| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.Adware.Agent gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.01.2013, 14:59
| #1 |
 |  PUP.Adware.Agent gefunden Hallo liebes Forum, Malwarebytes hat einen Fund von PUP.Adware.Agent gemeldet. Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.19.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: NOTEBOOK [Administrator] 19.12.2012 22:09:57 mbam-log-2012-12-20 (00-44-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 376366 Laufzeit: 2 Stunde(n), 20 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$Recycle.Bin\S-1-5-21-1035420632-523644624-95114637-1000\$RNTP02C.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. (Ende) Hier die OTL.txt: Code:
ATTFilter OTL logfile created on: 05.01.2013 13:15:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***.Notebook\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 71,13% Memory free 5,93 Gb Paging File | 5,07 Gb Available in Paging File | 85,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 87,79 Gb Total Space | 37,80 Gb Free Space | 43,05% Space Free | Partition Type: NTFS Drive D: | 210,20 Gb Total Space | 209,78 Gb Free Space | 99,80% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.05 13:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***.Notebook\Desktop\OTL.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE PRC - [2011.11.21 15:12:58 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.03.08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\pptd40nt.exe PRC - [2010.03.08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010.03.05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.12.13 16:06:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 20:51:41 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.03 11:37:11 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011.11.21 15:11:58 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.11.21 15:10:04 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.07.20 10:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.11.30 15:20:46 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130103.032\NAVEX15.SYS -- (NAVEX15) DRV - [2012.11.30 15:20:46 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130103.032\NAVENG.SYS -- (NAVENG) DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130103.002\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.09 09:22:04 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.09 09:22:04 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA) DRV - [2012.04.18 03:13:32 | 000,318,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symnets.sys -- (SymNetS) DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON) DRV - [2012.03.26 21:08:31 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.07.25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS) DRV - [2011.06.27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.11.03 04:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb) DRV - [2009.11.03 04:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) DRV - [2009.08.23 04:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008.12.24 09:39:44 | 000,014,392 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{1BE4FFD2-9EE7-424E-BE06-0353009DE649}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4 IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 1E 1E E2 B9 E2 CA 01 [binary data] IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4&q={searchTerms} IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{1BE4FFD2-9EE7-424E-BE06-0353009DE649}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{61ED4CE0-C37F-4980-BD51-F9FC25A394FC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-1035420632-523644624-95114637-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1035420632-523644624-95114637-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Privitize VPN" FF - prefs.js..browser.search.defaultenginename: "Privitize VPN" FF - prefs.js..browser.search.order.1: "Privitize VPN" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4" FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: passhash%40mozilla.wijjo.com:1.1.7 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.24 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: passhash@mozilla.wijjo.com:1.1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.22.0 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "https://www.startpage.com/do/search?language=deutsch&cat=web&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.09 15:15:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.01.05 13:09:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 20:51:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 20:51:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.09 19:29:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 20:51:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.05 20:51:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.09 19:29:14 | 000,000,000 | ---D | M] [2010.05.09 06:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.13 19:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions [2012.12.12 17:49:22 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2012.09.21 12:27:03 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\firefox@ghostery.com [2012.01.03 21:32:26 | 000,000,000 | ---D | M] ("Password Hasher") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\passhash@mozilla.wijjo.com [2012.12.13 19:41:53 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\28m9fi33.default\extensions\plugin@yontoo.com [2012.12.13 19:41:30 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\extensions\torntv@torntv.com.xpi [2012.11.24 08:51:04 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.24 20:05:23 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.01.02 16:35:17 | 000,005,492 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\searchplugins\startpage-https---deutsch.xml [2010.11.06 08:42:18 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\28m9fi33.default\searchplugins\youtube-videosuche.xml [2012.12.05 20:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.05 20:51:41 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.07.20 14:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 19:17:02 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.20 14:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.20 14:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.20 14:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.20 14:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKU\S-1-5-21-1035420632-523644624-95114637-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{668BCE03-5360-45EA-9F4F-130635770D80}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0583150-AF4C-4A65-A56E-E06FB610DB09}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3d3a8093-ef15-11df-b258-e0cb4e2f9eb4}\Shell - "" = AutoRun O33 - MountPoints2\{3d3a8093-ef15-11df-b258-e0cb4e2f9eb4}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O33 - MountPoints2\{a7109762-7028-11e0-a3c3-e0cb4e2f9eb4}\Shell - "" = AutoRun O33 - MountPoints2\{a7109762-7028-11e0-a3c3-e0cb4e2f9eb4}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.13 19:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2012.12.13 19:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.12.13 19:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2012.12.13 19:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2012.12.09 19:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.01.05 13:15:57 | 000,015,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 13:15:57 | 000,015,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 13:14:25 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.05 13:08:37 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.05 13:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.05 13:08:21 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys [2013.01.04 18:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.04 17:58:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.03 12:09:47 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.03 12:09:47 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.03 12:09:47 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.03 12:09:47 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.03 09:15:34 | 000,587,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.01.05 13:14:25 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.10.31 21:56:38 | 000,007,598 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.08.24 12:05:19 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2012.08.22 14:13:52 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.08.22 14:13:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.08.22 14:08:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.08.22 14:08:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.08.22 14:08:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012.06.20 16:00:51 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.06 07:26:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.01.19 08:32:17 | 000,001,940 | ---- | C] () -- C:\Users\***\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.09.16 09:13:35 | 003,434,606 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.04.16 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Academic Software Zurich [2012.09.02 14:22:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.04.16 17:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2012.11.30 20:09:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance [2012.12.13 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.04.17 10:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.11.25 16:45:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.11.30 20:09:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon [2012.11.06 22:32:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.11.07 11:00:03 | 000,000,000 | ---D | M] -- C:\Users\***.Notebook\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.01.2013 13:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***.Notebook\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 71,13% Memory free
