.0449 2340 LSI_SAS2 - ok
11:13:44.0480 2340 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:13:44.0495 2340 LSI_SCSI - ok
11:13:44.0511 2340 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:13:44.0542 2340 luafv - ok
11:13:44.0636 2340 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
11:13:44.0667 2340 McComponentHostService - ok
11:13:44.0714 2340 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:13:44.0729 2340 Mcx2Svc - ok
11:13:44.0745 2340 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:13:44.0761 2340 megasas - ok
11:13:44.0776 2340 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:13:44.0792 2340 MegaSR - ok
11:13:44.0823 2340 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files\System Control Manager\MSIService.exe
11:13:44.0823 2340 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
11:13:44.0823 2340 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
11:13:44.0854 2340 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:13:44.0885 2340 MMCSS - ok
11:13:44.0901 2340 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:13:44.0948 2340 Modem - ok
11:13:44.0979 2340 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:13:45.0010 2340 monitor - ok
11:13:45.0041 2340 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:13:45.0057 2340 mouclass - ok
11:13:45.0073 2340 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:13:45.0088 2340 mouhid - ok
11:13:45.0119 2340 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:13:45.0135 2340 mountmgr - ok
11:13:45.0182 2340 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:13:45.0229 2340 MozillaMaintenance - ok
11:13:45.0244 2340 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
11:13:45.0260 2340 mpio - ok
11:13:45.0275 2340 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:13:45.0307 2340 mpsdrv - ok
11:13:45.0353 2340 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:13:45.0416 2340 MpsSvc - ok
11:13:45.0447 2340 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:13:45.0463 2340 MRxDAV - ok
11:13:45.0509 2340 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:13:45.0525 2340 mrxsmb - ok
11:13:45.0572 2340 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:13:45.0619 2340 mrxsmb10 - ok
11:13:45.0650 2340 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:13:45.0681 2340 mrxsmb20 - ok
11:13:45.0697 2340 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:13:45.0712 2340 msahci - ok
11:13:45.0759 2340 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:13:45.0775 2340 msdsm - ok
11:13:45.0790 2340 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:13:45.0837 2340 MSDTC - ok
11:13:45.0868 2340 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:13:45.0899 2340 Msfs - ok
11:13:45.0899 2340 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:13:45.0946 2340 mshidkmdf - ok
11:13:45.0977 2340 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:13:45.0977 2340 msisadrv - ok
11:13:46.0009 2340 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:13:46.0055 2340 MSiSCSI - ok
11:13:46.0055 2340 msiserver - ok
11:13:46.0087 2340 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:13:46.0149 2340 MSKSSRV - ok
11:13:46.0180 2340 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:13:46.0243 2340 MSPCLOCK - ok
11:13:46.0258 2340 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:13:46.0289 2340 MSPQM - ok
11:13:46.0305 2340 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:13:46.0321 2340 MsRPC - ok
11:13:46.0352 2340 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:13:46.0367 2340 mssmbios - ok
11:13:46.0383 2340 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:13:46.0414 2340 MSTEE - ok
11:13:46.0430 2340 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:13:46.0445 2340 MTConfig - ok
11:13:46.0461 2340 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:13:46.0477 2340 Mup - ok
11:13:46.0523 2340 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:13:46.0555 2340 napagent - ok
11:13:46.0570 2340 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:13:46.0586 2340 NativeWifiP - ok
11:13:46.0633 2340 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:13:46.0695 2340 NDIS - ok
11:13:46.0726 2340 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:13:46.0757 2340 NdisCap - ok
11:13:46.0773 2340 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:13:46.0851 2340 NdisTapi - ok
11:13:46.0867 2340 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:13:46.0913 2340 Ndisuio - ok
11:13:46.0945 2340 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:13:47.0007 2340 NdisWan - ok
11:13:47.0023 2340 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:13:47.0054 2340 NDProxy - ok
11:13:47.0069 2340 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:13:47.0116 2340 NetBIOS - ok
11:13:47.0147 2340 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:13:47.0194 2340 NetBT - ok
11:13:47.0210 2340 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
11:13:47.0225 2340 Netlogon - ok
11:13:47.0241 2340 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:13:47.0288 2340 Netman - ok
11:13:47.0303 2340 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:13:47.0335 2340 netprofm - ok
11:13:47.0366 2340 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:13:47.0397 2340 NetTcpPortSharing - ok
11:13:47.0413 2340 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:13:47.0428 2340 nfrd960 - ok
11:13:47.0475 2340 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:13:47.0506 2340 NlaSvc - ok
11:13:47.0569 2340 Norton PC Checkup Application Launcher - ok
11:13:47.0584 2340 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:13:47.0631 2340 Npfs - ok
11:13:47.0647 2340 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:13:47.0678 2340 nsi - ok
11:13:47.0693 2340 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:13:47.0756 2340 nsiproxy - ok
11:13:47.0818 2340 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:13:47.0881 2340 Ntfs - ok
11:13:47.0896 2340 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:13:47.0927 2340 Null - ok
11:13:47.0959 2340 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:13:47.0990 2340 nvraid - ok
11:13:48.0021 2340 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:13:48.0037 2340 nvstor - ok
11:13:48.0052 2340 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:13:48.0052 2340 nv_agp - ok
11:13:48.0083 2340 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:13:48.0130 2340 ohci1394 - ok
11:13:48.0161 2340 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:13:48.0193 2340 ose - ok
11:13:48.0333 2340 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:13:48.0442 2340 osppsvc - ok
11:13:48.0473 2340 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:13:48.0520 2340 p2pimsvc - ok
11:13:48.0551 2340 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:13:48.0567 2340 p2psvc - ok
11:13:48.0598 2340 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:13:48.0629 2340 Parport - ok
11:13:48.0676 2340 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:13:48.0707 2340 partmgr - ok
11:13:48.0723 2340 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:13:48.0754 2340 Parvdm - ok
11:13:48.0770 2340 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:13:48.0801 2340 PcaSvc - ok
11:13:48.0817 2340 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
11:13:48.0832 2340 pci - ok
11:13:48.0863 2340 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:13:48.0879 2340 pciide - ok
11:13:48.0895 2340 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:13:48.0910 2340 pcmcia - ok
11:13:48.0941 2340 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:13:48.0941 2340 pcw - ok
11:13:48.0973 2340 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:13:49.0019 2340 PEAUTH - ok
11:13:49.0113 2340 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
11:13:49.0191 2340 pla - ok
11:13:49.0269 2340 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:13:49.0300 2340 PlugPlay - ok
11:13:49.0316 2340 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:13:49.0347 2340 PNRPAutoReg - ok
11:13:49.0378 2340 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:13:49.0394 2340 PNRPsvc - ok
11:13:49.0441 2340 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:13:49.0503 2340 PolicyAgent - ok
11:13:49.0519 2340 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
11:13:49.0550 2340 Power - ok
11:13:49.0581 2340 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:13:49.0628 2340 PptpMiniport - ok
11:13:49.0659 2340 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:13:49.0690 2340 Processor - ok
