| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.01.2013, 19:14
| #1 |
 |  GVU Trojaner entfernen Hallo, bin leider auch Opfer des GVU Trojaners geworden. Habe daraufhin eine Systemwiederherstellung gemacht und nun läuft soweit eigentlich auch alles wieder, ich bin mir jedoch sehr unsicher ob evtl noch irgendwo Reste des Trojaners auf meinem PC schlummern. Falls ja würde ich die natürlich gerne entfernen. Habe schon Scans mit Malwarebytes Anti Malware und OTL gemacht: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.13.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Martin :: MARTINSPC [Administrator] 13.01.2013 14:41:09 mbam-log-2013-01-13 (14-41-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 583657 Laufzeit: 3 Stunde(n), 12 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Martin\AppData\Roaming\skype.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 13.01.2013 18:35:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,15% Memory free 7,84 Gb Paging File | 6,08 Gb Available in Paging File | 77,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,18 Gb Total Space | 75,85 Gb Free Space | 26,32% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS Computer Name: MARTINSPC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\AirPrint\airprint.exe (Apple Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files (x86)\lotus\notes\ntmulti.exe (IBM Corp) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (AirPrint) -- C:\AirPrint\airprint.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe () SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe () SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe () SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (OpenVPNService) -- C:\Program Files (x86)\RWTH OpenVPN Client\bin\openvpnserv.exe () SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (Multi-user Cleanup Service) -- C:\Program Files (x86)\lotus\notes\ntmulti.exe (IBM Corp) ========== Driver Services (SafeList) ========== DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc) DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ZMGHPAudioSrv) -- C:\Windows\SysNative\drivers\zmghpau.sys (ZOOM) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (Tpkd) -- C:\Windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 29 98 CB 27 B3 CB 01 [binary data] IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes,DefaultScope = {FC21BC8F-18E2-460C-A718-69A1D468D67F} IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\..\SearchScopes\{FC21BC8F-18E2-460C-A718-69A1D468D67F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/#inbox" FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2012.02.14 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF - prefs.js..network.proxy.ssl: "70.38.90.211" FF - prefs.js..network.proxy.ssl_port: 1080 FF - prefs.js..network.proxy.type: 1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2011.06.29 19:39:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.23 12:06:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.05.09 17:30:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 12:09:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 01:52:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.05 11:13:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 12:09:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 01:52:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.05 11:13:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.11.23 19:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2010.11.23 19:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.22 18:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\kylo@hcrest.com [2012.10.23 10:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dwydhe2m.default\extensions [2012.07.25 13:48:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dwydhe2m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.17 22:15:16 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\dwydhe2m.default\extensions\ich@maltegoetz.de [2012.12.18 14:55:38 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-1.xml [2012.08.08 16:32:53 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-10.xml [2012.09.07 19:52:46 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-11.xml [2012.09.16 15:19:52 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-12.xml [2012.10.23 08:57:57 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-13.xml [2012.11.08 08:48:00 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-14.xml [2012.01.01 20:55:54 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-2.xml [2012.02.08 19:24:37 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-3.xml [2012.03.24 11:07:00 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-4.xml [2012.04.01 20:14:49 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-5.xml [2012.04.18 16:36:04 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-6.xml [2012.05.16 08:09:22 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-7.xml [2012.07.10 07:37:24 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-8.xml [2012.07.24 10:07:18 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin-9.xml [2011.11.11 19:50:58 | 000,001,056 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\dwydhe2m.default\searchplugins\icqplugin.xml [2012.10.30 12:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.30 12:08:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.03.23 12:06:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.05.09 17:30:18 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.10.30 12:09:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 08:08:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.8_0\ CHR - Extension: JAM mit Chrome = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bggjdpbfjakfkacljidachigalghbnpk\0.2_0\ CHR - Extension: Gmail offline = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\ CHR - Extension: Skype Click to Call = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Uno = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnlcclaocpblfckpfgmpdfndodkofpo\2.3.4_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000..\Run: [Akamai NetSession Interface] C:\Users\Martin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\OC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F8E691A0-C92E-4E42-9CDA-62FC07A9483B} hxxp://actiftp.hosting4less.com/ACTIGENERAL/AP&Manual/Live%20Demo/nvUnifiedControl.ocx (nvUnifiedControl Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45931A56-8EBF-4F6A-8FCF-5A5F6D70B8FE}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DCD71DF-0535-4651-8A97-1937535B4ED0}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51099237-9ACA-46C6-B201-A017EA5F074C}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1056F4E-80D1-4F9D-ABF5-5C304FC62BD4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F384CFFF-602A-4CF4-819F-FF28E3768200}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC3F9B12-31D3-4E16-B614-AD95E9F5C7A5}: DhcpNameServer = 193.189.244.206 193.189.244.225 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{20c0f615-d5d4-11df-91b7-0024bec4c5f7}\Shell - "" = AutoRun O33 - MountPoints2\{20c0f615-d5d4-11df-91b7-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{2ae40e36-1e6f-11e2-a0aa-506313fecb7c}\Shell - "" = AutoRun O33 - MountPoints2\{2ae40e36-1e6f-11e2-a0aa-506313fecb7c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{2ae40e44-1e6f-11e2-a0aa-506313fecb7c}\Shell - "" = AutoRun O33 - MountPoints2\{2ae40e44-1e6f-11e2-a0aa-506313fecb7c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{9a633312-d54b-11df-8ac8-0024bec4c5f7}\Shell - "" = AutoRun O33 - MountPoints2\{9a633312-d54b-11df-8ac8-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{9a633321-d54b-11df-8ac8-0024bec4c5f7}\Shell - "" = AutoRun O33 - MountPoints2\{9a633321-d54b-11df-8ac8-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{9a633336-d54b-11df-8ac8-0024bec4c5f7}\Shell - "" = AutoRun O33 - MountPoints2\{9a633336-d54b-11df-8ac8-0024bec4c5f7}\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 14:55:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.01.13 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2013.01.13 14:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.13 14:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.13 14:31:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.13 14:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.13 14:31:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Programs [2013.01.13 10:10:59 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.12 19:29:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.11 19:28:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neue Songidee [2013.01.09 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.01.09 14:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.01.09 14:30:34 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup326.exe [2013.01.07 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Updater [2013.01.07 17:19:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.01.07 17:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.01.07 17:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zugaben [2013.01.07 17:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Technische Informationen [2013.01.07 17:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kundendienst [2013.01.07 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hilfe [2013.01.07 17:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(R) Photoshop(R) CS2 [2013.01.07 17:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Solutions Network [2013.01.07 17:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe DNG Converter [2013.01.07 17:13:57 | 683,444,704 | ---- | C] (Adobe Systems Inc. ) -- C:\Users\Martin\Desktop\ID_CS2_GR_NonRet.exe [2013.01.07 17:12:59 | 375,232,764 | ---- | C] (Adobe Systems Inc. ) -- C:\Users\Martin\Desktop\PS_CS2_Gr_NonRet.exe [2013.01.06 11:19:32 | 000,000,000 | ---D | C] -- C:\Sonstiges (Ordner vom Desktop) [2013.01.05 12:09:45 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Steganos [2013.01.05 12:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Steganos [2013.01.05 12:05:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Steganos [2012.12.22 13:13:04 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.22 13:13:03 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.22 13:12:59 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.22 13:12:58 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.08.06 21:44:32 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC9C4.dll [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 18:24:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3183987224-1095028075-2954487604-1000UA.job [2013.01.13 18:19:13 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.13 18:19:13 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.13 18:19:13 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.13 18:19:13 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.13 18:19:13 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.13 18:19:12 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 18:19:12 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 18:12:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 18:11:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.13 18:11:22 | 3156,807,680 | -HS- | M] () -- C:\hiberfil.sys [2013.01.13 18:02:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 17:42:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.13 14:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.01.13 14:31:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 10:11:03 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.09 19:42:12 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 19:42:12 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 14:44:36 | 000,208,200 | ---- | M] () -- C:\Users\Martin\Desktop\cc_20130109_144409.reg [2013.01.09 14:30:34 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup326.exe [2013.01.08 08:01:28 | 000,483,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.07 17:20:02 | 000,001,385 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.01.07 17:16:13 | 683,444,704 | ---- | M] (Adobe Systems Inc. ) -- C:\Users\Martin\Desktop\ID_CS2_GR_NonRet.exe [2013.01.07 17:14:28 | 375,232,764 | ---- | M] (Adobe Systems Inc. ) -- C:\Users\Martin\Desktop\PS_CS2_Gr_NonRet.exe [2013.01.06 21:49:55 | 000,017,408 | ---- | M] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db [2013.01.06 16:11:34 | 000,001,011 | ---- | M] () -- C:\Users\Martin\Desktop\Studiumsordner Master.lnk [2013.01.05 12:28:41 | 000,250,880 | ---- | M] () -- C:\Users\Martin\Documents\Martin.stb [2012.12.28 19:03:49 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3183987224-1095028075-2954487604-1000Core.job [2012.12.22 16:16:34 | 000,001,012 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.13 14:31:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 14:44:15 | 000,208,200 | ---- | C] () -- C:\Users\Martin\Desktop\cc_20130109_144409.reg [2013.01.07 17:23:39 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.01.07 17:20:02 | 000,001,385 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.01.07 17:19:31 | 000,002,071 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.01.07 17:18:35 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.01.07 17:18:35 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.01.06 16:11:19 | 000,001,011 | ---- | C] () -- C:\Users\Martin\Desktop\Studiumsordner Master.lnk [2013.01.05 12:10:30 | 000,250,880 | ---- | C] () -- C:\Users\Martin\Documents\Martin.stb [2012.06.02 20:59:27 | 000,017,408 | ---- | C] () -- C:\Users\Martin\AppData\Local\WebpageIcons.db [2012.04.06 10:17:46 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2012.03.25 16:55:46 | 000,001,654 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.03.19 19:59:19 | 000,001,465 | ---- | C] () -- C:\Users\Martin\.recently-used.xbel [2012.01.02 15:37:32 | 000,000,214 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.12.03 23:00:23 | 000,000,032 | ---- | C] () -- C:\Users\Martin\.simfy [2011.06.15 11:02:40 | 000,000,680 | RHS- | C] () -- C:\Users\Martin\ntuser.pol [2010.12.09 10:50:14 | 000,005,632 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.29 14:08:16 | 000,007,597 | ---- | C] () -- C:\Users\Martin\AppData\Local\Resmon.ResmonCfg [2010.07.17 17:45:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2005.04.07 15:07:40 | 000,014,601 | ---- | C] () -- C:\Program Files\Installationsanleitung.html [2005.04.04 17:56:36 | 000,003,580 | ---- | C] () -- C:\Program Files\Bitte zuerst lesen.html [2005.03.24 15:28:56 | 000,383,996 | ---- | C] () -- C:\Program Files\Photoshop Neue Funktionen.pdf [2005.02.25 14:37:00 | 000,157,035 | ---- | C] () -- C:\Program Files\LegalNotices.pdf ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 18:35:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 61,15% Memory free
7,84 Gb Paging File | 6,08 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,18 Gb Total Space | 75,85 Gb Free Space | 26,32% Space Free | Partition Type: NTFS
Drive G: | 100,00 Mb Total Space | 70,33 Mb Free Space | 70,33% Space Free | Partition Type: NTFS
Computer Name: MARTINSPC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Sync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "sync" ()
Directory [UnSync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "unsync" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Sync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "sync" ()
Directory [UnSync with Dropbox] -- "C:\Program Files (x86)\Dropbox Folder Sync\Dropbox Folder Sync.exe" "%1" "unsync" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A8865-2E9C-4F3B-9E98-47AECB3624D9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{05B834D0-1BC1-4126-A954-B1898C96DC54}" = rport=139 | protocol=6 | dir=out | app=system |
"{06643F01-96BB-4841-BC38-64EF4F1DCE22}" = rport=137 | protocol=17 | dir=out | app=system |
"{33285391-B261-4E03-A764-338221D7C28B}" = rport=138 | protocol=17 | dir=out | app=system |
"{336D97D7-87B9-4445-8187-7D71D2DD4DAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{33832219-9428-48BF-B323-BE68A7A87A72}" = lport=137 | protocol=17 | dir=in | app=system |
"{35941AEC-5939-4A78-98E9-0B419213107C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{369A4679-3934-44CD-AF06-19B916016FAB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{39CCE483-8859-4B2B-8247-65E3E57E5180}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4D1EA229-127C-4EAE-81FE-1FE8AE3F1332}" = lport=139 | protocol=6 | dir=in | app=system |
"{59B3F198-AB6E-42D0-A2DE-314D9762ABA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72FDD0E4-8E66-4D15-A88E-9C28530FFFCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75046C3F-41A1-40CC-9DC2-ABAFED33F3DC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7C6B8B4D-8DA4-4BAB-BB2B-94B1B3C75098}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8408BC85-54C0-4D73-95B3-F33EC5EA7A89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8809A5B9-2FA4-490E-A550-AC5EA54FDA56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CDF11FF-8797-4CBC-8846-40873D08EDBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{956E6DD1-36E6-4DA9-8222-59DECCA494B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{97659EB5-954B-4AEC-8433-92B63DA84839}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C82CFFF-F848-4713-B509-C0671F41D5DD}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2757510-177B-4D44-B67A-8185D21897B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8CA1116-5A73-440D-9CD2-1C7475B07FEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2C1AC4C-5820-42A7-9428-9C76799C03FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{FC64F579-D6FC-4274-BDC0-BB2987025462}" = rport=445 | protocol=6 | dir=out | app=system |
"{FEBF3BB4-614C-4E81-B40E-189FA42E0FF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0311A9E6-A93A-453A-83A9-CF47D6488A08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{035CC1F6-F313-4D3B-B4B6-22A695A459B2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{070D7935-7FC0-4A64-8276-B7660085D8C3}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{0A175C76-605B-45D9-BF16-2B592E8077B9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{0A825122-4B0D-4135-B8C4-A06EFE35C14E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E848F08-DEAA-4172-890C-1B6774D9605A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1702A3EF-8033-402F-9AFE-AE2775A17534}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1799EB9E-66A2-4656-9965-CB7309727A94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DA72836-B65F-4DBC-83A2-2C67174F4DF2}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{224FCB1A-896C-4F4B-90FC-2193922E3413}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3185293F-AE13-41A2-A7C4-221A9AB38637}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{33BCE6E1-87CC-4031-AEDE-8999029499B1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{34FC5682-7856-49AD-A42C-1F9083D90A8B}" = protocol=6 | dir=out | app=system |
"{42C5CA36-1789-4CF2-BB93-2DEFA39DD05E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4375B052-80B0-464A-9C63-EEA81F3F183C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{450F3E58-6F95-4033-A508-4A6AA7366572}" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{46269730-DAAC-4B93-BD4F-1EDC35E16AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4A1C7230-AFD5-47F2-99B7-7992B7B3599B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A32ED55-EBE5-47BB-AA32-EA1256AFDFE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A4F7E28-EB22-443D-B68E-74F420DDD7BC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4C2EAB61-C271-47AB-AEA4-48D506EACA71}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlbtcoms.exe |
"{4D9845B6-5C94-4209-B069-ED70597B5AC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5599911A-3815-47FB-95FE-A40CE7E02C8B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{579EE610-774D-4B79-8212-ECC34B9351D7}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{59FE587E-814A-4A29-A8E8-67B8FB926E58}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{605D6637-1EC9-4B47-9456-212C4DFAE5D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6911A9CF-7056-4DD5-B5E7-51B87129D5E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75241699-4299-4082-95BB-86264DDF1CA6}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"{7C4B4F0A-AE01-4982-9343-014CA24322ED}" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe |
"{7C6C7B51-CEF2-4088-9C8D-A93742AFA1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{7F6F70B4-FB19-405D-BE03-A54945ED8B6F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{82D15CE2-6389-4F04-A73C-79DEC95052DA}" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{82F66A2E-D0DE-44E8-84E5-9447FAC503C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{850352B8-F918-4363-95D2-0381731A1FC7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{853A11B8-5713-47C0-9FF1-CFD1C087FA4E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{87516F67-3D65-4CA8-8EB1-793C7CF9EBBC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8B2086A3-4B45-41D2-BDCF-68FF2B2EAD8C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{8B4DB1AC-7A6F-4EBA-83EA-83DDE733EDED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90B7F6EA-225D-4FBC-889A-F74F3755F587}" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{940791BE-BAD8-4E4A-A4D5-487D1E1C4570}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A23D1597-8215-49F1-8378-1BBE7EC2EEA5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B11C37AC-87F9-47F7-830A-3121059F9999}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{B1641F1B-6995-421A-B455-BD953E4DD6C2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B223BFDD-973E-49DD-AF17-B460EB3AA49C}" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe |
"{B4B8C049-ADDA-4EDE-ADB9-B30482A185E9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{B4CE667D-1E39-4F41-8D29-D2EBFABD6E1B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B508ABE3-93A1-41DB-81EA-E50816AB6EB5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B54A7C4E-6254-4F74-987B-AB684A46B429}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"{B9B120C7-16C7-438D-8D23-6B42D2C72CC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCE22A4F-E666-4921-BA85-39F6F2A466B6}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlbtcoms.exe |
"{BD5FE832-6E62-42A8-87F0-D51D0D4B314B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C564A6B0-532B-434C-9EC0-403A0A860192}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C792D291-ECF9-45FD-90C4-70DA6333B7B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8473FD1-4DE3-47D5-A23D-8397377DC3EB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DBA5091B-A445-4C61-88A5-B4E1216EFC11}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{DF9E4A91-D941-4291-8D56-844F034F5620}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EBD601D1-D330-4C3A-807E-4681AB82435D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\apps\2.0\2cr4lp55.64j\v0mh2e5e.cl9\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{F34FE6B8-A705-4B86-A683-EB56D5C49D00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5272B99-50CF-4940-B16C-18ADE136308C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FB010101-047B-4D41-AF44-CABE0F745257}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{1122BA26-0F96-436F-A2D6-22C601945B3D}C:\program files (x86)\virtualdj\virtualdj_home.exe" = protocol=6 | dir=in | app=c:\program files (x86)\virtualdj\virtualdj_home.exe |
"TCP Query User{16FE2BBF-1C03-4BA2-8929-1758A334880A}C:\users\martin\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3B459A15-ADDA-4E0C-829F-22477DA9DC49}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{494586BA-CF9F-4397-91FD-776D0D29164B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{869A7A45-F9C4-43F0-9BD5-C9D00305F094}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{9C0DCA06-58F7-4EEF-BF8D-D4F9B6DF23C0}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{9E1A6829-D483-4873-B99D-489660DBDAF8}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{AB40A49C-4A85-4946-843E-ACAE7C2BCF02}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BBF88F12-7047-453B-8617-5A683A0C8F40}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{DA4CE5B2-0407-4C4E-BCCE-183E43E71687}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{E2BCF841-2066-4E77-BCB1-A46D36A3CEDD}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{F41BC49E-5027-4D00-9384-611F25DC53B0}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{07485489-66EB-44A1-86D1-113CB6A5A897}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{4C7C3D7D-4FDD-4613-BC42-BB2494ACD87E}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{54929F9A-1D9F-48EE-984F-6AFC512DE9C2}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{59C4DA2E-4819-44FA-99FE-704497A0DEAA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{61233511-9950-47F6-84FF-132126A2940D}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{AFF482CE-C687-463C-B826-613CD56D4D82}C:\users\martin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B1490084-99CE-44AD-BFCF-DFC53D5C2ECD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{B4B741BD-71A7-4180-9735-3DD485952B4D}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C1234638-D4B5-47CD-B6A9-0E91249EC3E6}C:\users\martin\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D86503B7-FEB5-4645-9E4F-A50225A38628}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{FBE88061-877E-47FB-B0E8-5006DEB69DC4}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{FDAD5F5C-D690-4773-9AD3-40E16A6E8D53}C:\program files (x86)\virtualdj\virtualdj_home.exe" = protocol=17 | dir=in | app=c:\program files (x86)\virtualdj\virtualdj_home.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series" = Canon MG3100 series MP Drivers
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Sandboxie" = Sandboxie 3.66 (64-bit)
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D8D8094-9789-402E-BD28-337343F1DE6F}" = Samplitude Music Studio 17 Download-Version
"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A7970BE-2F8A-4004-ABE9-4CDB55A216E6}" = Lotus Notes 7.0
"{5C318BD3-BA72-43E4-9D16-A18210B4A5A5}" = Media Go
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB8F6D-33FC-4E79-8616-7BE5DF32A955}" = BPM-Studio 4 Demo
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C162E1F7-56C6-49DC-8DA6-216CF651A502}" = MAGIX Screenshare
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.078
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Allway Sync_is1" = Allway Sync version 10.5.8
"Anki" = Anki
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DarkWave Studio" = DarkWave Studio 3.0.7
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX-Setup
"EES - Engineering Equation Solver" = EES - Engineering Equation Solver
"eLicenser Control" = eLicenser Control
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"GPL Ghostscript 9.05" = GPL Ghostscript
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"IrfanView" = IrfanView (remove only)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX_{A3A1D6DC-7CB4-4894-8E54-3A48493EF488}" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Need for Speed High Stakes" = Need for Speed
"Opera 12.12.1707" = Opera 12.12
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"PDF Blender" = PDF Blender
"RWTH OpenVPN Client" = RWTH OpenVPN Client 2.1_rc19c
"Samplitude Music Studio 15 D" = Samplitude Music Studio 15 15.0.1.0 (D)
"ST5UNST #1" = Kaminfeuer Comprehensive Edition Free
"TMM10R_ec433b07-afd9-4112-b13f-c04b24e0211c" = TELL ME MORE
"TmNationsForever_is1" = TmNationsForever
"TrueCrypt" = TrueCrypt
"Update Service" = Sony Ericsson Update Service
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 2.0.2
"VST Bridge_is1" = VST Bridge 1.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"XMind" = XMind
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3183987224-1095028075-2954487604-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.01.2013 12:31:19 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile 3. Die im Manifest gefundene
Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis:
Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition:
Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 09.01.2013 14:17:04 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile 3. Die im Manifest gefundene
Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis:
Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition:
Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.01.2013 08:29:02 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile 3. Die im Manifest gefundene
Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis:
Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition:
Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.01.2013 10:20:26 | Computer Name = MartinsPC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Sony\Media Go\MediaGo.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
Files (x86)\Sony\Media Go\Sony.Mrs.MANIFEST" in Zeile 3. Die im Manifest gefundene
Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis:
Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition:
Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.01.2013 15:06:08 | Computer Name = MartinsPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.01.2013 15:06:08 | Computer Name = MartinsPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045
Error - 12.01.2013 15:06:08 | Computer Name = MartinsPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045
Error - 12.01.2013 20:08:29 | Computer Name = MartinsPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b8479a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000001db99
ID
des fehlerhaften Prozesses: 0xca4 Startzeit der fehlerhaften Anwendung: 0x01cdf1220be5ba7b
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\system32\kernel32.dll Berichtskennung: 5bb56fe2-5d15-11e2-b4bd-0024bec4c5f7
Error - 12.01.2013 20:54:11 | Computer Name = MartinsPC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 13.01.2013 04:28:13 | Computer Name = MartinsPC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 13.01.2013 13:12:15 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 13.01.2013 13:12:15 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 13.01.2013 13:12:15 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 13.01.2013 13:12:51 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
(0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
a policy check server name: vpn-unidsl.rwth-aachen.de
Error - 13.01.2013 13:12:53 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 13.01.2013 13:12:53 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 13.01.2013 13:12:53 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 13.01.2013 13:16:39 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 13.01.2013 13:16:39 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 13.01.2013 13:16:39 | Computer Name = MartinsPC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 12.01.2013 20:34:30 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.01.2013 20:34:30 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 12.01.2013 20:34:32 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vflt
vwififlt
Wanarpv6
WfpLwf
Error - 12.01.2013 20:34:55 | Computer Name = MartinsPC | Source = DCOM | ID = 10005
Description =
Error - 12.01.2013 20:54:11 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 13.01.2013 04:28:13 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Peernetzwerkidentitäts-Manager erreicht.