5,93 Gb Paging File | 5,07 Gb Available in Paging File | 85,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,79 Gb Total Space | 37,80 Gb Free Space | 43,05% Space Free | Partition Type: NTFS
Drive D: | 210,20 Gb Total Space | 209,78 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006674C1-DF11-4342-A758-FF6FFD18AF3C}" = rport=138 | protocol=17 | dir=out | app=system |
"{106DC723-8B41-4352-A5B8-2D362B9F6EF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{14FDD1C6-368A-4E62-A5FA-E32ACA4E6678}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{21D7C4B2-1DF7-495F-BBF1-A255271B2421}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24FDE669-0DBA-46E8-8690-4E1D2F521F45}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C0B2E44-2F62-458F-8576-1157A4B8A3EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{32A9637A-2972-4F23-B500-08FAFE8D4EB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3346C36D-D3A1-4AB3-98F6-5463334FAD00}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3AA3BC7A-6E5B-420E-BE41-9DC90008350B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E8416B2-0B1A-4826-A543-E45950C2827F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6072A34E-FA68-4516-A994-D447A5B22F78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BCFF28D-E3E8-41EC-8F02-E05C1B29BBCE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71DFA0EB-0F1D-4DC2-9E26-77A5C2B9BC26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{786995A9-FE6F-40B4-93EA-396820067B17}" = lport=137 | protocol=17 | dir=in | app=system |
"{7FD95EC8-CD60-40F3-9300-D78B55981DB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{94135ED9-31D2-4834-B2D1-9C398A0E1B83}" = rport=445 | protocol=6 | dir=out | app=system |
"{B65DE6B8-B1D8-4AE4-BFFD-3DDBF97705B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B9E4B7CD-49F9-4C8F-8B3C-EB46D04C928F}" = lport=139 | protocol=6 | dir=in | app=system |
"{D39E382F-9DF2-4097-9FE6-08A9925FE4D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6CD4DE4-4B8A-4687-BB2D-3DEC7E1196E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D853B818-4670-4EDD-836E-B9007668BE4D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1982B16-0419-4DE2-BBEE-C76EA2F58A81}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F0867DC8-0CC9-4A03-9125-B5D616A45A7A}" = rport=137 | protocol=17 | dir=out | app=system |
"{FE339C4B-09E5-4078-959F-8188677A17CF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FF61CA79-1252-4244-A0DF-0142E83C932A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F54E3A-513B-4FFB-87B6-603427585C38}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0A0E5893-A7A3-49C4-A0D3-A87D3F5C46F3}" = protocol=6 | dir=out | app=system |
"{1298D642-3910-407D-AB52-6268EC0A32F3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{135EB972-3DC2-454F-BBB5-5C128CF3EF49}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D4EFC39-17D9-4958-A436-3C6155ADC78C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3E45896F-4E81-41BE-85C1-64A932E3DCAE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{482BC0FA-824A-41A6-BBED-4E6EB37966E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52FA44A3-CCC6-4118-B0E5-7C645E58BD0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5662CDF9-4CC9-4BDF-A11D-F1C692F49FA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D01F174-7650-4E1A-A281-3F18ABAF56A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{632715A6-AACB-49A0-9593-80DCABA8BBF7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6337C4E8-7354-4646-B613-347E1C890673}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{691F3E24-8548-451D-B131-849F97969D76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7435AFB5-28D7-415D-9C51-7841A58988CC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7D1B14DA-393B-4E36-AA38-7C393E9B6B21}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{7E7E03B7-D1BD-4E0B-8C94-D1114D07D583}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3E1DD9E-2566-4E64-9C22-E8E7662F9E5D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B75F2C55-1212-4F4A-9542-2348820D2780}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD383B9F-CF03-4CE3-8B77-FA4FA44B0A90}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C0ADA4A5-41C2-4F7E-AB5F-208BC88C3984}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE900748-E609-4BE4-A78E-3FE0C14DB13E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5EEBAF6-CB59-47DE-9375-F83CC4120660}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE5013D8-FB68-4CB7-8C13-3456922CA38E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDE2A660-969C-4B40-9BE2-0163DD45BA84}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{FE296D27-753D-412E-A91E-A06931436797}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02680f40-02bf-4b66-8f01-0128f8a1b199}" = Nero 9 Essentials
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SpeedFan" = SpeedFan (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.09.2011 16:39:43 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description =
Error - 15.09.2011 16:49:56 | Computer Name = Notebook | Source = VSS | ID = 12289
Description =
Error - 15.09.2011 16:49:56 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description =
Error - 15.09.2011 17:00:33 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description =
Error - 15.09.2011 17:06:38 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description =
Error - 15.09.2011 17:06:38 | Computer Name = Notebook | Source = System Restore | ID = 8211
Description =
Error - 24.02.2012 06:03:41 | Computer Name = Notebook | Source = Application Hang | ID = 1002
Description = Programm Picasa3.exe, Version 3.8.117.43 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5b8c Startzeit:
01ccf2db3ea3a559 Endzeit: 6 Anwendungspfad: C:\Program Files\Google\Picasa3\Picasa3.exe
Berichts-ID:
cf8eefa3-5ece-11e1-9008-00f1d000f1d0
Error - 11.04.2012 03:33:53 | Computer Name = Notebook | Source = System Restore | ID = 8193
Description =
Error - 11.04.2012 03:33:53 | Computer Name = Notebook | Source = System Restore | ID = 8211
Description =
Error - 12.04.2012 00:02:22 | Computer Name = Notebook | Source = .NET Runtime Optimization Service | ID = 1101
Description =
[ System Events ]
Error - 30.11.2012 10:14:19 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 30.11.2012 10:14:19 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 30.11.2012 10:14:20 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 30.11.2012 10:14:20 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 13.12.2012 12:20:04 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 13.12.2012 12:20:04 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 13.12.2012 12:20:05 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 13.12.2012 12:20:05 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 13.12.2012 12:20:06 | Computer Name = Notebook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.12.2012 17:28:04 | Computer Name = Notebook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst NIS erreicht.
< End of report >
Code:
ATTFilter GMER 2.0.18327 - hxxp://www.gmer.net
Rootkit scan 2013-01-05 13:59:48
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60N 298,09GB
Running: zkg7embo.exe; Driver: C:\Users\***\AppData\Local\Temp\kwldqpow.sys
---- System - GMER 2.0 ----
SSDT 86D949A0 ZwAlertResumeThread
SSDT 86D94A80 ZwAlertThread
SSDT 86D93CD8 ZwAllocateVirtualMemory
SSDT 865FD290 ZwAlpcConnectPort
SSDT 86D96D68 ZwAssignProcessToJobObject
SSDT 86D946F0 ZwCreateMutant
SSDT 86D96A88 ZwCreateSymbolicLinkObject
SSDT 86D8E4A8 ZwCreateThread
SSDT 86D96B78 ZwCreateThreadEx
SSDT 86D96E48 ZwDebugActiveProcess
SSDT 86D93EA8 ZwDuplicateObject
SSDT 86D93A90 ZwFreeVirtualMemory
SSDT 86D947E0 ZwImpersonateAnonymousToken
SSDT 86D948C0 ZwImpersonateThread
SSDT 865EDC00 ZwLoadDriver
SSDT 86D93990 ZwMapViewOfSection
SSDT 86D94610 ZwOpenEvent
SSDT 86D8E390 ZwOpenProcess
SSDT 86D93DC8 ZwOpenProcessToken
SSDT 86D94450 ZwOpenSection
SSDT 86D8E2C0 ZwOpenThread
SSDT 86D96C78 ZwProtectVirtualMemory
SSDT 86D94B60 ZwResumeThread
SSDT 86D94E00 ZwSetContextThread
SSDT 86D94EE0 ZwSetInformationProcess
SSDT 86D96F28 ZwSetSystemInformation
SSDT 86D94530 ZwSuspendProcess
SSDT 86D94C40 ZwSuspendThread
SSDT 86D8E588 ZwTerminateProcess
SSDT 86D94D20 ZwTerminateThread
SSDT 86D94FD0 ZwUnmapViewOfSection
SSDT 86D93B80 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4FA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C894D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82C90510 8 Bytes [A0, 49, D9, 86, 80, 4A, D9, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82C90528 4 Bytes [D8, 3C, D9, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C90534 4 Bytes [90, D2, 5F, 86] {NOP ; RCR BYTE [EDI-0x7a], CL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82C90588 4 Bytes [68, 6D, D9, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C90604 4 Bytes [F0, 46, D9, 86]
.text ...
---- EOF - GMER 2.0 ----
|
|
05.01.2013, 15:05
| #2 |
| /// Malware-holic   | PUP.Adware.Agent gefunden Hi
__________________gab oder gibt es Probleme mit dem Gerät? download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
05.01.2013, 15:13
| #3 |
| | PUP.Adware.Agent gefunden Manchmal fährt er sehr langsam hoch, sonst ist mir nichts aufgefallen.