11:13:49.0721 2340 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
11:13:49.0753 2340 ProfSvc - ok
11:13:49.0768 2340 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:13:49.0784 2340 ProtectedStorage - ok
11:13:49.0799 2340 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:13:49.0815 2340 Psched - ok
11:13:49.0846 2340 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
11:13:49.0877 2340 PSI_SVC_2 - ok
11:13:49.0924 2340 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:13:49.0971 2340 ql2300 - ok
11:13:50.0002 2340 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:13:50.0018 2340 ql40xx - ok
11:13:50.0049 2340 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:13:50.0065 2340 QWAVE - ok
11:13:50.0080 2340 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:13:50.0096 2340 QWAVEdrv - ok
11:13:50.0221 2340 [ B40AA9BE30D62B288DBF4AAA83FB2A49 ] Radio.fx C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
11:13:50.0299 2340 Radio.fx - ok
11:13:50.0314 2340 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:13:50.0361 2340 RasAcd - ok
11:13:50.0392 2340 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:13:50.0455 2340 RasAgileVpn - ok
11:13:50.0486 2340 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:13:50.0517 2340 RasAuto - ok
11:13:50.0533 2340 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:13:50.0579 2340 Rasl2tp - ok
11:13:50.0611 2340 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:13:50.0657 2340 RasMan - ok
11:13:50.0673 2340 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:13:50.0704 2340 RasPppoe - ok
11:13:50.0720 2340 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:13:50.0751 2340 RasSstp - ok
11:13:50.0782 2340 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:13:50.0829 2340 rdbss - ok
11:13:50.0860 2340 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:13:50.0876 2340 rdpbus - ok
11:13:50.0907 2340 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:13:50.0969 2340 RDPCDD - ok
11:13:51.0016 2340 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:13:51.0032 2340 RDPENCDD - ok
11:13:51.0047 2340 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:13:51.0063 2340 RDPREFMP - ok
11:13:51.0110 2340 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:13:51.0141 2340 RDPWD - ok
11:13:51.0188 2340 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:13:51.0219 2340 rdyboost - ok
11:13:51.0250 2340 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:13:51.0297 2340 RemoteAccess - ok
11:13:51.0344 2340 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:13:51.0406 2340 RemoteRegistry - ok
11:13:51.0422 2340 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:13:51.0453 2340 RpcEptMapper - ok
11:13:51.0453 2340 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:13:51.0500 2340 RpcLocator - ok
11:13:51.0515 2340 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
11:13:51.0547 2340 RpcSs - ok
11:13:51.0578 2340 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:13:51.0593 2340 rspndr - ok
11:13:51.0625 2340 [ E38B785802C666782D2880738D01AC10 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
11:13:51.0640 2340 RTHDMIAzAudService - ok
11:13:51.0687 2340 [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
11:13:51.0718 2340 RTL8167 - ok
11:13:51.0765 2340 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
11:13:51.0796 2340 rtl8192se - ok
11:13:51.0812 2340 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
11:13:51.0812 2340 SamSs - ok
11:13:51.0859 2340 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:13:51.0874 2340 sbp2port - ok
11:13:51.0890 2340 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:13:51.0937 2340 SCardSvr - ok
11:13:51.0937 2340 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:13:51.0968 2340 scfilter - ok
11:13:52.0030 2340 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:13:52.0077 2340 Schedule - ok
11:13:52.0093 2340 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:13:52.0108 2340 SCPolicySvc - ok
11:13:52.0124 2340 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:13:52.0155 2340 sdbus - ok
11:13:52.0202 2340 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:13:52.0233 2340 SDRSVC - ok
11:13:52.0249 2340 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:13:52.0295 2340 secdrv - ok
11:13:52.0342 2340 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:13:52.0405 2340 seclogon - ok
11:13:52.0436 2340 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
11:13:52.0467 2340 SENS - ok
11:13:52.0467 2340 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:13:52.0483 2340 SensrSvc - ok
11:13:52.0514 2340 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:13:52.0561 2340 Serenum - ok
11:13:52.0592 2340 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:13:52.0639 2340 Serial - ok
11:13:52.0654 2340 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:13:52.0670 2340 sermouse - ok
11:13:52.0717 2340 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:13:52.0779 2340 SessionEnv - ok
11:13:52.0810 2340 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:13:52.0841 2340 sffdisk - ok
11:13:52.0857 2340 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:13:52.0873 2340 sffp_mmc - ok
11:13:52.0888 2340 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:13:52.0904 2340 sffp_sd - ok
11:13:52.0935 2340 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:13:52.0966 2340 sfloppy - ok
11:13:53.0013 2340 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:13:53.0044 2340 Sftfs - ok
11:13:53.0107 2340 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
11:13:53.0138 2340 sftlist - ok
11:13:53.0153 2340 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:13:53.0169 2340 Sftplay - ok
11:13:53.0169 2340 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:13:53.0185 2340 Sftredir - ok
11:13:53.0200 2340 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:13:53.0200 2340 Sftvol - ok
11:13:53.0231 2340 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
11:13:53.0247 2340 sftvsa - ok
11:13:53.0278 2340 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:13:53.0325 2340 SharedAccess - ok
11:13:53.0387 2340 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:13:53.0434 2340 ShellHWDetection - ok
11:13:53.0465 2340 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:13:53.0465 2340 sisagp - ok
11:13:53.0497 2340 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:13:53.0512 2340 SiSRaid2 - ok
11:13:53.0528 2340 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:13:53.0543 2340 SiSRaid4 - ok
11:13:53.0606 2340 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:13:53.0637 2340 SkypeUpdate - ok
11:13:53.0653 2340 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:13:53.0684 2340 Smb - ok
11:13:53.0715 2340 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:13:53.0731 2340 SNMPTRAP - ok
11:13:53.0746 2340 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:13:53.0762 2340 spldr - ok
11:13:53.0809 2340 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
11:13:53.0824 2340 Spooler - ok
11:13:53.0918 2340 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:13:53.0996 2340 sppsvc - ok
11:13:54.0027 2340 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:13:54.0058 2340 sppuinotify - ok
11:13:54.0105 2340 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:13:54.0152 2340 srv - ok
11:13:54.0199 2340 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:13:54.0261 2340 srv2 - ok
11:13:54.0277 2340 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:13:54.0292 2340 srvnet - ok
11:13:54.0339 2340 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
11:13:54.0386 2340 ssadbus - ok
11:13:54.0401 2340 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:13:54.0417 2340 ssadmdfl - ok
11:13:54.0433 2340 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
11:13:54.0448 2340 ssadmdm - ok
11:13:54.0479 2340 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:13:54.0511 2340 SSDPSRV - ok
11:13:54.0542 2340 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
11:13:54.0542 2340 ssmdrv - ok
11:13:54.0557 2340 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:13:54.0589 2340 SstpSvc - ok
11:13:54.0620 2340 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:13:54.0620 2340 stexstor - ok
11:13:54.0667 2340 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:13:54.0698 2340 StiSvc - ok
11:13:54.0745 2340 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
11:13:54.0776 2340 swenum - ok