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
Error - 13.01.2013 13:13:33 | Computer Name = MartinsPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
< End of report >
|
|
13.01.2013, 20:07
| #2 |
| /// Malware-holic   | GVU Trojaner entfernen Hi
__________________denjenigen, der solche schrottigen Tipps wie Systemwiederherstellung bei Malware zu nutzen ins netz stellt, müsste man verprügeln :d bitte finger weg von der SWH bei Malware befall für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ |
|
13.01.2013, 20:19
| #3 |
| | GVU Trojaner entfernen Hey, danke für die schnelle Antwort. Habe den Ordner hochgeladen...
__________________Weshalb sollte man denn keine Systemwiederherstellung bei Malwarebefall machen? |
|
13.01.2013, 20:20
| #4 |
| /// Malware-holic | GVU Trojaner entfernen hi, 1. kann bei unvollständiger löschung das System evtl. nicht mehr starten. 2. funktionieren einige Programmenicht mehr ordnungsgemäß 3. erschwert das die analyse s killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.01.2013, 20:32
| #5 |
| | GVU Trojaner entfernen Hier der log: Code:
ATTFilter 20:26:03.0718 4868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:26:03.0859 4868 ============================================================
20:26:03.0859 4868 Current date / time: 2013/01/13 20:26:03.0859
20:26:03.0859 4868 SystemInfo:
20:26:03.0859 4868
20:26:03.0859 4868 OS Version: 6.1.7601 ServicePack: 1.0
20:26:03.0859 4868 Product type: Workstation
20:26:03.0859 4868 ComputerName: MARTINSPC
20:26:03.0874 4868 UserName: Martin
20:26:03.0874 4868 Windows directory: C:\Windows
20:26:03.0874 4868 System windows directory: C:\Windows
20:26:03.0874 4868 Running under WOW64
20:26:03.0874 4868 Processor architecture: Intel x64
20:26:03.0874 4868 Number of processors: 4
20:26:03.0874 4868 Page size: 0x1000
20:26:03.0874 4868 Boot type: Normal boot
20:26:03.0874 4868 ============================================================
20:26:04.0576 4868 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:26:04.0592 4868 ============================================================
20:26:04.0592 4868 \Device\Harddisk0\DR0:
20:26:04.0592 4868 MBR partitions:
20:26:04.0592 4868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139F000, BlocksNum 0x32000
20:26:04.0592 4868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D1000, BlocksNum 0x2405D2B0
20:26:04.0592 4868 ============================================================
20:26:04.0670 4868 C: <-> \Device\Harddisk0\DR0\Partition2
20:26:04.0748 4868 G: <-> \Device\Harddisk0\DR0\Partition1
20:26:04.0748 4868 ============================================================
20:26:04.0748 4868 Initialize success
20:26:04.0748 4868 ============================================================
20:26:41.0314 3308 ============================================================
20:26:41.0314 3308 Scan started
20:26:41.0314 3308 Mode: Manual; SigCheck; TDLFS;
20:26:41.0314 3308 ============================================================
20:26:41.0829 3308 ================ Scan system memory ========================
20:26:41.0829 3308 System memory - ok
20:26:41.0829 3308 ================ Scan services =============================
20:26:42.0079 3308 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:26:42.0204 3308 1394ohci - ok
20:26:42.0422 3308 [ 656F06850D02BAED19F0E2E72B047CE2 ] ABBYY.Licensing.FineReader.Professional.11.0 C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
20:26:42.0469 3308 ABBYY.Licensing.FineReader.Professional.11.0 - ok
20:26:42.0547 3308 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:26:42.0578 3308 ACPI - ok
20:26:42.0640 3308 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:26:42.0734 3308 AcpiPmi - ok
20:26:42.0812 3308 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
20:26:42.0874 3308 acsock - ok
20:26:42.0999 3308 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:26:43.0030 3308 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
20:26:43.0030 3308 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
20:26:43.0202 3308 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:26:43.0233 3308 AdobeFlashPlayerUpdateSvc - ok
20:26:43.0296 3308 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:26:43.0327 3308 adp94xx - ok
20:26:43.0358 3308 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:26:43.0374 3308 adpahci - ok
20:26:43.0405 3308 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:26:43.0420 3308 adpu320 - ok
20:26:43.0436 3308 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:26:43.0514 3308 AeLookupSvc - ok
20:26:43.0576 3308 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:26:43.0670 3308 AFD - ok
20:26:43.0732 3308 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:26:43.0748 3308 agp440 - ok
20:26:43.0826 3308 AirPrint - ok
20:26:44.0091 3308 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai C:/Program Files (x86)/Common Files/Akamai/netsession_win_ce5ba24.dll
20:26:44.0310 3308 Akamai - ok
20:26:44.0356 3308 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:26:44.0434 3308 ALG - ok
20:26:44.0512 3308 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:26:44.0544 3308 aliide - ok
20:26:44.0559 3308 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:26:44.0575 3308 amdide - ok
20:26:44.0637 3308 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:26:44.0700 3308 AmdK8 - ok
20:26:44.0731 3308 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:26:44.0762 3308 AmdPPM - ok
20:26:44.0824 3308 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:26:44.0856 3308 amdsata - ok
20:26:44.0887 3308 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:26:44.0902 3308 amdsbs - ok
20:26:44.0918 3308 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:26:44.0934 3308 amdxata - ok
20:26:45.0012 3308 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:26:45.0043 3308 AntiVirSchedulerService - ok
20:26:45.0074 3308 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:26:45.0090 3308 AntiVirService - ok
20:26:45.0168 3308 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:26:45.0246 3308 AppID - ok
20:26:45.0292 3308 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:26:45.0355 3308 AppIDSvc - ok
20:26:45.0402 3308 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:26:45.0480 3308 Appinfo - ok
20:26:45.0589 3308 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:26:45.0604 3308 Apple Mobile Device - ok
20:26:45.0651 3308 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:26:45.0729 3308 AppMgmt - ok
20:26:45.0776 3308 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:26:45.0792 3308 arc - ok
20:26:45.0807 3308 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:26:45.0823 3308 arcsas - ok
20:26:45.0870 3308 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:26:45.0948 3308 AsyncMac - ok
20:26:46.0010 3308 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:26:46.0026 3308 atapi - ok
20:26:46.0104 3308 [ DACE94C8AB40EFCD819C023F51C60C2E ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:26:46.0213 3308 athr - ok
20:26:46.0291 3308 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:26:46.0400 3308 AudioEndpointBuilder - ok
20:26:46.0416 3308 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:26:46.0462 3308 AudioSrv - ok
20:26:46.0525 3308 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:26:46.0556 3308 avgntflt - ok
20:26:46.0572 3308 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:26:46.0587 3308 avipbb - ok
20:26:46.0603 3308 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:26:46.0618 3308 avkmgr - ok
20:26:46.0712 3308 [ BD39D7CFD9D6A73396B618113A8E8D57 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
20:26:46.0774 3308 avmaudio - ok
20:26:46.0837 3308 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:26:46.0977 3308 AxInstSV - ok
20:26:47.0024 3308 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:26:47.0071 3308 b06bdrv - ok
20:26:47.0118 3308 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:26:47.0180 3308 b57nd60a - ok
20:26:47.0242 3308 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:26:47.0305 3308 BDESVC - ok
20:26:47.0336 3308 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:26:47.0414 3308 Beep - ok
20:26:47.0523 3308 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:26:47.0632 3308 BFE - ok
20:26:47.0695 3308 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:26:47.0788 3308 BITS - ok