__________________Code:
ATTFilter 15:10:46.0933 3240 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:10:47.0413 3240 ============================================================
15:10:47.0413 3240 Current date / time: 2013/01/05 15:10:47.0413
15:10:47.0413 3240 SystemInfo:
15:10:47.0413 3240
15:10:47.0413 3240 OS Version: 6.1.7601 ServicePack: 1.0
15:10:47.0413 3240 Product type: Workstation
15:10:47.0413 3240 ComputerName: NOTEBOOK
15:10:47.0413 3240 UserName: ***
15:10:47.0413 3240 Windows directory: C:\Windows
15:10:47.0413 3240 System windows directory: C:\Windows
15:10:47.0413 3240 Processor architecture: Intel x86
15:10:47.0413 3240 Number of processors: 2
15:10:47.0413 3240 Page size: 0x1000
15:10:47.0413 3240 Boot type: Normal boot
15:10:47.0413 3240 ============================================================
15:10:48.0923 3240 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:10:48.0933 3240 ============================================================
15:10:48.0933 3240 \Device\Harddisk0\DR0:
15:10:48.0933 3240 MBR partitions:
15:10:48.0933 3240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:10:48.0933 3240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAF96000
15:10:48.0933 3240 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAFC8800, BlocksNum 0x1A465000
15:10:48.0933 3240 ============================================================
15:10:49.0073 3240 C: <-> \Device\Harddisk0\DR0\Partition2
15:10:49.0103 3240 D: <-> \Device\Harddisk0\DR0\Partition3
15:10:49.0103 3240 ============================================================
15:10:49.0103 3240 Initialize success
15:10:49.0103 3240 ============================================================
15:11:16.0731 0948 ============================================================
15:11:16.0731 0948 Scan started
15:11:16.0731 0948 Mode: Manual; SigCheck; TDLFS;
15:11:16.0731 0948 ============================================================
15:11:17.0339 0948 ================ Scan system memory ========================
15:11:17.0339 0948 System memory - ok
15:11:17.0339 0948 ================ Scan services =============================
15:11:17.0495 0948 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:11:17.0620 0948 1394ohci - ok
15:11:17.0667 0948 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:11:17.0682 0948 ACPI - ok
15:11:17.0729 0948 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:11:17.0760 0948 AcpiPmi - ok
15:11:17.0885 0948 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:11:17.0916 0948 AdobeARMservice - ok
15:11:17.0994 0948 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:11:18.0026 0948 AdobeFlashPlayerUpdateSvc - ok
15:11:18.0088 0948 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:11:18.0104 0948 adp94xx - ok
15:11:18.0119 0948 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:11:18.0150 0948 adpahci - ok
15:11:18.0166 0948 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:11:18.0182 0948 adpu320 - ok
15:11:18.0213 0948 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:11:18.0260 0948 AeLookupSvc - ok
15:11:18.0338 0948 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:11:18.0369 0948 AFD - ok
15:11:18.0416 0948 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:11:18.0431 0948 agp440 - ok
15:11:18.0462 0948 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:11:18.0478 0948 aic78xx - ok
15:11:18.0494 0948 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:11:18.0525 0948 ALG - ok
15:11:18.0540 0948 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:11:18.0556 0948 aliide - ok
15:11:18.0572 0948 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:11:18.0587 0948 amdagp - ok
15:11:18.0618 0948 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:11:18.0634 0948 amdide - ok
15:11:18.0665 0948 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:11:18.0696 0948 AmdK8 - ok
15:11:18.0696 0948 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:11:18.0743 0948 AmdPPM - ok
15:11:18.0790 0948 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:11:18.0806 0948 amdsata - ok
15:11:18.0821 0948 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:11:18.0837 0948 amdsbs - ok
15:11:18.0868 0948 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:11:18.0884 0948 amdxata - ok
15:11:18.0930 0948 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:11:18.0977 0948 AppID - ok
15:11:19.0024 0948 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:11:19.0086 0948 AppIDSvc - ok
15:11:19.0149 0948 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:11:19.0196 0948 Appinfo - ok
15:11:19.0242 0948 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
15:11:19.0289 0948 AppMgmt - ok
15:11:19.0320 0948 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:11:19.0336 0948 arc - ok
15:11:19.0352 0948 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:11:19.0367 0948 arcsas - ok
15:11:19.0398 0948 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:11:19.0445 0948 AsyncMac - ok
15:11:19.0476 0948 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:11:19.0508 0948 atapi - ok
15:11:19.0601 0948 [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr C:\Windows\system32\DRIVERS\athr.sys
15:11:19.0674 0948 athr - ok
15:11:19.0774 0948 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:11:19.0844 0948 AudioEndpointBuilder - ok
15:11:19.0884 0948 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:11:19.0933 0948 Audiosrv - ok
15:11:20.0000 0948 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:11:20.0042 0948 AxInstSV - ok
15:11:20.0125 0948 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:11:20.0166 0948 b06bdrv - ok
15:11:20.0215 0948 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:11:20.0238 0948 b57nd60x - ok
15:11:20.0360 0948 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
15:11:20.0384 0948 BBSvc - ok
15:11:20.0430 0948 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
15:11:20.0450 0948 BBUpdate - ok
15:11:20.0470 0948 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:11:20.0510 0948 BDESVC - ok
15:11:20.0540 0948 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:11:20.0600 0948 Beep - ok
15:11:20.0670 0948 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:11:20.0720 0948 BFE - ok
15:11:20.0950 0948 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx86.sys
15:11:21.0000 0948 BHDrvx86 - ok
15:11:21.0060 0948 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:11:21.0100 0948 BITS - ok
15:11:21.0120 0948 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:11:21.0150 0948 blbdrive - ok
15:11:21.0190 0948 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:11:21.0220 0948 bowser - ok
15:11:21.0240 0948 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:11:21.0280 0948 BrFiltLo - ok
15:11:21.0290 0948 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:11:21.0350 0948 BrFiltUp - ok
15:11:21.0410 0948 [ D3FACB34FFF5DB91ADB70987838F8BA7 ] Brother XP spl Service C:\Windows\system32\brsvc01a.exe
15:11:21.0430 0948 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - warning
15:11:21.0430 0948 Brother XP spl Service - detected UnsignedFile.Multi.Generic (1)
15:11:21.0470 0948 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:11:21.0500 0948 Browser - ok
15:11:21.0570 0948 [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
15:11:21.0600 0948 BrSerIb ( UnsignedFile.Multi.Generic ) - warning
15:11:21.0600 0948 BrSerIb - detected UnsignedFile.Multi.Generic (1)
15:11:21.0630 0948 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:11:21.0670 0948 Brserid - ok
15:11:21.0690 0948 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:11:21.0710 0948 BrSerWdm - ok
15:11:21.0725 0948 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:11:21.0741 0948 BrUsbMdm - ok
15:11:21.0756 0948 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:11:21.0788 0948 BrUsbSer - ok
15:11:21.0819 0948 [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
15:11:21.0834 0948 BrUsbSIb ( UnsignedFile.Multi.Generic ) - warning
15:11:21.0834 0948 BrUsbSIb - detected UnsignedFile.Multi.Generic (1)
15:11:21.0850 0948 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:11:21.0897 0948 BTHMODEM - ok
15:11:21.0928 0948 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:11:21.0975 0948 bthserv - ok
15:11:22.0115 0948 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1309000.009\ccSetx86.sys
15:11:22.0131 0948 ccSet_NIS - ok
15:11:22.0162 0948 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:11:22.0209 0948 cdfs - ok
15:11:22.0271 0948 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:11:22.0287 0948 cdrom - ok
15:11:22.0334 0948 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:11:22.0380 0948 CertPropSvc - ok
15:11:22.0396 0948 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:11:22.0427 0948 circlass - ok
15:11:22.0458 0948 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:11:22.0474 0948 CLFS - ok
15:11:22.0552 0948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:22.0583 0948 clr_optimization_v2.0.50727_32 - ok
15:11:22.0661 0948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:11:22.0692 0948 clr_optimization_v4.0.30319_32 - ok
15:11:22.0708 0948 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:22.0724 0948 CmBatt - ok
15:11:22.0739 0948 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:11:22.0755 0948 cmdide - ok
15:11:22.0802 0948 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
15:11:22.0833 0948 CNG - ok
15:11:22.0864 0948 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:11:22.0880 0948 Compbatt - ok
15:11:22.0926 0948 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:11:22.0973 0948 CompositeBus - ok
15:11:22.0989 0948 COMSysApp - ok
15:11:23.0020 0948 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:11:23.0036 0948 crcdisk - ok
15:11:23.0082 0948 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:11:23.0129 0948 CryptSvc - ok
15:11:23.0160 0948 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
15:11:23.0192 0948 CSC - ok
15:11:23.0223 0948 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
15:11:23.0254 0948 CscService - ok
15:11:23.0301 0948 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:11:23.0348 0948 DcomLaunch - ok
15:11:23.0379 0948 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:11:23.0426 0948 defragsvc - ok
15:11:23.0457 0948 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:11:23.0535 0948 DfsC - ok
15:11:23.0613 0948 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:11:23.0675 0948 Dhcp - ok