11:13:54.0791 2340 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:13:54.0823 2340 swprv - ok
11:13:54.0838 2340 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:13:54.0854 2340 SynTP - ok
11:13:54.0916 2340 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:13:54.0947 2340 SysMain - ok
11:13:54.0994 2340 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:13:55.0041 2340 TabletInputService - ok
11:13:55.0088 2340 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:13:55.0135 2340 TapiSrv - ok
11:13:55.0166 2340 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:13:55.0197 2340 TBS - ok
11:13:55.0259 2340 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:13:55.0337 2340 Tcpip - ok
11:13:55.0369 2340 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:13:55.0400 2340 TCPIP6 - ok
11:13:55.0415 2340 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:13:55.0462 2340 tcpipreg - ok
11:13:55.0493 2340 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:13:55.0525 2340 TDPIPE - ok
11:13:55.0571 2340 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:13:55.0603 2340 TDTCP - ok
11:13:55.0634 2340 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:13:55.0681 2340 tdx - ok
11:13:55.0696 2340 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:13:55.0712 2340 TermDD - ok
11:13:55.0759 2340 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
11:13:55.0790 2340 TermService - ok
11:13:55.0821 2340 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:13:55.0852 2340 Themes - ok
11:13:55.0883 2340 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:13:55.0915 2340 THREADORDER - ok
11:13:55.0915 2340 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:13:55.0961 2340 TrkWks - ok
11:13:56.0024 2340 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:13:56.0102 2340 TrustedInstaller - ok
11:13:56.0133 2340 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:13:56.0164 2340 tssecsrv - ok
11:13:56.0195 2340 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:13:56.0211 2340 TsUsbFlt - ok
11:13:56.0258 2340 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:13:56.0305 2340 tunnel - ok
11:13:56.0336 2340 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:13:56.0351 2340 uagp35 - ok
11:13:56.0398 2340 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:13:56.0461 2340 udfs - ok
11:13:56.0492 2340 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:13:56.0539 2340 UI0Detect - ok
11:13:56.0570 2340 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:13:56.0585 2340 uliagpkx - ok
11:13:56.0601 2340 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
11:13:56.0617 2340 umbus - ok
11:13:56.0632 2340 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:13:56.0663 2340 UmPass - ok
11:13:56.0695 2340 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:13:56.0741 2340 upnphost - ok
11:13:56.0757 2340 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:13:56.0773 2340 usbccgp - ok
11:13:56.0819 2340 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:13:56.0866 2340 usbcir - ok
11:13:56.0897 2340 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:13:56.0913 2340 usbehci - ok
11:13:56.0929 2340 [ E5B14557793164DB879EE56F5B59C3E2 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:13:56.0944 2340 usbfilter - ok
11:13:56.0960 2340 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:13:56.0991 2340 usbhub - ok
11:13:57.0007 2340 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:13:57.0053 2340 usbohci - ok
11:13:57.0085 2340 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:13:57.0116 2340 usbprint - ok
11:13:57.0131 2340 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:13:57.0163 2340 USBSTOR - ok
11:13:57.0178 2340 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:13:57.0225 2340 usbuhci - ok
11:13:57.0241 2340 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:13:57.0256 2340 usbvideo - ok
11:13:57.0287 2340 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:13:57.0303 2340 UxSms - ok
11:13:57.0319 2340 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
11:13:57.0334 2340 VaultSvc - ok
11:13:57.0334 2340 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:13:57.0350 2340 vdrvroot - ok
11:13:57.0412 2340 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:13:57.0506 2340 vds - ok
11:13:57.0537 2340 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:13:57.0553 2340 vga - ok
11:13:57.0553 2340 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:13:57.0584 2340 VgaSave - ok
11:13:57.0631 2340 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:13:57.0662 2340 vhdmp - ok
11:13:57.0677 2340 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:13:57.0693 2340 viaagp - ok
11:13:57.0709 2340 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:13:57.0724 2340 ViaC7 - ok
11:13:57.0771 2340 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:13:57.0787 2340 viaide - ok
11:13:57.0802 2340 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:13:57.0818 2340 volmgr - ok
11:13:57.0833 2340 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:13:57.0849 2340 volmgrx - ok
11:13:57.0865 2340 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:13:57.0880 2340 volsnap - ok
11:13:57.0911 2340 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:13:57.0927 2340 vsmraid - ok
11:13:57.0974 2340 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:13:58.0021 2340 VSS - ok
11:13:58.0036 2340 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:13:58.0067 2340 vwifibus - ok
11:13:58.0083 2340 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:13:58.0099 2340 vwififlt - ok
11:13:58.0130 2340 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:13:58.0161 2340 W32Time - ok
11:13:58.0177 2340 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:13:58.0208 2340 WacomPen - ok
11:13:58.0239 2340 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:13:58.0286 2340 WANARP - ok
11:13:58.0301 2340 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:13:58.0317 2340 Wanarpv6 - ok
11:13:58.0395 2340 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:13:58.0473 2340 WatAdminSvc - ok
11:13:58.0520 2340 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
11:13:58.0598 2340 wbengine - ok
11:13:58.0613 2340 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:13:58.0660 2340 WbioSrvc - ok
11:13:58.0707 2340 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:13:58.0769 2340 wcncsvc - ok
11:13:58.0785 2340 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:13:58.0816 2340 WcsPlugInService - ok
11:13:58.0863 2340 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:13:58.0879 2340 Wd - ok
11:13:58.0941 2340 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:13:58.0957 2340 Wdf01000 - ok
11:13:58.0972 2340 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:13:58.0988 2340 WdiServiceHost - ok
11:13:58.0988 2340 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:13:59.0019 2340 WdiSystemHost - ok
11:13:59.0050 2340 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
11:13:59.0097 2340 WebClient - ok
11:13:59.0128 2340 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:13:59.0159 2340 Wecsvc - ok
11:13:59.0175 2340 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:13:59.0222 2340 wercplsupport - ok
11:13:59.0253 2340 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:13:59.0269 2340 WerSvc - ok
11:13:59.0300 2340 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:13:59.0331 2340 WfpLwf - ok
11:13:59.0331 2340 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:13:59.0347 2340 WIMMount - ok
11:13:59.0393 2340 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:13:59.0425 2340 WinDefend - ok
11:13:59.0440 2340 WinHttpAutoProxySvc - ok
11:13:59.0487 2340 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:13:59.0549 2340 Winmgmt - ok
11:13:59.0596 2340 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
11:13:59.0659 2340 WinRM - ok
11:13:59.0721 2340 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:13:59.0737 2340 WinUsb - ok
11:13:59.0799 2340 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:13:59.0861 2340 Wlansvc - ok
11:13:59.0893 2340 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:13:59.0939 2340 WmiAcpi - ok
11:13:59.0986 2340 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:14:00.0033 2340 wmiApSrv - ok
11:14:00.0127 2340 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:14:00.0158 2340 WMPNetworkSvc - ok
11:14:00.0189 2340 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:14:00.0205 2340 WPCSvc - ok