20:26:47.0835 3308 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:26:47.0882 3308 blbdrive - ok
20:26:47.0991 3308 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:26:48.0007 3308 Bonjour Service - ok
20:26:48.0085 3308 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:26:48.0147 3308 bowser - ok
20:26:48.0194 3308 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:26:48.0288 3308 BrFiltLo - ok
20:26:48.0319 3308 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:26:48.0366 3308 BrFiltUp - ok
20:26:48.0428 3308 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:26:48.0490 3308 Browser - ok
20:26:48.0537 3308 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:26:48.0568 3308 Brserid - ok
20:26:48.0584 3308 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:26:48.0646 3308 BrSerWdm - ok
20:26:48.0662 3308 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:26:48.0724 3308 BrUsbMdm - ok
20:26:48.0787 3308 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:26:48.0834 3308 BrUsbSer - ok
20:26:48.0896 3308 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:26:48.0990 3308 BthEnum - ok
20:26:49.0036 3308 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:26:49.0099 3308 BTHMODEM - ok
20:26:49.0146 3308 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:26:49.0192 3308 BthPan - ok
20:26:49.0270 3308 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:26:49.0348 3308 BTHPORT - ok
20:26:49.0411 3308 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:26:49.0489 3308 bthserv - ok
20:26:49.0551 3308 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:26:49.0582 3308 BTHUSB - ok
20:26:49.0629 3308 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
20:26:49.0645 3308 btusbflt - ok
20:26:49.0723 3308 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:26:49.0738 3308 btwaudio - ok
20:26:49.0785 3308 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
20:26:49.0816 3308 btwavdt - ok
20:26:49.0910 3308 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:26:49.0941 3308 btwdins - ok
20:26:50.0004 3308 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:26:50.0004 3308 btwl2cap - ok
20:26:50.0050 3308 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:26:50.0066 3308 btwrchid - ok
20:26:50.0082 3308 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:26:50.0160 3308 cdfs - ok
20:26:50.0222 3308 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:26:50.0269 3308 cdrom - ok
20:26:50.0331 3308 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:26:50.0409 3308 CertPropSvc - ok
20:26:50.0456 3308 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:26:50.0503 3308 circlass - ok
20:26:50.0550 3308 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:26:50.0565 3308 CLFS - ok
20:26:50.0643 3308 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:26:50.0674 3308 clr_optimization_v2.0.50727_32 - ok
20:26:50.0737 3308 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:26:50.0752 3308 clr_optimization_v2.0.50727_64 - ok
20:26:50.0893 3308 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:26:50.0924 3308 clr_optimization_v4.0.30319_32 - ok
20:26:50.0986 3308 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:26:51.0002 3308 clr_optimization_v4.0.30319_64 - ok
20:26:51.0064 3308 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:26:51.0111 3308 CmBatt - ok
20:26:51.0158 3308 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:26:51.0174 3308 cmdide - ok
20:26:51.0252 3308 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:26:51.0298 3308 CNG - ok
20:26:51.0314 3308 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:26:51.0330 3308 Compbatt - ok
20:26:51.0392 3308 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:26:51.0454 3308 CompositeBus - ok
20:26:51.0470 3308 COMSysApp - ok
20:26:51.0501 3308 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:26:51.0517 3308 crcdisk - ok
20:26:51.0579 3308 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:26:51.0657 3308 CryptSvc - ok
20:26:51.0720 3308 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:26:51.0813 3308 CSC - ok
20:26:51.0876 3308 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:26:51.0922 3308 CscService - ok
20:26:52.0000 3308 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:26:52.0063 3308 DcomLaunch - ok
20:26:52.0188 3308 [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
20:26:52.0234 3308 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
20:26:52.0234 3308 DCService.exe - detected UnsignedFile.Multi.Generic (1)
20:26:52.0266 3308 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:26:52.0359 3308 defragsvc - ok
20:26:52.0422 3308 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:26:52.0500 3308 DfsC - ok
20:26:52.0562 3308 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:26:52.0624 3308 Dhcp - ok
20:26:52.0671 3308 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:26:52.0734 3308 discache - ok
20:26:52.0796 3308 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:26:52.0812 3308 Disk - ok
20:26:52.0858 3308 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:26:52.0936 3308 Dnscache - ok
20:26:52.0999 3308 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:26:53.0092 3308 dot3svc - ok
20:26:53.0124 3308 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:26:53.0217 3308 DPS - ok
20:26:53.0265 3308 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:26:53.0281 3308 drmkaud - ok
20:26:53.0343 3308 dtpd - ok
20:26:53.0421 3308 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:26:53.0468 3308 DXGKrnl - ok
20:26:53.0530 3308 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:26:53.0593 3308 EapHost - ok
20:26:53.0717 3308 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:26:53.0842 3308 ebdrv - ok
20:26:53.0889 3308 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:26:53.0967 3308 EFS - ok
20:26:54.0014 3308 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:26:54.0123 3308 ehRecvr - ok
20:26:54.0154 3308 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:26:54.0217 3308 ehSched - ok
20:26:54.0279 3308 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:26:54.0326 3308 elxstor - ok
20:26:54.0341 3308 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:26:54.0388 3308 ErrDev - ok
20:26:54.0451 3308 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:26:54.0560 3308 EventSystem - ok
20:26:54.0622 3308 [ 23B79B19F49A037EBA4A9A3BB03ED91D ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
20:26:54.0669 3308 ewusbnet - ok
20:26:54.0716 3308 [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:26:54.0763 3308 ew_hwusbdev - ok
20:26:54.0825 3308 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:26:54.0903 3308 exfat - ok
20:26:55.0059 3308 Fabs - ok
20:26:55.0075 3308 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:26:55.0168 3308 fastfat - ok
20:26:55.0231 3308 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:26:55.0324 3308 Fax - ok
20:26:55.0355 3308 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:26:55.0371 3308 fdc - ok
20:26:55.0433 3308 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:26:55.0511 3308 fdPHost - ok
20:26:55.0543 3308 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:26:55.0605 3308 FDResPub - ok
20:26:55.0636 3308 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:26:55.0652 3308 FileInfo - ok
20:26:55.0652 3308 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:26:55.0730 3308 Filetrace - ok
20:26:55.0870 3308 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
20:26:55.0964 3308 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
20:26:55.0964 3308 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
20:26:55.0995 3308 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:26:56.0042 3308 flpydisk - ok
20:26:56.0104 3308 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:26:56.0135 3308 FltMgr - ok
20:26:56.0213 3308 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:26:56.0291 3308 FontCache - ok
20:26:56.0401 3308 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:26:56.0416 3308 FontCache3.0.0.0 - ok
20:26:56.0447 3308 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:26:56.0463 3308 FsDepends - ok
20:26:56.0510 3308 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:26:56.0525 3308 Fs_Rec - ok
20:26:56.0588 3308 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:26:56.0619 3308 fvevol - ok