15:11:23.0691 0948 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:11:23.0738 0948 discache - ok
15:11:23.0769 0948 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:11:23.0784 0948 Disk - ok
15:11:23.0831 0948 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:11:23.0878 0948 Dnscache - ok
15:11:23.0925 0948 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:11:23.0972 0948 dot3svc - ok
15:11:24.0018 0948 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:11:24.0096 0948 DPS - ok
15:11:24.0143 0948 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:11:24.0174 0948 drmkaud - ok
15:11:24.0237 0948 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:11:24.0268 0948 DXGKrnl - ok
15:11:24.0299 0948 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:11:24.0346 0948 EapHost - ok
15:11:24.0455 0948 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:11:24.0533 0948 ebdrv - ok
15:11:24.0611 0948 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:11:24.0658 0948 eeCtrl - ok
15:11:24.0689 0948 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:11:24.0720 0948 EFS - ok
15:11:24.0798 0948 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:11:24.0830 0948 ehRecvr - ok
15:11:24.0861 0948 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:11:24.0892 0948 ehSched - ok
15:11:24.0954 0948 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:11:24.0986 0948 elxstor - ok
15:11:25.0048 0948 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:11:25.0064 0948 EraserUtilRebootDrv - ok
15:11:25.0095 0948 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:11:25.0126 0948 ErrDev - ok
15:11:25.0157 0948 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:11:25.0204 0948 EventSystem - ok
15:11:25.0235 0948 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:11:25.0344 0948 exfat - ok
15:11:25.0407 0948 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:11:25.0516 0948 fastfat - ok
15:11:25.0578 0948 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:11:25.0641 0948 Fax - ok
15:11:25.0672 0948 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:11:25.0688 0948 fdc - ok
15:11:25.0719 0948 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:11:25.0766 0948 fdPHost - ok
15:11:25.0781 0948 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:11:25.0812 0948 FDResPub - ok
15:11:25.0844 0948 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:11:25.0859 0948 FileInfo - ok
15:11:25.0890 0948 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:11:25.0937 0948 Filetrace - ok
15:11:25.0953 0948 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:25.0984 0948 flpydisk - ok
15:11:26.0015 0948 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:11:26.0031 0948 FltMgr - ok
15:11:26.0078 0948 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
15:11:26.0124 0948 FontCache - ok
15:11:26.0202 0948 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:11:26.0218 0948 FontCache3.0.0.0 - ok
15:11:26.0234 0948 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:11:26.0249 0948 FsDepends - ok
15:11:26.0312 0948 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:11:26.0343 0948 fssfltr - ok
15:11:26.0452 0948 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:11:26.0499 0948 fsssvc - ok
15:11:26.0546 0948 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:11:26.0561 0948 Fs_Rec - ok
15:11:26.0608 0948 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:11:26.0655 0948 fvevol - ok
15:11:26.0686 0948 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:11:26.0702 0948 gagp30kx - ok
15:11:26.0811 0948 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
15:11:26.0826 0948 giveio ( UnsignedFile.Multi.Generic ) - warning
15:11:26.0826 0948 giveio - detected UnsignedFile.Multi.Generic (1)
15:11:26.0889 0948 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:11:26.0951 0948 gpsvc - ok
15:11:27.0092 0948 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:11:27.0123 0948 gupdate - ok
15:11:27.0138 0948 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:11:27.0170 0948 gupdatem - ok
15:11:27.0201 0948 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:11:27.0232 0948 gusvc - ok
15:11:27.0248 0948 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:11:27.0279 0948 hcw85cir - ok
15:11:27.0326 0948 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:11:27.0388 0948 HdAudAddService - ok
15:11:27.0435 0948 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:11:27.0482 0948 HDAudBus - ok
15:11:27.0513 0948 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:11:27.0544 0948 HidBatt - ok
15:11:27.0575 0948 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:11:27.0591 0948 HidBth - ok
15:11:27.0622 0948 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:11:27.0653 0948 HidIr - ok
15:11:27.0684 0948 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:11:27.0762 0948 hidserv - ok
15:11:27.0872 0948 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:11:27.0903 0948 HidUsb - ok
15:11:27.0965 0948 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:11:28.0028 0948 hkmsvc - ok
15:11:28.0043 0948 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:11:28.0074 0948 HomeGroupListener - ok
15:11:28.0121 0948 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:11:28.0184 0948 HomeGroupProvider - ok
15:11:28.0230 0948 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:11:28.0262 0948 HpSAMD - ok
15:11:28.0324 0948 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:11:28.0355 0948 HTTP - ok
15:11:28.0371 0948 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:11:28.0386 0948 hwpolicy - ok
15:11:28.0433 0948 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:11:28.0480 0948 i8042prt - ok
15:11:28.0542 0948 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:11:28.0558 0948 iaStorV - ok
15:11:28.0652 0948 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:11:28.0698 0948 idsvc - ok
15:11:28.0808 0948 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130104.001\IDSvix86.sys
15:11:28.0839 0948 IDSVix86 - ok
15:11:29.0135 0948 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:11:29.0338 0948 igfx - ok
15:11:29.0385 0948 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:11:29.0400 0948 iirsp - ok
15:11:29.0447 0948 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:11:29.0513 0948 IKEEXT - ok
15:11:29.0563 0948 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:11:29.0583 0948 intelide - ok
15:11:29.0613 0948 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:11:29.0653 0948 intelppm - ok
15:11:29.0673 0948 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:11:29.0703 0948 IPBusEnum - ok
15:11:29.0723 0948 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:29.0763 0948 IpFilterDriver - ok
15:11:29.0803 0948 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:11:29.0863 0948 iphlpsvc - ok
15:11:29.0913 0948 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:11:29.0943 0948 IPMIDRV - ok
15:11:29.0963 0948 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:11:30.0013 0948 IPNAT - ok
15:11:30.0043 0948 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:11:30.0063 0948 IRENUM - ok
15:11:30.0083 0948 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:11:30.0093 0948 isapnp - ok
15:11:30.0133 0948 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:11:30.0153 0948 iScsiPrt - ok
15:11:30.0183 0948 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:30.0203 0948 kbdclass - ok
15:11:30.0223 0948 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:30.0253 0948 kbdhid - ok
15:11:30.0273 0948 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:11:30.0293 0948 KeyIso - ok
15:11:30.0333 0948 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:11:30.0353 0948 KSecDD - ok
15:11:30.0373 0948 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:11:30.0393 0948 KSecPkg - ok
15:11:30.0413 0948 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:11:30.0463 0948 KtmRm - ok
15:11:30.0503 0948 [ F7CDABA15C7E853F0A11AF6D77FCA990 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys
15:11:30.0543 0948 L1E - ok
15:11:30.0613 0948 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:11:30.0653 0948 LanmanServer - ok
15:11:30.0703 0948 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:11:30.0763 0948 LanmanWorkstation - ok
15:11:30.0813 0948 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:11:30.0853 0948 lltdio - ok
15:11:30.0913 0948 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:11:30.0983 0948 lltdsvc - ok
15:11:30.0993 0948 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:11:31.0033 0948 lmhosts - ok
15:11:31.0073 0948 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:11:31.0093 0948 LSI_FC - ok
15:11:31.0113 0948 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:11:31.0123 0948 LSI_SAS - ok
15:11:31.0163 0948 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:11:31.0183 0948 LSI_SAS2 - ok
15:11:31.0203 0948 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:11:31.0213 0948 LSI_SCSI - ok
15:11:31.0233 0948 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:11:31.0263 0948 luafv - ok
15:11:31.0343 0948 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
15:11:31.0363 0948 McComponentHostService - ok
15:11:31.0393 0948 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:11:31.0413 0948 Mcx2Svc - ok
15:11:31.0443 0948 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:11:31.0453 0948 megasas - ok
15:11:31.0483 0948 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:11:31.0503 0948 MegaSR - ok
15:11:31.0523 0948 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:11:31.0558 0948 MMCSS - ok
15:11:31.0590 0948 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:11:31.0621 0948 Modem - ok
15:11:31.0668 0948 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:11:31.0683 0948 monitor - ok
15:11:31.0730 0948 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:11:31.0746 0948 mouclass - ok
15:11:31.0777 0948 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:11:31.0808 0948 mouhid - ok
15:11:31.0839 0948 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:11:31.0855 0948 mountmgr - ok
15:11:31.0948 0948 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:11:31.0980 0948 MozillaMaintenance - ok
15:11:32.0011 0948 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:11:32.0026 0948 mpio - ok
15:11:32.0058 0948 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:11:32.0104 0948 mpsdrv - ok
15:11:32.0151 0948 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:11:32.0198 0948 MpsSvc - ok