11:14:00.0251 2340 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:14:00.0283 2340 WPDBusEnum - ok
11:14:00.0314 2340 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:14:00.0361 2340 ws2ifsl - ok
11:14:00.0376 2340 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
11:14:00.0407 2340 wscsvc - ok
11:14:00.0407 2340 WSearch - ok
11:14:00.0470 2340 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:14:00.0532 2340 wuauserv - ok
11:14:00.0579 2340 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:14:00.0595 2340 WudfPf - ok
11:14:00.0626 2340 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:14:00.0657 2340 WUDFRd - ok
11:14:00.0673 2340 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:14:00.0688 2340 wudfsvc - ok
11:14:00.0719 2340 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:14:00.0751 2340 WwanSvc - ok
11:14:00.0766 2340 ================ Scan global ===============================
11:14:00.0829 2340 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:14:00.0875 2340 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:14:00.0891 2340 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
11:14:00.0907 2340 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:14:00.0922 2340 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:14:00.0938 2340 [Global] - ok
11:14:00.0938 2340 ================ Scan MBR ==================================
11:14:00.0938 2340 [ 2E0FE7FC299470E30383716B164CF901 ] \Device\Harddisk0\DR0
11:14:04.0089 2340 \Device\Harddisk0\DR0 - ok
11:14:04.0089 2340 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
11:14:10.0204 2340 \Device\Harddisk1\DR2 - ok
11:14:10.0204 2340 ================ Scan VBR ==================================
11:14:10.0204 2340 [ D51E3885486D3F793FC796685F9AFC79 ] \Device\Harddisk0\DR0\Partition1
11:14:10.0204 2340 \Device\Harddisk0\DR0\Partition1 - ok
11:14:10.0235 2340 [ 15C1F1574BA8C96D6717B9AB4AABB176 ] \Device\Harddisk0\DR0\Partition2
11:14:10.0235 2340 \Device\Harddisk0\DR0\Partition2 - ok
11:14:10.0251 2340 [ 61375CEDF3F16A0F785B2177108CDCAE ] \Device\Harddisk0\DR0\Partition3
11:14:10.0251 2340 \Device\Harddisk0\DR0\Partition3 - ok
11:14:10.0267 2340 [ 3EFA25C87DFDAC0B3AA28D434176E444 ] \Device\Harddisk1\DR2\Partition1
11:14:10.0267 2340 \Device\Harddisk1\DR2\Partition1 - ok
11:14:10.0267 2340 ============================================================
11:14:10.0267 2340 Scan finished
11:14:10.0267 2340 ============================================================
11:14:10.0282 2932 Detected object count: 2
11:14:10.0282 2932 Actual detected object count: 2
11:14:27.0427 2932 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:27.0427 2932 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:14:27.0427 2932 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
11:14:27.0427 2932 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.01.2013, 16:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EVU Trojaner - Bitte um Hilfe adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2013, 16:19
| #11 |
| | EVU Trojaner - Bitte um HilfeCode:
ATTFilter # AdwCleaner v2.104 - Datei am 06/01/2013 um 16:18:24 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Maik - MAIK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Maik\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\Users\Maik\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\prefs.js
Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
-\\ Opera v12.11.1661.0
Datei : C:\Users\Maik\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [7391 octets] - [06/01/2013 16:18:24]
########## EOF - C:\AdwCleaner[R1].txt - [7451 octets] ##########
|
|
06.01.2013, 16:56
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EVU Trojaner - Bitte um Hilfe adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2013, 17:19
| #13 |
| | EVU Trojaner - Bitte um Hilfe AdwCleaner Code:
ATTFilter # AdwCleaner v2.104 - Datei am 06/01/2013 um 17:02:00 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Maik - MAIK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Maik\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Maik\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Maik\AppData\Roaming\Mozilla\Firefox\Profiles\nrnhh2x1.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
-\\ Opera v12.11.1661.0
Datei : C:\Users\Maik\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [7520 octets] - [06/01/2013 16:18:24]
AdwCleaner[R2].txt - [7580 octets] - [06/01/2013 17:01:22]
AdwCleaner[S1].txt - [7384 octets] - [06/01/2013 17:02:00]
########## EOF - C:\AdwCleaner[S1].txt - [7444 octets] ##########
Code:
ATTFilter OTL logfile created on: 06.01.2013 17:09:46 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maik\Desktop\gvu virus Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 63,86% Memory free 6,00 Gb Paging File | 4,84 Gb Available in Paging File | 80,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 256,99 Gb Total Space | 129,34 Gb Free Space | 50,33% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: MAIK-PC | User Name: Maik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maik\Desktop\gvu virus\OTL.exe (OldTimer Tools) PRC - C:\Users\Maik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Maik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\DriverBoost\DriverBoost\DriverBoost.exe (PC Drivers Headquarters) PRC - C:\Programme\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation) PRC - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\phonostar-Player\phonostarTimer.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Maik\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ffbf68f58f6b363a0bb4ad3b458b33b4\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\424d49ddc7e0499eb7ad23a3383a5c39\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\97251ffd3639785762de2192b1367bb0\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\c255a0a3604f2af66f018a7cab34383a\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\05048245f00f48565f4007853d821aff\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\4b6ec7942074dec89819125afc57c363\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\e8f2a64ef24cba8bcc406a0c38abf1df\PodcastService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\d4689f8d8ac3cc2cc730348b481348f9\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\3157f5a031c1537160fab39c88f6a470\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3fb9963f643a6e43a5f3075e95071d39\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\138faa4f2701295e2c58ef89e363893b\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\9cb37a529eaf76d1a0e3bf6da1de62d5\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\73b37cc93eb4c6dcf997809db7c6e4a4\CPKTMusicPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\a3bc819952ed2ab66979d427ecfc9c18\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\17e0fc1a2041fade4f25a2741687ffe0\EBookManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\d3949fd50863ce70276048116448fe36\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\44c98acc33b8dea0c4d1ddf14e46a21f\AllShareController.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\211991e13a1bd7147773b6a1c76cb5a9\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\55fbe9063179771c2a9d9fc27ff86cba\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f8c8f34f4703169ec8ef159f4a3eff05\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\d0d50fad5e8fe8d3162afcb5d2b6bddb\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\936e305e35268ee454999b6c93dc63ca\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\89399dbb7d69a67bc61d4860e394ccb0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\358c117e190bc7c3b30772129ba9abd4\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\e69aa79efffd2c4c86c9adb11a36e0a7\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\424388d0957c8b7fb6d5ed0a2e7af878\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\74262e0140ce93c36cb628751d9c7ce9\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ec3f62c5f333c2cd143cee7fe47a40bc\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\299d5529a819e7f3d9cd548ca478c670\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\5911766cf78c9ff4b4b89dcd0d2f3899\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\b2991e7347afcb391a714b60ebf7fdff\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\1ea9d4d50c7fdf418de5c801ed76701d\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\4611b6c0f9fbf71ecb81eb8fd6b5f2c4\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\d3e68df5f9cb57209bed5add5c2a55a0\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\b65e465e082adf5a8051c32119784604\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\e50e1a832f1285357f0fbbfa2b9e9a19\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\a7d6c3e5b62fecc924bbb0032e13d440\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\dd6c740085ff9051f0b9d7aec72f889f\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\b588a9fc95ce714f3807256821cdff6f\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\4b6a37da062543cb6a866f649ffa849e\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\6a805942c8c6f80be2f6d60410b0fef9\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f8e88004811df47a7f15a4286b481017\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\17fe14a98797cb83d09401fdbc5ddf2a\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\088676cc322e339363b855b240aa1105\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\76f0a312890f736489f4b2766ea45ad5\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3ebb49cd31ae72ca680a647130a33e95\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\520f350554ab9e4da9b4048481146659\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\cd9650239eabb344a9ba1efb05085efb\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\c8ae107ef5d9e3a0765de835975b31a0\XPBurnComponent.