20:26:56.0666 3308 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:26:56.0681 3308 gagp30kx - ok
20:26:56.0759 3308 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:26:56.0791 3308 GEARAspiWDM - ok
20:26:56.0869 3308 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
20:26:56.0884 3308 ggflt - ok
20:26:56.0900 3308 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
20:26:56.0915 3308 ggsemc - ok
20:26:56.0993 3308 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:26:57.0087 3308 gpsvc - ok
20:26:57.0243 3308 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:57.0274 3308 gupdate - ok
20:26:57.0305 3308 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:26:57.0337 3308 gupdatem - ok
20:26:57.0368 3308 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:26:57.0430 3308 hcw85cir - ok
20:26:57.0493 3308 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:26:57.0539 3308 HdAudAddService - ok
20:26:57.0571 3308 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:26:57.0633 3308 HDAudBus - ok
20:26:57.0664 3308 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:26:57.0695 3308 HidBatt - ok
20:26:57.0727 3308 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:26:57.0789 3308 HidBth - ok
20:26:57.0805 3308 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:26:57.0867 3308 HidIr - ok
20:26:57.0898 3308 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:26:57.0976 3308 hidserv - ok
20:26:58.0039 3308 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:26:58.0054 3308 HidUsb - ok
20:26:58.0132 3308 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:26:58.0226 3308 hkmsvc - ok
20:26:58.0273 3308 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:26:58.0335 3308 HomeGroupListener - ok
20:26:58.0397 3308 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:26:58.0460 3308 HomeGroupProvider - ok
20:26:58.0522 3308 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:26:58.0538 3308 HpSAMD - ok
20:26:58.0600 3308 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:26:58.0709 3308 HTTP - ok
20:26:58.0772 3308 [ 08B1A06A55F068A17A51BA26618CF50F ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:26:58.0803 3308 huawei_enumerator - ok
20:26:58.0834 3308 [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:26:58.0928 3308 hwdatacard - ok
20:26:58.0990 3308 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:26:59.0021 3308 hwpolicy - ok
20:26:59.0084 3308 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:26:59.0115 3308 i8042prt - ok
20:26:59.0146 3308 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:26:59.0177 3308 IAANTMON - ok
20:26:59.0209 3308 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:26:59.0224 3308 iaStor - ok
20:26:59.0271 3308 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:26:59.0287 3308 iaStorV - ok
20:26:59.0380 3308 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:26:59.0411 3308 idsvc - ok
20:26:59.0458 3308 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:26:59.0474 3308 iirsp - ok
20:26:59.0474 3308 iked - ok
20:26:59.0521 3308 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:26:59.0630 3308 IKEEXT - ok
20:26:59.0739 3308 [ 59B0BBA422F04467E8C89B7CE6AE95E1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:26:59.0817 3308 IntcAzAudAddService - ok
20:26:59.0864 3308 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:26:59.0895 3308 intelide - ok
20:26:59.0942 3308 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:26:59.0989 3308 intelppm - ok
20:27:00.0035 3308 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:27:00.0113 3308 IPBusEnum - ok
20:27:00.0160 3308 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:00.0207 3308 IpFilterDriver - ok
20:27:00.0254 3308 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:27:00.0347 3308 iphlpsvc - ok
20:27:00.0394 3308 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:27:00.0457 3308 IPMIDRV - ok
20:27:00.0488 3308 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:27:00.0566 3308 IPNAT - ok
20:27:00.0675 3308 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:27:00.0706 3308 iPod Service - ok
20:27:00.0753 3308 ipsecd - ok
20:27:00.0784 3308 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:27:00.0893 3308 IRENUM - ok
20:27:00.0940 3308 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:27:00.0971 3308 isapnp - ok
20:27:01.0018 3308 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:27:01.0034 3308 iScsiPrt - ok
20:27:01.0065 3308 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:27:01.0081 3308 kbdclass - ok
20:27:01.0127 3308 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:27:01.0159 3308 kbdhid - ok
20:27:01.0205 3308 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:27:01.0221 3308 KeyIso - ok
20:27:01.0268 3308 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:27:01.0299 3308 KSecDD - ok
20:27:01.0315 3308 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:27:01.0330 3308 KSecPkg - ok
20:27:01.0377 3308 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:27:01.0471 3308 ksthunk - ok
20:27:01.0533 3308 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:27:01.0611 3308 KtmRm - ok
20:27:01.0689 3308 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:27:01.0783 3308 LanmanServer - ok
20:27:01.0829 3308 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:27:01.0892 3308 LanmanWorkstation - ok
20:27:01.0970 3308 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:27:01.0985 3308 LBTServ - ok
20:27:02.0048 3308 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:27:02.0079 3308 LHidFilt - ok
20:27:02.0141 3308 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:27:02.0219 3308 lltdio - ok
20:27:02.0266 3308 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:27:02.0329 3308 lltdsvc - ok
20:27:02.0344 3308 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:27:02.0438 3308 lmhosts - ok
20:27:02.0485 3308 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:27:02.0485 3308 LMouFilt - ok
20:27:02.0531 3308 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:27:02.0563 3308 LSI_FC - ok
20:27:02.0594 3308 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:27:02.0609 3308 LSI_SAS - ok
20:27:02.0625 3308 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:27:02.0641 3308 LSI_SAS2 - ok
20:27:02.0672 3308 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:27:02.0687 3308 LSI_SCSI - ok
20:27:02.0734 3308 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:27:02.0828 3308 luafv - ok
20:27:02.0875 3308 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:27:02.0921 3308 Mcx2Svc - ok
20:27:02.0953 3308 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:27:02.0984 3308 megasas - ok
20:27:02.0999 3308 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:27:03.0031 3308 MegaSR - ok
20:27:03.0077 3308 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:27:03.0171 3308 MMCSS - ok
20:27:03.0187 3308 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:27:03.0280 3308 Modem - ok
20:27:03.0327 3308 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:27:03.0358 3308 monitor - ok
20:27:03.0436 3308 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:27:03.0452 3308 mouclass - ok
20:27:03.0545 3308 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:27:03.0561 3308 mouhid - ok
20:27:03.0623 3308 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:27:03.0639 3308 mountmgr - ok
20:27:03.0764 3308 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:27:03.0795 3308 MozillaMaintenance - ok
20:27:03.0842 3308 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:27:03.0873 3308 mpio - ok
20:27:03.0904 3308 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:27:03.0951 3308 mpsdrv - ok
20:27:04.0013 3308 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:27:04.0091 3308 MpsSvc - ok
20:27:04.0138 3308 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:27:04.0201 3308 MRxDAV - ok
20:27:04.0232 3308 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:04.0310 3308 mrxsmb - ok
20:27:04.0357 3308 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:04.0403 3308 mrxsmb10 - ok
20:27:04.0435 3308 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:04.0481 3308 mrxsmb20 - ok
20:27:04.0513 3308 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:27:04.0528 3308 msahci - ok
20:27:04.0559 3308 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:27:04.0575 3308 msdsm - ok