15:11:32.0234 0948 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:11:32.0264 0948 MRxDAV - ok
15:11:32.0284 0948 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:11:32.0304 0948 mrxsmb - ok
15:11:32.0364 0948 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:11:32.0404 0948 mrxsmb10 - ok
15:11:32.0444 0948 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:11:32.0474 0948 mrxsmb20 - ok
15:11:32.0504 0948 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:11:32.0524 0948 msahci - ok
15:11:32.0544 0948 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:11:32.0564 0948 msdsm - ok
15:11:32.0584 0948 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:11:32.0614 0948 MSDTC - ok
15:11:32.0654 0948 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:11:32.0684 0948 Msfs - ok
15:11:32.0694 0948 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:11:32.0734 0948 mshidkmdf - ok
15:11:32.0764 0948 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:11:32.0794 0948 msisadrv - ok
15:11:32.0834 0948 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:11:32.0924 0948 MSiSCSI - ok
15:11:32.0934 0948 msiserver - ok
15:11:32.0964 0948 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:11:33.0004 0948 MSKSSRV - ok
15:11:33.0024 0948 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:11:33.0064 0948 MSPCLOCK - ok
15:11:33.0084 0948 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:11:33.0134 0948 MSPQM - ok
15:11:33.0154 0948 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:11:33.0174 0948 MsRPC - ok
15:11:33.0214 0948 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:11:33.0224 0948 mssmbios - ok
15:11:33.0264 0948 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:11:33.0294 0948 MSTEE - ok
15:11:33.0314 0948 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:11:33.0344 0948 MTConfig - ok
15:11:33.0374 0948 [ BB16693616427EAC1A436E106EA8D318 ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
15:11:33.0394 0948 MTsensor - ok
15:11:33.0404 0948 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:11:33.0414 0948 Mup - ok
15:11:33.0464 0948 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:11:33.0534 0948 napagent - ok
15:11:33.0594 0948 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:11:33.0614 0948 NativeWifiP - ok
15:11:33.0704 0948 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130104.032\NAVENG.SYS
15:11:33.0724 0948 NAVENG - ok
15:11:33.0794 0948 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130104.032\NAVEX15.SYS
15:11:33.0834 0948 NAVEX15 - ok
15:11:33.0934 0948 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:11:33.0974 0948 NDIS - ok
15:11:34.0004 0948 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:11:34.0064 0948 NdisCap - ok
15:11:34.0094 0948 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:11:34.0134 0948 NdisTapi - ok
15:11:34.0164 0948 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:11:34.0194 0948 Ndisuio - ok
15:11:34.0224 0948 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:11:34.0264 0948 NdisWan - ok
15:11:34.0294 0948 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:11:34.0344 0948 NDProxy - ok
15:11:34.0444 0948 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:11:34.0494 0948 Nero BackItUp Scheduler 4.0 - ok
15:11:34.0524 0948 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:11:34.0564 0948 NetBIOS - ok
15:11:34.0614 0948 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:11:34.0655 0948 NetBT - ok
15:11:34.0670 0948 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:11:34.0686 0948 Netlogon - ok
15:11:34.0733 0948 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:11:34.0764 0948 Netman - ok
15:11:34.0795 0948 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:11:34.0842 0948 netprofm - ok
15:11:34.0889 0948 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:11:34.0904 0948 NetTcpPortSharing - ok
15:11:34.0936 0948 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:11:34.0951 0948 nfrd960 - ok
15:11:35.0060 0948 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
15:11:35.0092 0948 NIS - ok
15:11:35.0138 0948 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:11:35.0201 0948 NlaSvc - ok
15:11:35.0232 0948 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:11:35.0279 0948 Npfs - ok
15:11:35.0310 0948 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:11:35.0341 0948 nsi - ok
15:11:35.0357 0948 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:11:35.0388 0948 nsiproxy - ok
15:11:35.0450 0948 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:11:35.0497 0948 Ntfs - ok
15:11:35.0513 0948 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:11:35.0575 0948 Null - ok
15:11:35.0638 0948 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:11:35.0653 0948 nvraid - ok
15:11:35.0684 0948 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:11:35.0700 0948 nvstor - ok
15:11:35.0731 0948 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:11:35.0747 0948 nv_agp - ok
15:11:35.0840 0948 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:11:35.0872 0948 odserv - ok
15:11:35.0918 0948 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:11:35.0934 0948 ohci1394 - ok
15:11:35.0965 0948 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:11:35.0981 0948 ose - ok
15:11:36.0012 0948 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:11:36.0043 0948 p2pimsvc - ok
15:11:36.0074 0948 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:11:36.0121 0948 p2psvc - ok
15:11:36.0137 0948 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:11:36.0168 0948 Parport - ok
15:11:36.0199 0948 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:11:36.0215 0948 partmgr - ok
15:11:36.0230 0948 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:11:36.0262 0948 Parvdm - ok
15:11:36.0293 0948 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:11:36.0308 0948 PcaSvc - ok
15:11:36.0340 0948 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:11:36.0371 0948 pci - ok
15:11:36.0386 0948 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:11:36.0402 0948 pciide - ok
15:11:36.0433 0948 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:11:36.0449 0948 pcmcia - ok
15:11:36.0464 0948 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:11:36.0480 0948 pcw - ok
15:11:36.0574 0948 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
15:11:36.0589 0948 PDFProFiltSrvPP - ok
15:11:36.0620 0948 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:11:36.0667 0948 PEAUTH - ok
15:11:36.0714 0948 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:11:36.0776 0948 PeerDistSvc - ok
15:11:36.0854 0948 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:11:36.0932 0948 pla - ok
15:11:37.0026 0948 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:11:37.0057 0948 PlugPlay - ok
15:11:37.0088 0948 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:11:37.0135 0948 PNRPAutoReg - ok
15:11:37.0151 0948 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:11:37.0166 0948 PNRPsvc - ok
15:11:37.0213 0948 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:11:37.0276 0948 PolicyAgent - ok
15:11:37.0307 0948 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:11:37.0338 0948 Power - ok
15:11:37.0369 0948 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:11:37.0416 0948 PptpMiniport - ok
15:11:37.0432 0948 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:11:37.0463 0948 Processor - ok
15:11:37.0510 0948 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:11:37.0541 0948 ProfSvc - ok
15:11:37.0556 0948 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:11:37.0572 0948 ProtectedStorage - ok
15:11:37.0603 0948 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:11:37.0634 0948 Psched - ok
15:11:37.0697 0948 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
15:11:37.0728 0948 PSI - ok
15:11:37.0775 0948 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:11:37.0822 0948 ql2300 - ok
15:11:37.0837 0948 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:11:37.0853 0948 ql40xx - ok
15:11:37.0900 0948 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:11:37.0931 0948 QWAVE - ok
15:11:37.0962 0948 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:11:37.0993 0948 QWAVEdrv - ok
15:11:38.0009 0948 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:11:38.0056 0948 RasAcd - ok
15:11:38.0087 0948 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:11:38.0118 0948 RasAgileVpn - ok
15:11:38.0149 0948 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:11:38.0180 0948 RasAuto - ok
15:11:38.0196 0948 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:11:38.0243 0948 Rasl2tp - ok
15:11:38.0290 0948 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:11:38.0336 0948 RasMan - ok
15:11:38.0368 0948 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:11:38.0414 0948 RasPppoe - ok
15:11:38.0430 0948 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:11:38.0461 0948 RasSstp - ok
15:11:38.0508 0948 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:11:38.0555 0948 rdbss - ok
15:11:38.0586 0948 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:11:38.0602 0948 rdpbus - ok
15:11:38.0648 0948 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:11:38.0695 0948 RDPCDD - ok
15:11:38.0726 0948 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:11:38.0742 0948 RDPDR - ok
15:11:38.0773 0948 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:11:38.0836 0948 RDPENCDD - ok
15:11:38.0882 0948 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:11:38.0929 0948 RDPREFMP - ok
15:11:38.0960 0948 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:11:38.0992 0948 RDPWD - ok
15:11:39.0038 0948 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:11:39.0054 0948 rdyboost - ok
15:11:39.0070 0948 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:11:39.0116 0948 RemoteAccess - ok
15:11:39.0163 0948 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:11:39.0194 0948 RemoteRegistry - ok
15:11:39.0226 0948 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:11:39.0272 0948 RpcEptMapper - ok
15:11:39.0288 0948 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:11:39.0304 0948 RpcLocator - ok
15:11:39.0335 0948 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:11:39.0366 0948 RpcSs - ok
15:11:39.0412 0948 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:11:39.0442 0948 rspndr - ok
15:11:39.0472 0948 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:11:39.0522 0948 s3cap - ok
15:11:39.0542 0948 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:11:39.0562 0948 SamSs - ok