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\8399883d188ce28bd66fbd306cbe087f\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\a296cb432e7978ad4e566f386730d656\Microsoft.Practices.ObjectBuilder.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\9cdd39ec1e0f467706d41144f6b46be1\RuleEngine.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\2eb10cf495db12785e10d027d6a31016\Microsoft.ApplicationBlocks.Updater.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\f230503357da39c9ed69181df137dee9\Microsoft.Win32.TaskScheduler.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\69c7886eef7bb8ba8cb469bc40542baa\Agent.Communication.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\a60794fb7ec1f25d7c3a28def07f1dc3\Interop.WUApiLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\b5a37a653edf4594b60691ba7a1b3c12\Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\e71477a45267d46fa8357af532e4c105\ExceptionLogging.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\f714da3db09911a1cae7519644c6e75c\Agent.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\beca08ebf1bf1ac4bcb1dd104ace11ad\Agent.ni.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\616b25e9ad3de7ab58c67f200e21dbac\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Programme\DriverBoost\DriverBoost\ThemePack.DriverBoost.dll () MOD - C:\Programme\DriverBoost\DriverBoost\Agent.Communication.XmlSerializers.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\phonostar-Player\phonostarTimer.exe () MOD - C:\Programme\phonostar-Player\QtCore4.dll () MOD - C:\Programme\phonostar-Player\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Programme\phonostar-Player\QtGui4.dll () MOD - C:\Programme\phonostar-Player\QtSql4.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3811.38670__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3811.38550__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3811.38570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3811.38672__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3811.38621__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3811.38558__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3811.38602__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3811.38641__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3811.38592__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3811.38564__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3811.38559__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3811.38672__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3811.38670__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3811.38666__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3811.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3811.38571__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3811.38615__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3811.38570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3811.38649__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3811.38594__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3811.38665__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3811.38574__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3811.38649__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3811.38589__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3811.38601__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3811.38575__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3811.38542__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3811.38540__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3811.38585__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3811.38621__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3811.38592__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3811.38606__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3811.38568__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3811.38602__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3811.38600__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3811.38539__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3811.38635__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3811.38616__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3811.38559__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3811.38567__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3811.38541__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3811.38542__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3811.38548__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3811.38541__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3811.38564__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3811.38540__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3811.38615__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3811.38640__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3811.38544__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3811.38541__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3811.38541__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3811.38548__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3811.38639__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3811.38543__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3811.38543__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3811.38646__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3811.38549__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3811.38554__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3811.38664__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3811.38629__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3811.38564__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3811.38635__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3811.38633__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3811.38547__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3811.38546__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3811.38548__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3811.38544__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3811.38546__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3811.38646__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3811.38544__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3811.38553__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3811.38542__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3811.38543__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3811.38634__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3811.38563__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3811.38553__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3811.38569__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3811.38547__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3811.38545__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Radio.fx) -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Maik\AppData\Local\Temp\catchme.sys File not found DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{06B10694-38BD-4D05-80F1-9A5B4412F98B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{468D310B-E6D5-4B11-A734-A1D22EEE4BE5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BEBFF2D5-FE36-4172-A96D-D9C96E1BE139&apn_sauid=B7CD90B6-3B7C-41B7-AC10-A62972CFBFF0 IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{77E1BADB-E50D-442C-9BC4-FB06E81EE7ED}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{78C422A2-3BE7-4A94-98F5-F749E5A6AC2B}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{D81D3048-98AC-4046-8A8E-7430692A9614}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{F736B167-4030-45AC-B074-033055D992CF}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:16:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:16:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.17 19:49:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:16:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:16:55 | 000,000,000 | ---D | M] [2011.05.30 17:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions [2011.05.30 17:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.06 17:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\nrnhh2x1.default\extensions [2012.11.16 23:02:55 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\extensions\toolbar@web.de.xpi [2011.05.16 18:02:38 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2011.05.05 17:24:02 | 000,002,289 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\ecosia.xml [2012.11.16 23:02:57 | 000,002,273 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\englische-ergebnisse.xml [2012.11.16 23:02:57 | 000,010,563 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\gmx-suche.xml [2012.11.16 23:02:57 | 000,002,432 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\lastminute.xml [2012.11.16 23:02:57 | 000,005,545 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\webde-suche.xml [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 20:16:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.23 17:10:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 14:54:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.23 17:10:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 17:10:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 17:10:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 17:10:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.06 01:31:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000..\Run: [DriverBoost] C:\Program Files\DriverBoost\DriverBoost\DriverBoost.exe (PC Drivers Headquarters) O4 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000..\Run: [phonostarTimer] C:\Programme\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000..\Run: [Spotify Web Helper] C:\Users\Maik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{117206FD-4549-4CC5-AE35-EC2EDEE8F0E3}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E88D494-88B0-4797-939A-DA56D45D1123}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{790ABDB0-69AF-4748-AE9F-5257E27B7A5C}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8201C594-566C-4F85-8DEC-DCFD24DDAB5A}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.06 13:03:03 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.01.06 13:03:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.01.06 10:48:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Maik\Desktop\aswMBR.exe [2013.01.06 10:48:51 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Maik\Desktop\tdsskiller.exe [2013.01.06 01:40:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.06 01:31:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.01.06 01:16:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.06 01:16:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.06 01:16:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.06 01:15:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.06 01:15:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.06 01:03:46 | 000,000,000 | ---D | C] -- C:\Users\Maik\Desktop\gvu virus [2013.01.04 21:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.30 20:36:47 | 000,000,000 | ---D | C] -- C:\Users\Maik\Desktop\Sicherung [2012.12.13 21:01:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.13 21:01:21 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.13 21:01:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.13 21:01:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.13 21:01:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.13 21:01:20 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.13 21:01:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.13 21:01:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.13 18:56:47 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.13 18:56:45 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.13 18:56:38 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.13 18:56:38 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.13 18:56:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.13 18:56:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.13 18:56:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.13 18:56:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.13 18:56:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.13 18:56:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.13 18:56:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.13 18:56:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.13 18:56:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.13 18:56:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.13 18:56:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.13 18:56:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.13 18:56:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.13 18:56:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.13 18:56:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.13 18:56:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.13 18:56:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.06 17:11:21 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 17:11:21 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 17:03:54 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.06 17:03:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.06 17:03:43 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2013.01.06 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.06 16:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.06 16:18:47 | 000,001,051 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.06 16:17:44 | 000,551,997 | ---- | M] () -- C:\Users\Maik\Desktop\adwcleaner.exe [2013.01.06 16:11:28 | 000,334,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.06 11:11:38 | 000,000,512 | ---- | M] () -- C:\Users\Maik\Desktop\MBR.dat [2013.01.06 10:48:18 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Maik\Desktop\tdsskiller.exe [2013.01.06 10:46:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Maik\Desktop\aswMBR.exe [2013.01.06 01:31:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.01.04 17:49:45 | 000,000,000 | ---- | M] () -- C:\Users\Maik\defogger_reenable [2013.01.04 17:48:18 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.04 17:48:18 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.04 17:48:18 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.04 17:48:18 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.13 19:09:34 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.13 19:09:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.06 16:17:41 | 000,551,997 | ---- | C] () -- C:\Users\Maik\Desktop\adwcleaner.exe [2013.01.06 11:11:38 | 000,000,512 | ---- | C] () -- C:\Users\Maik\Desktop\MBR.dat [2013.01.06 01:16:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.06 01:16:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.06 01:16:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.06 01:16:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.06 01:16:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.04 17:49:45 | 000,000,000 | ---- | C] () -- C:\Users\Maik\defogger_reenable [2012.09.02 12:22:39 | 000,001,652 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.04.13 19:12:08 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2012.01.05 18:28:51 | 000,017,408 | ---- | C] () -- C:\Users\Maik\AppData\Local\WebpageIcons.db [2011.12.19 21:46:23 | 000,000,860 | ---- | C] () -- C:\Users\Maik\.recently-used.xbel [2011.02.28 13:58:51 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.02.12 23:32:21 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.12 23:32:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.16 15:22:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:91486201 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.01.2013 17:09:46 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maik\Desktop\gvu virus
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 63,86% Memory free