20:27:04.0591 3308 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:27:04.0606 3308 MSDTC - ok
20:27:04.0669 3308 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:27:04.0715 3308 Msfs - ok
20:27:04.0747 3308 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:27:04.0825 3308 mshidkmdf - ok
20:27:04.0871 3308 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:27:04.0903 3308 msisadrv - ok
20:27:04.0934 3308 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:27:04.0996 3308 MSiSCSI - ok
20:27:04.0996 3308 msiserver - ok
20:27:05.0043 3308 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:27:05.0121 3308 MSKSSRV - ok
20:27:05.0152 3308 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:05.0215 3308 MSPCLOCK - ok
20:27:05.0246 3308 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:27:05.0339 3308 MSPQM - ok
20:27:05.0386 3308 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:27:05.0417 3308 MsRPC - ok
20:27:05.0464 3308 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:27:05.0495 3308 mssmbios - ok
20:27:05.0542 3308 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:27:05.0620 3308 MSTEE - ok
20:27:05.0651 3308 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:27:05.0698 3308 MTConfig - ok
20:27:05.0823 3308 [ 62FEB5A75311DA565F4EB26881A4B520 ] Multi-user Cleanup Service C:\Program Files (x86)\lotus\notes\ntmulti.exe
20:27:05.0854 3308 Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - warning
20:27:05.0854 3308 Multi-user Cleanup Service - detected UnsignedFile.Multi.Generic (1)
20:27:05.0885 3308 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:27:05.0901 3308 Mup - ok
20:27:05.0963 3308 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:27:06.0057 3308 napagent - ok
20:27:06.0119 3308 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:27:06.0197 3308 NativeWifiP - ok
20:27:06.0244 3308 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:27:06.0291 3308 NDIS - ok
20:27:06.0338 3308 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:27:06.0416 3308 NdisCap - ok
20:27:06.0463 3308 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:06.0525 3308 NdisTapi - ok
20:27:06.0572 3308 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:06.0665 3308 Ndisuio - ok
20:27:06.0697 3308 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:06.0759 3308 NdisWan - ok
20:27:06.0821 3308 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:27:06.0899 3308 NDProxy - ok
20:27:06.0993 3308 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
20:27:07.0040 3308 Netaapl - ok
20:27:07.0071 3308 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:27:07.0165 3308 NetBIOS - ok
20:27:07.0211 3308 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:27:07.0305 3308 NetBT - ok
20:27:07.0352 3308 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:27:07.0367 3308 Netlogon - ok
20:27:07.0430 3308 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:27:07.0523 3308 Netman - ok
20:27:07.0555 3308 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:27:07.0648 3308 netprofm - ok
20:27:07.0695 3308 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:27:07.0726 3308 NetTcpPortSharing - ok
20:27:07.0773 3308 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:27:07.0804 3308 nfrd960 - ok
20:27:07.0867 3308 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:27:07.0929 3308 NlaSvc - ok
20:27:07.0945 3308 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:27:08.0007 3308 Npfs - ok
20:27:08.0023 3308 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:27:08.0101 3308 nsi - ok
20:27:08.0132 3308 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:27:08.0225 3308 nsiproxy - ok
20:27:08.0288 3308 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:27:08.0350 3308 Ntfs - ok
20:27:08.0381 3308 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:27:08.0459 3308 Null - ok
20:27:08.0522 3308 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:27:08.0537 3308 NVHDA - ok
20:27:08.0834 3308 [ 9D1B69708732B57D1DBC0F648692A04B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:27:09.0239 3308 nvlddmkm - ok
20:27:09.0333 3308 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:27:09.0364 3308 nvraid - ok
20:27:09.0380 3308 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:27:09.0395 3308 nvstor - ok
20:27:09.0458 3308 [ 95D57F391BF4E81A5A9348B57A509E31 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:27:09.0489 3308 nvsvc - ok
20:27:09.0567 3308 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:27:09.0598 3308 nv_agp - ok
20:27:09.0661 3308 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:27:09.0707 3308 ohci1394 - ok
20:27:09.0848 3308 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
20:27:09.0879 3308 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
20:27:09.0879 3308 OMSI download service - detected UnsignedFile.Multi.Generic (1)
20:27:09.0957 3308 [ 2D88DB1B1B91711E3AE0368933CECD9C ] OpenVPNService C:\Program Files (x86)\RWTH OpenVPN Client\bin\openvpnserv.exe
20:27:09.0988 3308 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
20:27:09.0988 3308 OpenVPNService - detected UnsignedFile.Multi.Generic (1)
20:27:10.0113 3308 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:27:10.0129 3308 ose64 - ok
20:27:10.0363 3308 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:27:10.0565 3308 osppsvc - ok
20:27:10.0612 3308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:27:10.0690 3308 p2pimsvc - ok
20:27:10.0721 3308 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:27:10.0753 3308 p2psvc - ok
20:27:10.0784 3308 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:27:10.0799 3308 Parport - ok
20:27:10.0846 3308 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:27:10.0877 3308 partmgr - ok
20:27:10.0909 3308 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:27:10.0955 3308 PcaSvc - ok
20:27:11.0033 3308 [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:27:11.0096 3308 pccsmcfd - ok
20:27:11.0143 3308 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:27:11.0174 3308 pci - ok
20:27:11.0189 3308 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:27:11.0205 3308 pciide - ok
20:27:11.0236 3308 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:27:11.0252 3308 pcmcia - ok
20:27:11.0283 3308 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:27:11.0283 3308 pcw - ok
20:27:11.0314 3308 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:27:11.0392 3308 PEAUTH - ok
20:27:11.0455 3308 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:27:11.0564 3308 PeerDistSvc - ok
20:27:11.0673 3308 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:27:11.0735 3308 PerfHost - ok
20:27:11.0813 3308 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:27:11.0938 3308 pla - ok
20:27:11.0985 3308 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:27:12.0016 3308 PlugPlay - ok
20:27:12.0047 3308 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:27:12.0094 3308 PNRPAutoReg - ok
20:27:12.0141 3308 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:27:12.0172 3308 PNRPsvc - ok
20:27:12.0235 3308 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:27:12.0328 3308 PolicyAgent - ok
20:27:12.0375 3308 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:27:12.0484 3308 Power - ok
20:27:12.0515 3308 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:27:12.0593 3308 PptpMiniport - ok
20:27:12.0609 3308 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:27:12.0656 3308 Processor - ok
20:27:12.0703 3308 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:27:12.0749 3308 ProfSvc - ok
20:27:12.0765 3308 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:27:12.0796 3308 ProtectedStorage - ok
20:27:12.0859 3308 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:27:12.0952 3308 Psched - ok
20:27:13.0015 3308 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:27:13.0077 3308 ql2300 - ok
20:27:13.0124 3308 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:27:13.0139 3308 ql40xx - ok
20:27:13.0186 3308 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:27:13.0249 3308 QWAVE - ok
20:27:13.0280 3308 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:27:13.0311 3308 QWAVEdrv - ok
20:27:13.0436 3308 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:27:13.0483 3308 RapiMgr - ok
20:27:13.0499 3308 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:27:13.0562 3308 RasAcd - ok