15:11:39.0592 0948 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:11:39.0612 0948 sbp2port - ok
15:11:39.0642 0948 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:11:39.0682 0948 SCardSvr - ok
15:11:39.0712 0948 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:11:39.0752 0948 scfilter - ok
15:11:39.0802 0948 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:11:39.0852 0948 Schedule - ok
15:11:39.0902 0948 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:11:39.0932 0948 SCPolicySvc - ok
15:11:39.0982 0948 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:11:40.0012 0948 SDRSVC - ok
15:11:40.0062 0948 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:11:40.0092 0948 secdrv - ok
15:11:40.0112 0948 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:11:40.0152 0948 seclogon - ok
15:11:40.0252 0948 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
15:11:40.0282 0948 Secunia PSI Agent - ok
15:11:40.0322 0948 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
15:11:40.0342 0948 Secunia Update Agent - ok
15:11:40.0362 0948 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:11:40.0412 0948 SENS - ok
15:11:40.0442 0948 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:11:40.0462 0948 SensrSvc - ok
15:11:40.0482 0948 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:11:40.0512 0948 Serenum - ok
15:11:40.0532 0948 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:11:40.0562 0948 Serial - ok
15:11:40.0582 0948 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:11:40.0602 0948 sermouse - ok
15:11:40.0652 0948 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:11:40.0682 0948 SessionEnv - ok
15:11:40.0722 0948 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:11:40.0752 0948 sffdisk - ok
15:11:40.0772 0948 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:11:40.0792 0948 sffp_mmc - ok
15:11:40.0802 0948 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:11:40.0822 0948 sffp_sd - ok
15:11:40.0842 0948 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:11:40.0862 0948 sfloppy - ok
15:11:40.0942 0948 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:11:41.0002 0948 SharedAccess - ok
15:11:41.0032 0948 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:11:41.0082 0948 ShellHWDetection - ok
15:11:41.0112 0948 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:11:41.0132 0948 sisagp - ok
15:11:41.0172 0948 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:11:41.0182 0948 SiSRaid2 - ok
15:11:41.0202 0948 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:11:41.0222 0948 SiSRaid4 - ok
15:11:41.0232 0948 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:11:41.0262 0948 Smb - ok
15:11:41.0302 0948 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:11:41.0322 0948 SNMPTRAP - ok
15:11:41.0392 0948 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
15:11:41.0422 0948 speedfan - ok
15:11:41.0442 0948 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:11:41.0452 0948 spldr - ok
15:11:41.0493 0948 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:11:41.0555 0948 Spooler - ok
15:11:41.0680 0948 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:11:41.0805 0948 sppsvc - ok
15:11:41.0836 0948 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:11:41.0898 0948 sppuinotify - ok
15:11:42.0039 0948 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1309000.009\SRTSP.SYS
15:11:42.0086 0948 SRTSP - ok
15:11:42.0132 0948 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1309000.009\SRTSPX.SYS
15:11:42.0148 0948 SRTSPX - ok
15:11:42.0164 0948 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:11:42.0195 0948 srv - ok
15:11:42.0226 0948 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:11:42.0273 0948 srv2 - ok
15:11:42.0304 0948 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:11:42.0320 0948 srvnet - ok
15:11:42.0351 0948 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:11:42.0413 0948 SSDPSRV - ok
15:11:42.0429 0948 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:11:42.0476 0948 SstpSvc - ok
15:11:42.0507 0948 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:11:42.0522 0948 stexstor - ok
15:11:42.0569 0948 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:11:42.0616 0948 StiSvc - ok
15:11:42.0663 0948 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:11:42.0678 0948 storflt - ok
15:11:42.0710 0948 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
15:11:42.0741 0948 StorSvc - ok
15:11:42.0772 0948 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:11:42.0788 0948 storvsc - ok
15:11:42.0819 0948 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:11:42.0850 0948 swenum - ok
15:11:42.0912 0948 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:11:42.0959 0948 swprv - ok
15:11:43.0037 0948 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1309000.009\SYMDS.SYS
15:11:43.0068 0948 SymDS - ok
15:11:43.0146 0948 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS
15:11:43.0162 0948 SymEFA - ok
15:11:43.0224 0948 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
15:11:43.0240 0948 SymEvent - ok
15:11:43.0271 0948 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1309000.009\Ironx86.SYS
15:11:43.0287 0948 SymIRON - ok
15:11:43.0318 0948 [ 3EE215D6FE821E3EDF0F7134D9AE905A ] SymNetS C:\Windows\System32\Drivers\NIS\1309000.009\SYMNETS.SYS
15:11:43.0349 0948 SymNetS - ok
15:11:43.0412 0948 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:11:43.0443 0948 SysMain - ok
15:11:43.0474 0948 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:11:43.0505 0948 TabletInputService - ok
15:11:43.0552 0948 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:11:43.0599 0948 TapiSrv - ok
15:11:43.0630 0948 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:11:43.0677 0948 TBS - ok
15:11:43.0739 0948 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:11:43.0770 0948 Tcpip - ok
15:11:43.0833 0948 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:11:43.0864 0948 TCPIP6 - ok
15:11:43.0958 0948 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:11:44.0051 0948 tcpipreg - ok
15:11:44.0159 0948 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:11:44.0259 0948 TDPIPE - ok
15:11:44.0329 0948 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:11:44.0359 0948 TDTCP - ok
15:11:44.0389 0948 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:11:44.0429 0948 tdx - ok
15:11:44.0449 0948 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:11:44.0479 0948 TermDD - ok
15:11:44.0529 0948 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:11:44.0589 0948 TermService - ok
15:11:44.0609 0948 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:11:44.0649 0948 Themes - ok
15:11:44.0679 0948 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:11:44.0719 0948 THREADORDER - ok
15:11:44.0739 0948 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:11:44.0789 0948 TrkWks - ok
15:11:44.0859 0948 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:11:44.0959 0948 TrustedInstaller - ok
15:11:44.0989 0948 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:11:45.0029 0948 tssecsrv - ok
15:11:45.0079 0948 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:11:45.0099 0948 TsUsbFlt - ok
15:11:45.0179 0948 [ C1A64414DB4E49D41D9DF9359ED9369B ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
15:11:45.0209 0948 TuneUp.Defrag - ok
15:11:45.0249 0948 [ DC653CF2D70827C4EBC2B157DA25CF57 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
15:11:45.0289 0948 TuneUp.UtilitiesSvc - ok
15:11:45.0329 0948 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
15:11:45.0349 0948 TuneUpUtilitiesDrv - ok
15:11:45.0399 0948 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:11:45.0439 0948 tunnel - ok
15:11:45.0469 0948 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:11:45.0479 0948 uagp35 - ok
15:11:45.0509 0948 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:11:45.0549 0948 udfs - ok
15:11:45.0579 0948 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:11:45.0609 0948 UI0Detect - ok
15:11:45.0659 0948 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:11:45.0679 0948 uliagpkx - ok
15:11:45.0689 0948 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
15:11:45.0709 0948 umbus - ok
15:11:45.0739 0948 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:11:45.0759 0948 UmPass - ok
15:11:45.0799 0948 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
15:11:45.0829 0948 UmRdpService - ok
15:11:45.0899 0948 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:11:45.0959 0948 upnphost - ok
15:11:46.0029 0948 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:11:46.0069 0948 usbaudio - ok
15:11:46.0109 0948 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:11:46.0139 0948 usbccgp - ok
15:11:46.0159 0948 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:11:46.0189 0948 usbcir - ok
15:11:46.0229 0948 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:11:46.0249 0948 usbehci - ok
15:11:46.0279 0948 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:11:46.0319 0948 usbhub - ok
15:11:46.0359 0948 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:11:46.0389 0948 usbohci - ok
15:11:46.0429 0948 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:11:46.0449 0948 usbprint - ok
15:11:46.0489 0948 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:11:46.0519 0948 usbscan - ok
15:11:46.0539 0948 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:11:46.0569 0948 USBSTOR - ok
15:11:46.0599 0948 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:11:46.0629 0948 usbuhci - ok
15:11:46.0689 0948 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:11:46.0709 0948 usbvideo - ok
15:11:46.0739 0948 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:11:46.0789 0948 UxSms - ok
15:11:46.0849 0948 [ DC2172ACCB384C6A3D59342050422102 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
15:11:46.0859 0948 UxTuneUp - ok
15:11:46.0909 0948 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:11:46.0929 0948 VaultSvc - ok
15:11:46.0949 0948 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:11:46.0969 0948 vdrvroot - ok
15:11:47.0009 0948 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:11:47.0059 0948 vds - ok
15:11:47.0079 0948 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:11:47.0119 0948 vga - ok
15:11:47.0149 0948 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:11:47.0199 0948 VgaSave - ok
15:11:47.0239 0948 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:11:47.0259 0948 vhdmp - ok
15:11:47.0289 0948 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:11:47.0309 0948 viaagp - ok