6,00 Gb Paging File | 4,84 Gb Available in Paging File | 80,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 129,34 Gb Free Space | 50,33% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: MAIK-PC | User Name: Maik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1809649647-3722367740-903643459-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0900D24E-6695-4738-B815-7552D045F9ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{09883CE9-26FE-4A45-989B-37A0BD81E4D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C8C2D0D-7D9D-4C17-9100-C09547172459}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28187768-6E5D-4CF5-93FC-076F029C6EC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{29E2B73A-1EB0-4443-9187-81E823B61F17}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BE1D883-6EA8-4F69-B27F-C4DF8DA53F17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AC07D75-4EE6-4667-87BF-21169AFC217B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{481D8800-D9EB-4A76-87D9-6792E4CA4D16}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E47CB00-8DA5-4B8C-9517-4D0BD2B5288D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FD58E28-D3A2-4808-A36D-D8FD03B60F1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{50D2B6BF-EC45-473C-B5C0-DC03C3627A70}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A0012CD-DF43-4A6E-AA51-5326D4960721}" = rport=10243 | protocol=6 | dir=out | app=system |
"{685A581F-B0DF-45A6-8223-6BEFA1F120F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B7B4C0A-1EF2-44F7-A96A-477604EC4F32}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{707C00C0-4326-4A94-9E15-83629AB6DC0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BD7F9A7-A9B7-47AD-BBFE-B2B82FD0B224}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C862FE4-05EF-4FBD-ABE3-173716173733}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92E673F4-0836-4A19-A865-B68FE6711C1C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD16072-28D0-478E-92FD-CABE83F7B25D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2818382-7CF9-4197-AB43-CF1252D95EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB143DF5-4933-439B-B9E6-3850D8672933}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED9A3D3C-DD5F-4F92-A043-C0E95C1D9F56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE0B37C1-64CF-427C-BA77-ED32BB8C831D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017282CC-B9C6-4F83-B7D0-E39002E586B1}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{019B0A18-B262-4331-AEDA-1B18A178C2FC}" = protocol=17 | dir=in | app=c:\games\sid meier's civilization iv colonization\colonization.exe |
"{01BE9E87-562D-4F17-9FBD-C6A50BC539A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BB72CC1-76F2-434A-B734-799E94588E73}" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C5F5E67-C648-432F-B029-E4699CA57A1F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1092020F-1D01-4404-BE69-85E0370ECC19}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{15623B23-3FC9-4AD5-A80B-2BBC01DEFAE3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{15A2EFC3-4B58-4DBD-94F3-414D80464B77}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1DAB9A10-C92E-42A4-B713-672254D31D24}" = protocol=6 | dir=in | app=c:\games\sid meier's civilization iv colonization\colonization.exe |
"{2D7EB513-DFB3-46BB-AB9D-26C9AB2AD7BB}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{3097D33A-2001-4669-B97E-937181724DBB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{30D9D567-B6A7-4113-8F40-C6E899041CE4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{38212F2F-C530-464F-A2FA-211E04CBC478}" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\dropbox\bin\dropbox.exe |
"{3C208A52-FB9A-4FBF-894D-D2CDCE60FCC3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{47CDE574-A8C1-48F3-BD7E-8F72D016999C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4C3DE543-B759-4234-AA31-1ECF4D1BC5CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E368D31-5221-4C18-9403-709D85ECB00D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{52070E22-C55A-4568-B01F-338DCC7703DD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{5CDC7647-63B3-4844-B465-8A4A069BCD5A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5D5CC1EC-642C-49F6-AAAF-6A2808343BA4}" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"{605E4C49-2E01-4099-A5D3-688715614121}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62595E90-C346-4096-8108-E9230CCBD3B9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{66F62239-73B6-4CA1-963A-C1EE2A1BB18C}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{6D4A4784-DA64-4751-91BF-35D220619ADE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6D9EAF08-FF08-465E-8652-3312917B32B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70FCC29E-0449-4327-A023-B9178CB33E48}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{73AFFDA9-F71A-469E-8E2D-1ED236910727}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7617349D-1BB2-4EDA-A4ED-D3F085B63337}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{76939125-8A24-4527-B83E-1FC430D56AD5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{79799078-695C-467F-A2FF-F03609CF9D64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8040E519-CB35-44EF-8F13-9A6F3FB96ED6}" = protocol=6 | dir=out | app=system |
"{8049B4DD-E71F-4D32-98B7-0768A4BACA38}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8BE75A45-116F-4299-8443-F15182E26BA7}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{901E0D6A-14ED-4E50-833C-8427070193E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{960A77FD-514F-4A45-B934-2F55BAB2658C}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{9A4CE18C-72AD-4317-AD25-BF1682C652EC}" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"{A00C48BC-4047-4E03-8C13-15E0683FA55A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B82A8525-CA2F-4E9C-B759-A7537EF0F6B5}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{BA740B85-B3E9-47AC-B39B-A0A63EE28C9B}" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"{BFF2B489-25DC-44E8-B478-E454DCADF293}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C10ADB8D-E88C-4073-A2B3-8557D04C7E50}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C1BC7DF3-7F08-4052-BE11-8D150A150951}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3DB9B85-65A2-4FF4-8FB2-FF176DE8856D}" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"{C64B0979-FD56-49A4-9EE2-9E1546A2DD5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDBADB6C-C476-4251-9794-3E8256DDEED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDC24F17-F230-426D-A6DE-31792454A343}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D977F5DB-D223-4F10-ADF0-7716663EFB06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E46949A2-2660-4D55-9A37-38F87D89D62A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAE8F5D4-09BE-4824-A915-EA87ED32B866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1645387-F581-451A-8CB1-02A1EC8AC102}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F29B57A1-FAC2-4591-BF5E-827C2F3745A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7B0EF98-12F8-4559-8E9D-D0B98E220E16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{01DA4821-4498-47B9-B1F5-B7D687C1E51E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{3A67921A-E25F-48B9-9DB9-EA17ABF79FB5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{84318DCA-18AD-4B28-9427-0D4D34232DAB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{9816E7EE-09B0-400F-B8F0-87B3AE0439AA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{D383FA5C-21AF-43B3-97D1-E7F316640F83}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{E11E0C58-B97F-4E53-8650-461993D30468}C:\users\maik\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F4C97BC5-72CF-41AB-A308-515049A736BB}C:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{28F00575-13CF-408A-9616-BD606A00771E}C:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{2B306031-E0D4-43AF-BC51-4FCBC1C6607D}C:\users\maik\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3335C837-0668-4B6D-A1C2-8441D09048D3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{641CE1FD-1645-4125-A948-3BC1D484D2DA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B880465B-2D00-4021-B71B-C0F21F2D3622}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{C126564B-BEC7-45D6-B4F6-9F129B522CF1}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{F175A39E-3F6E-4037-8FC3-11E6B7A75FA4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}" = DriverBoost
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1534483D-EB1B-ACF8-2472-7C68F87516D9}" = CCC Help French