15:11:47.0339 0948 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:11:47.0369 0948 ViaC7 - ok
15:11:47.0389 0948 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:11:47.0399 0948 viaide - ok
15:11:47.0429 0948 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:11:47.0449 0948 vmbus - ok
15:11:47.0485 0948 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:11:47.0532 0948 VMBusHID - ok
15:11:47.0547 0948 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:11:47.0563 0948 volmgr - ok
15:11:47.0610 0948 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:11:47.0625 0948 volmgrx - ok
15:11:47.0641 0948 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:11:47.0672 0948 volsnap - ok
15:11:47.0688 0948 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:11:47.0703 0948 vsmraid - ok
15:11:47.0781 0948 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:11:47.0847 0948 VSS - ok
15:11:47.0867 0948 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:11:47.0897 0948 vwifibus - ok
15:11:47.0917 0948 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:11:47.0937 0948 vwififlt - ok
15:11:47.0967 0948 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:11:47.0997 0948 vwifimp - ok
15:11:48.0027 0948 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:11:48.0077 0948 W32Time - ok
15:11:48.0097 0948 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:11:48.0127 0948 WacomPen - ok
15:11:48.0157 0948 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:11:48.0207 0948 WANARP - ok
15:11:48.0207 0948 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:11:48.0237 0948 Wanarpv6 - ok
15:11:48.0297 0948 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:11:48.0357 0948 wbengine - ok
15:11:48.0387 0948 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:11:48.0427 0948 WbioSrvc - ok
15:11:48.0477 0948 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:11:48.0517 0948 wcncsvc - ok
15:11:48.0527 0948 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:11:48.0557 0948 WcsPlugInService - ok
15:11:48.0577 0948 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:11:48.0607 0948 Wd - ok
15:11:48.0637 0948 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:11:48.0657 0948 Wdf01000 - ok
15:11:48.0687 0948 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:11:48.0717 0948 WdiServiceHost - ok
15:11:48.0727 0948 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:11:48.0747 0948 WdiSystemHost - ok
15:11:48.0787 0948 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:11:48.0827 0948 WebClient - ok
15:11:48.0857 0948 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:11:48.0887 0948 Wecsvc - ok
15:11:48.0897 0948 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:11:48.0947 0948 wercplsupport - ok
15:11:48.0987 0948 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:11:49.0027 0948 WerSvc - ok
15:11:49.0047 0948 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:11:49.0077 0948 WfpLwf - ok
15:11:49.0097 0948 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:11:49.0117 0948 WIMMount - ok
15:11:49.0187 0948 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:11:49.0237 0948 WinDefend - ok
15:11:49.0247 0948 WinHttpAutoProxySvc - ok
15:11:49.0317 0948 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:11:49.0377 0948 Winmgmt - ok
15:11:49.0427 0948 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:11:49.0497 0948 WinRM - ok
15:11:49.0557 0948 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:11:49.0607 0948 WinUsb - ok
15:11:49.0657 0948 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:11:49.0707 0948 Wlansvc - ok
15:11:49.0807 0948 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:11:49.0827 0948 wlcrasvc - ok
15:11:49.0897 0948 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:11:49.0947 0948 wlidsvc - ok
15:11:49.0997 0948 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:11:50.0077 0948 WmiAcpi - ok
15:11:50.0207 0948 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:11:50.0317 0948 wmiApSrv - ok
15:11:50.0437 0948 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:11:50.0507 0948 WMPNetworkSvc - ok
15:11:50.0547 0948 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:11:50.0577 0948 WPCSvc - ok
15:11:50.0617 0948 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:11:50.0657 0948 WPDBusEnum - ok
15:11:50.0677 0948 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:11:50.0727 0948 ws2ifsl - ok
15:11:50.0747 0948 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:11:50.0777 0948 wscsvc - ok
15:11:50.0787 0948 WSearch - ok
15:11:50.0877 0948 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:11:50.0947 0948 wuauserv - ok
15:11:50.0967 0948 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:11:50.0997 0948 WudfPf - ok
15:11:51.0057 0948 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:11:51.0107 0948 WUDFRd - ok
15:11:51.0157 0948 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:11:51.0187 0948 wudfsvc - ok
15:11:51.0217 0948 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:11:51.0267 0948 WwanSvc - ok
15:11:51.0287 0948 ================ Scan global ===============================
15:11:51.0297 0948 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:11:51.0337 0948 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
15:11:51.0347 0948 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
15:11:51.0377 0948 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:11:51.0417 0948 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:11:51.0417 0948 [Global] - ok
15:11:51.0417 0948 ================ Scan MBR ==================================
15:11:51.0427 0948 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:11:51.0767 0948 \Device\Harddisk0\DR0 - ok
15:11:51.0767 0948 ================ Scan VBR ==================================
15:11:51.0767 0948 [ 9E48FF4070EE57A6C780D28443A33FE8 ] \Device\Harddisk0\DR0\Partition1
15:11:51.0777 0948 \Device\Harddisk0\DR0\Partition1 - ok
15:11:51.0812 0948 [ 4A180547082BED1300CBE705C3912090 ] \Device\Harddisk0\DR0\Partition2
15:11:51.0812 0948 \Device\Harddisk0\DR0\Partition2 - ok
15:11:51.0828 0948 [ 69270325DA39E7F072E686D804F6885C ] \Device\Harddisk0\DR0\Partition3
15:11:51.0828 0948 \Device\Harddisk0\DR0\Partition3 - ok
15:11:51.0828 0948 ============================================================
15:11:51.0828 0948 Scan finished
15:11:51.0828 0948 ============================================================
15:11:51.0859 1328 Detected object count: 4
15:11:51.0859 1328 Actual detected object count: 4
15:12:02.0639 1328 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0639 1328 Brother XP spl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:02.0639 1328 BrSerIb ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0639 1328 BrSerIb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:02.0654 1328 BrUsbSIb ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0654 1328 BrUsbSIb ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:12:02.0654 1328 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
15:12:02.0654 1328 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.01.2013, 15:15
| #4 | |
| /// Malware-holic | PUP.Adware.Agent gefunden Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.01.2013, 15:36
| #5 |
| | PUP.Adware.Agent gefunden Hier die Combofix-Datei: Code:
ATTFilter ComboFix 13-01-05.01 - *** 05.01.2013 15:21:43.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3037.1668 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-05 bis 2013-01-05 ))))))))))))))))))))))))))))))
.
.
2013-01-05 14:28 . 2013-01-05 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 14:28 . 2013-01-05 14:28 -------- d-----w- c:\users\***.Notebook\AppData\Local\temp
2013-01-05 13:11 . 2013-01-05 13:11 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-01-03 07:58 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-03 07:58 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 18:41 . 2012-12-13 18:41 -------- d-----w- c:\program files\Yontoo
2012-12-13 18:41 . 2012-12-13 18:41 -------- d-----w- c:\programdata\Tarma Installer
2012-12-13 18:38 . 2012-12-13 18:38 -------- d-----w- c:\programdata\Premium
2012-12-13 18:38 . 2012-12-13 18:38 -------- d-----w- c:\programdata\InstallMate
2012-12-13 15:03 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-09 18:29 . 2012-12-09 18:56 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2011-12-11 15:40 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 15:06 . 2012-04-17 17:41 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 15:06 . 2011-05-22 07:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-05 08:21 . 2012-11-05 08:20 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-12-05 19:51 . 2012-12-05 19:51 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130104.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1309000.009\SYMNETS.SYS [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74142562
*NewlyCreated* - KWLDQPOW
*Deregistered* - 74142562
*Deregistered* - kwldqpow
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 15:06]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 13:20]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-12 13:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\
FF - prefs.js: browser.startup.homepage - hxxp://searchab.com/?aff=7&uid=330e31d1-4554-11e2-90f9-e0cb4e2f9eb4
FF - prefs.js: keyword.URL - hxxps://www.startpage.com/do/search?language=deutsch&cat=web&query=
FF - ExtSQL: 2012-12-13 19:41; torntv@torntv.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\extensions\torntv@torntv.com.xpi
FF - ExtSQL: 2012-12-13 19:41; plugin@yontoo.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\extensions\plugin@yontoo.com
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extentions.y2layers.installId - d10f58e9-b146-436e-b3ec-c77ba0b61fb3
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1035420632-523644624-95114637-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1035420632-523644624-95114637-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-05 15:30:15
ComboFix-quarantined-files.txt 2013-01-05 14:30
.
Vor Suchlauf: 7 Verzeichnis(se), 47.351.705.600 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 49.143.787.520 Bytes frei
.
- - End Of File - - 2D7C63C72AC6E0E985D6AC28607BE995
|
|
05.01.2013, 15:42
| #6 |
| /// Malware-holic | PUP.Adware.Agent gefunden Sieht soweit ok aus. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. öffne CCleaner, extras, liste der Autostart programme und poste sie bitte.
__________________ --> PUP.Adware.Agent gefunden |
|
05.01.2013, 15:53
| #7 |
| | PUP.Adware.Agent gefunden Uninstall list: Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 benötigt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.12.2012 6,00MB 11.5.502.135 benötigt Adobe Reader XI - Deutsch Adobe Systems Incorporated 05.11.2012 128MB 11.0.00 benötigt Adobe Shockwave Player 11.6 Adobe Systems, Inc. 01.11.2012 11.6.8.638 benötigt Bing Bar Microsoft Corporation 05.11.2012 464KB 7.1.391.0 nicht benötigt CCleaner Piriform 19.12.2012 3.26 benötigt Google Earth Google 18.05.2012 107MB 6.2.2.6613 benötigt Google Earth Plug-in Google 18.05.2012 48,7MB 6.2.2.6613 benötigt Intel(R) TV Wizard Intel Corporation 15.04.2010 unbekannt Java 7 Update 9 Oracle 02.09.2012 128MB 7.0.90 benötigt JavaFX 2.1.1 Oracle Corporation 01.08.2012 20,8MB 2.1.1 benötigt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 05.01.2013 18,4MB 1.70.0.1100 benötigt McAfee Security Scan Plus McAfee, Inc. 26.05.2010 8,30MB 2.0.181.2 nicht benötigt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Home and Student 2007 Microsoft Corporation 12.12.2011 12.0.6612.1000 benötigt Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.05.2012 508KB 2.0.4024.1 nicht benötigt Microsoft Silverlight Microsoft Corporation 18.05.2012 218MB 5.1.10411.0 benötigt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 20.10.2010 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 20.04.2010 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.59193 unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 05.12.2012 42,4MB 17.0.1 benötigt Mozilla Maintenance Service Mozilla 09.12.2012 329KB 17.0 benötigt Mozilla Thunderbird 17.0 (x86 de) Mozilla 09.12.2012 41,9MB 17.0 benötigt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.04.2010 35,0KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.04.2010 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 22.08.2012 1,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 24.08.2012 1,53MB 4.30.2114.0 unbekannt Nero 9 Essentials Nero AG 17.04.2010 nicht benötigt Norton Internet Security Symantec Corporation 28.01.2012 19.9.0.9 benötigt Nuance PaperPort 12 Nuance Communications, Inc. 22.08.2012 202MB 12.1.0000 benötigt Nuance PDF Viewer Plus Nuance Communications, Inc 22.08.2012 38,0MB 5.30.3290 benötigt PaperPort Image Printer Nuance Communications, Inc. 22.08.2012 521KB 1.00.0001 benötigt Picasa 3 Google, Inc. 21.01.2011 3.8 benötigt QuickTime Apple Inc. 10.06.2012 73,2MB 7.72.80.56 benötigt Secunia PSI (2.0.0.4003) Secunia 12.12.2011 3,47MB 2.0.0.4003 benötigt SpeedFan (remove only) 28.10.2012 benötigt Total Commander (Remove or Repair) Ghisler Software GmbH 16.04.2010 7.50a unbekannt TuneUp Utilities TuneUp Software 03.08.2012 9.0.6030.1 benötigt VLC media player 2.0.3 VideoLAN 16.10.2012 2.0.3 benötigt Windows Live Essentials Microsoft Corporation 20.10.2010 15.4.3502.0922 nicht benötigt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 20.10.2010 5,57MB 15.4.5722.2 unbekannt Yontoo 1.10.03 Yontoo LLC 07.10.2012 1,16MB 1.10.03 unbekannt Zylom Games Player Plugin Zylom Games 16.10.2012 nicht benötigt Code:
ATTFilter Ja HKCU:Run ISUSPM Acresso Corporation C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
Ja HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Ja HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Ja HKLM:Run IndexSearch Nuance Communications, Inc. "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
Ja HKLM:Run Logitech Download Assistant Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
Ja HKLM:Run PaperPort PTD Nuance Communications, Inc. "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
Ja HKLM:Run PDF5 Registry Controller Nuance Communications, Inc. C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
Ja HKLM:Run PDFHook Nuance Communications, Inc. C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
Ja HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Ja Startup Common McAfee Security Scan Plus.lnk McAfee, Inc. C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
|
|
05.01.2013, 19:40
| #8 |
| /// Malware-holic | PUP.Adware.Agent gefunden deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Bing McAfee Nero Secunia : aktualisieren wir später, erst mal weg Total Commander TuneUp : verzichte auf solchen Unsinn, einige Funktionen können dem PC schaden, oder bringen im besten Falle nichts. Windows Live : alle Yontoo Zylom Öffne CCleaner, analysieren, starten, PC neustarten. CCleaner Autostart liste: alle Haken raus außer: HotKeysCmds bei startup alle Haken raus. Norton: Anti Virus Software und Internet Security - Antivirussoftware | Norton Deutschland hohl dir mal dort Version 2013, die hast du noch nicht, Upgrade ist kostenlos. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 22:28
| #9 | ||
| | PUP.Adware.Agent gefunden Sorry für die späte Antwort, hab's nicht früher geschafft. Zitat:
Zitat:
Hier noch das Log: Code:
ATTFilter # AdwCleaner v2.104 - Datei am 06/01/2013 um 22:19:24 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\ProgramData\Tarma Installer
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\SweetIM
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\prefs.js
Gefunden : user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"tbx.t-online.de/ps/srp/o[...]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ac57sjml.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\***.Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\6qnhx6fh.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1968 octets] - [06/01/2013 22:19:24]
########## EOF - C:\AdwCleaner[R1].txt - [2028 octets] ##########
|
|
07.01.2013, 18:03
| #10 |
| /// Malware-holic | PUP.Adware.Agent gefunden Hi einfach die neue Version drüber instalieren, die Lizenz wird übernommen. Downloade Dir bitte AdwCleaner auf deinen Desktop.
Neustarten, testen, wie PC und Programme laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 18:29
| #11 |
| | PUP.Adware.Agent gefunden Hier das Log von Adwcleaner: Code:
ATTFilter # AdwCleaner v2.104 - Datei am 07/01/2013 um 22:15:19 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Tarma Installer
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SweetIM
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.ghostery.uiLog", "{\"type\":\"pixel_block\",\"ref\":\"tbx.t-online.de/ps/srp/o[...]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ac57sjml.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\***.Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\6qnhx6fh.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2097 octets] - [06/01/2013 22:19:24]
AdwCleaner[S1].txt - [2167 octets] - [07/01/2013 22:15:19]
########## EOF - C:\AdwCleaner[S1].txt - [2227 octets] ##########
|
|
08.01.2013, 18:41
| #12 |
| /// Malware-holic | PUP.Adware.Agent gefunden Hi kannst du adwcleaner mal löschen, neu laden und das löschprozedere erneut ausführen und das Log posten? Es gab heute ein Update
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 19:25
| #13 |
| | PUP.Adware.Agent gefunden ok hier: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 08/01/2013 um 19:21:28 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\extensions\staged
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\28m9fi33.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ac57sjml.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\***.Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\6qnhx6fh.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2097 octets] - [06/01/2013 22:19:24]
AdwCleaner[R2].txt - [1241 octets] - [07/01/2013 22:37:45]
AdwCleaner[S1].txt - [2296 octets] - [07/01/2013 22:15:19]
AdwCleaner[S2].txt - [1286 octets] - [08/01/2013 19:21:28]
########## EOF - C:\AdwCleaner[S2].txt - [1346 octets] ##########
|
|
08.01.2013, 19:37
| #14 |
| /// Malware-holic | PUP.Adware.Agent gefunden Hi, neustarten bitte, testen, wie PC + Programme laufen, internet explorer bitte auch testen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 20:51
| #15 |
| | PUP.Adware.Agent gefunden Hallo, läuft alles soweit ok, auch der IE. Nur die Festplatte macht etwas viel Geräusch, weiß nicht, ob das was zu bedeuten hat. |
|
| Themen zu PUP.Adware.Agent gefunden |
| administrator, adobe, adobe reader xi, autorun, bho, bingbar, defender, downloader, error, explorer, firefox, flash player, format, helper, install.exe, langsam, log, logfile, mozilla, office 2007, plug-in, programme, recycle.bin, registry, rundll, scan, secunia psi, security, sehr langsam, senden, software, svchost.exe, symantec, tarma, total commander |
Linear-Darstellung