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1DE5C23D-29D2-43B7-05E3-1ACF799779C2}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23236274-1FB3-7DB1-061B-32D349AF5DB8}" = CCC Help Chinese Traditional
"{25AA04C1-8D88-6124-71CE-EA67DBCD68EE}" = Catalyst Control Center Graphics Previews Common
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C6B21B1-48D7-BDD8-B4C8-B289C9B61EA2}" = CCC Help Japanese
"{3004D82D-7D27-B373-71FC-E9CE7F1295A1}" = CCC Help Spanish
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37171C81-9EFC-D36B-2295-3F898A4D9E12}" = CCC Help Polish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62182F69-C225-5955-3EA0-02A927692F09}" = CCC Help Turkish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{679A8F3C-4B1A-A459-7EE6-9F877D4B337A}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FEDB652-96FB-28EF-1583-A3773667136B}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78370AE2-D852-90F9-2444-88DFED91EF4D}" = Catalyst Control Center Localization All
"{7C41022B-88D3-54E3-78BE-0182F390E640}" = Catalyst Control Center Graphics Previews Vista
"{82123B01-A183-A7DE-A61C-BF4BF65680C1}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C202CD3-9427-D3E9-4295-61EB3249A90E}" = Catalyst Control Center Graphics Full Existing
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}" = IndustrieGigant 2
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light
"{91B78AB4-3F74-17E2-85BA-C814F87B0FF1}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9958E1F2-AF56-B67E-4585-BA2066AA9601}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD813AC-7D0E-F9FE-55E9-572AB783CA76}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D18475C-CA21-447A-6688-007243BBF1C8}" = ccc-core-static
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A19EF447-CF86-C430-366A-469E5C0E3CCD}" = Catalyst Control Center Core Implementation
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F580B5-7123-3DEE-A0BB-BBF9ED230BC1}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0139DA-1C8D-7DBD-F765-80211E11B8CB}" = CCC Help Chinese Standard
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AFF77101-460F-55A0-19FD-CABCFC11C8B0}" = CCC Help Thai
"{B025146A-1687-9076-6E43-8A36DA2E15FD}" = CCC Help Czech
"{B362DC31-BC97-49E3-1E83-5603F01C5769}" = CCC Help Dutch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C08F9290-C0A6-A310-2901-9E25373B6DCD}" = CCC Help Norwegian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6111BC3-3EB5-5D43-C1C8-A825F12737D5}" = Catalyst Control Center InstallProxy
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D76D5FC8-4655-0E6D-6D74-C944E08290CA}" = ATI Catalyst Install Manager
"{D7F70031-2AE0-D959-40A6-F7C91CBD540F}" = CCC Help German
"{DA0B78ED-4274-C842-D9B9-3C2F85FDBDDC}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EA76784A-8127-25C6-908A-E5175566FF0A}" = CCC Help Russian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F53C1A29-3980-CFB8-EA37-10357922D0B1}" = CCC Help Swedish
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F6BC885F-F971-31DD-2F2B-086A9C2F1A93}" = CCC Help Italian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA886756-403E-5C8A-6039-1323D196B929}" = ccc-utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Diner Dash" = Diner Dash
"Diner Dash" = Diner Dash
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"FastImageResizer" = FastImageResizer (remove only)
"FreePDF_XP" = FreePDF (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"No23 Recorder" = No23 Recorder
"Norton PC Checkup_is1" = Norton PC Checkup
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.11.1661" = Opera 12.11
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.2
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SCHLECKER Fotobuch und mehr ..._is1" = SCHLECKER Fotobuch und mehr ... 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1809649647-3722367740-903643459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diner Dash 2 Deluxe" = Diner Dash 2 Deluxe
"Dropbox" = Dropbox
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2012 14:17:40 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 26.11.2012 14:13:48 | Computer Name = Maik-PC | Source = Windows Backup | ID = 4104
Description =
Error - 27.11.2012 14:17:59 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 02.12.2012 14:04:51 | Computer Name = Maik-PC | Source = Windows Backup | ID = 4104
Description =
Error - 03.12.2012 03:46:14 | Computer Name = Maik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll,
Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00009c56 ID des fehlerhaften Prozesses: 0x3e4 Startzeit der fehlerhaften Anwendung:
0x01cdd12a1cc3d5a8 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 82b33b83-3d1d-11e2-a46a-406186afb080
Error - 04.12.2012 06:14:56 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.12.2012 09:52:55 | Computer Name = Maik-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 07.12.2012 15:29:04 | Computer Name = Maik-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 09.12.2012 08:58:18 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 09.12.2012 14:03:58 | Computer Name = Maik-PC | Source = Windows Backup | ID = 4104
Description =
[ System Events ]
Error - 06.01.2013 06:20:23 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.01.2013 06:20:23 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sekundäre Anmeldung" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.01.2013 06:20:23 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 06.01.2013 06:20:23 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 06.01.2013 06:20:23 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 06.01.2013 06:20:23 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 06.01.2013 06:21:23 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 06.01.2013 06:22:25 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 06.01.2013 06:22:25 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 06.01.2013 06:22:25 | Computer Name = Maik-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen
(Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
< End of report >
|
|
07.01.2013, 20:25
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EVU Trojaner - Bitte um HilfeFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\SearchScopes\{468D310B-E6D5-4B11-A734-A1D22EEE4BE5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BEBFF2D5-FE36-4172-A96D-D9C96E1BE139&apn_sauid=B7CD90B6-3B7C-41B7-AC10-A62972CFBFF0
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1809649647-3722367740-903643459-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2013.01.06 11:11:38 | 000,000,512 | ---- | M] () -- C:\Users\Maik\Desktop\MBR.dat
[2012.09.02 12:22:39 | 000,001,652 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:91486201
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2013, 19:20
| #15 |
| | EVU Trojaner - Bitte um HilfeCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1809649647-3722367740-903643459-1000\Software\Microsoft\Internet Explorer\SearchScopes\{468D310B-E6D5-4B11-A734-A1D22EEE4BE5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{468D310B-E6D5-4B11-A734-A1D22EEE4BE5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Programme\Java\jre7\bin\ssv.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1809649647-3722367740-903643459-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\Users\Maik\Desktop\MBR.dat moved successfully.
C:\Windows\System32\ASOROSet.bin moved successfully.
ADS C:\ProgramData\Temp:91486201 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Maik\Desktop\gvu virus\cmd.bat deleted successfully.
C:\Users\Maik\Desktop\gvu virus\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Maik
->Temp folder emptied: 77556109 bytes
->Temporary Internet Files folder emptied: 154146632 bytes
->Java cache emptied: 12357142 bytes
->FireFox cache emptied: 216007874 bytes
->Opera cache emptied: 22535108 bytes
->Flash cache emptied: 101576 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 460,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 01082013_191406
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu EVU Trojaner - Bitte um Hilfe |
| antivir, avira, bho, bildschirm, bingbar, computer, error, erste mal, failed, festplatte, firefox, flash player, frage, geld, gruppe, home, install.exe, microsoft office starter 2010, mozilla, ntdll.dll, plug-in, realtek, registry, richtlinie, scan, security, server, spotify web helper, starten, svchost.exe, symantec, trojaner, windows, wlan verbindung, wrapper |
Textbox. 
Linear-Darstellung