20:27:13.0608 3308 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:27:13.0655 3308 RasAgileVpn - ok
20:27:13.0718 3308 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:27:13.0780 3308 RasAuto - ok
20:27:13.0827 3308 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:13.0920 3308 Rasl2tp - ok
20:27:13.0998 3308 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:27:14.0092 3308 RasMan - ok
20:27:14.0123 3308 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:14.0170 3308 RasPppoe - ok
20:27:14.0186 3308 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:27:14.0248 3308 RasSstp - ok
20:27:14.0310 3308 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:27:14.0388 3308 rdbss - ok
20:27:14.0420 3308 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:27:14.0466 3308 rdpbus - ok
20:27:14.0498 3308 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:14.0561 3308 RDPCDD - ok
20:27:14.0608 3308 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:27:14.0639 3308 RDPDR - ok
20:27:14.0686 3308 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:27:14.0748 3308 RDPENCDD - ok
20:27:14.0779 3308 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:27:14.0811 3308 RDPREFMP - ok
20:27:14.0857 3308 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:27:14.0935 3308 RDPWD - ok
20:27:14.0998 3308 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:27:15.0013 3308 rdyboost - ok
20:27:15.0045 3308 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:27:15.0123 3308 RemoteAccess - ok
20:27:15.0169 3308 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:27:15.0247 3308 RemoteRegistry - ok
20:27:15.0294 3308 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:27:15.0357 3308 RFCOMM - ok
20:27:15.0388 3308 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:27:15.0466 3308 RpcEptMapper - ok
20:27:15.0497 3308 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:27:15.0528 3308 RpcLocator - ok
20:27:15.0575 3308 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:27:15.0637 3308 RpcSs - ok
20:27:15.0684 3308 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:27:15.0762 3308 rspndr - ok
20:27:15.0825 3308 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
20:27:15.0856 3308 s0016bus - ok
20:27:15.0887 3308 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
20:27:15.0918 3308 s0016mdfl - ok
20:27:15.0934 3308 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
20:27:15.0965 3308 s0016mdm - ok
20:27:16.0012 3308 [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
20:27:16.0027 3308 s0016mgmt - ok
20:27:16.0043 3308 [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
20:27:16.0059 3308 s0016nd5 - ok
20:27:16.0074 3308 [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
20:27:16.0090 3308 s0016obex - ok
20:27:16.0105 3308 [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
20:27:16.0121 3308 s0016unic - ok
20:27:16.0168 3308 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:27:16.0230 3308 s3cap - ok
20:27:16.0246 3308 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:27:16.0261 3308 SamSs - ok
20:27:16.0386 3308 [ 687CDADD7B13529E6D6EDA30B3F67051 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
20:27:16.0417 3308 SbieDrv - ok
20:27:16.0480 3308 [ 4CDB30762D89264FF570D2C64BA9B8A6 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
20:27:16.0511 3308 SbieSvc - ok
20:27:16.0542 3308 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:27:16.0573 3308 sbp2port - ok
20:27:16.0589 3308 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:27:16.0651 3308 SCardSvr - ok
20:27:16.0667 3308 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:27:16.0729 3308 scfilter - ok
20:27:16.0807 3308 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:27:16.0901 3308 Schedule - ok
20:27:16.0932 3308 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:27:16.0979 3308 SCPolicySvc - ok
20:27:17.0026 3308 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:27:17.0088 3308 sdbus - ok
20:27:17.0119 3308 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:27:17.0197 3308 SDRSVC - ok
20:27:17.0244 3308 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:27:17.0307 3308 secdrv - ok
20:27:17.0353 3308 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:27:17.0431 3308 seclogon - ok
20:27:17.0494 3308 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
20:27:17.0572 3308 seehcri - ok
20:27:17.0619 3308 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:27:17.0665 3308 SENS - ok
20:27:17.0681 3308 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:27:17.0712 3308 SensrSvc - ok
20:27:17.0712 3308 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:27:17.0728 3308 Serenum - ok
20:27:17.0790 3308 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:27:17.0821 3308 Serial - ok
20:27:17.0868 3308 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:27:17.0884 3308 sermouse - ok
20:27:18.0024 3308 [ 6AD303A3529B7AEF99391DE19F5B400B ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:27:18.0055 3308 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:27:18.0055 3308 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:27:18.0118 3308 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:27:18.0196 3308 SessionEnv - ok
20:27:18.0243 3308 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
20:27:18.0305 3308 SFEP - ok
20:27:18.0367 3308 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:27:18.0430 3308 sffdisk - ok
20:27:18.0461 3308 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:27:18.0508 3308 sffp_mmc - ok
20:27:18.0523 3308 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:27:18.0570 3308 sffp_sd - ok
20:27:18.0617 3308 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:27:18.0648 3308 sfloppy - ok
20:27:18.0711 3308 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:27:18.0820 3308 SharedAccess - ok
20:27:18.0867 3308 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:27:18.0960 3308 ShellHWDetection - ok
20:27:19.0007 3308 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:27:19.0038 3308 SiSRaid2 - ok
20:27:19.0054 3308 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:27:19.0069 3308 SiSRaid4 - ok
20:27:19.0179 3308 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:27:19.0210 3308 SkypeUpdate - ok
20:27:19.0257 3308 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:27:19.0350 3308 Smb - ok
20:27:19.0397 3308 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:27:19.0413 3308 SNMPTRAP - ok
20:27:19.0537 3308 [ E603BEE916153164B990A9DE49C04B9B ] Sony Ericsson PCCompanion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
20:27:19.0569 3308 Sony Ericsson PCCompanion - ok
20:27:19.0584 3308 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:27:19.0615 3308 spldr - ok
20:27:19.0662 3308 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:27:19.0756 3308 Spooler - ok
20:27:19.0881 3308 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:27:20.0052 3308 sppsvc - ok
20:27:20.0083 3308 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:27:20.0161 3308 sppuinotify - ok
20:27:20.0208 3308 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:27:20.0302 3308 srv - ok
20:27:20.0333 3308 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:27:20.0364 3308 srv2 - ok
20:27:20.0411 3308 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:27:20.0442 3308 srvnet - ok
20:27:20.0505 3308 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:27:20.0598 3308 SSDPSRV - ok
20:27:20.0629 3308 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:27:20.0676 3308 SstpSvc - ok
20:27:20.0707 3308 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:27:20.0707 3308 stexstor - ok
20:27:20.0785 3308 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:27:20.0863 3308 stisvc - ok
20:27:20.0895 3308 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:27:20.0910 3308 storflt - ok
20:27:20.0926 3308 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:27:20.0988 3308 StorSvc - ok
20:27:21.0035 3308 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:27:21.0066 3308 storvsc - ok
20:27:21.0113 3308 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:27:21.0144 3308 swenum - ok
20:27:21.0175 3308 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:27:21.0269 3308 swprv - ok
20:27:21.0331 3308 [ 512231BA47975F3F1A67B11F271BB49D ] SynasUSB C:\Windows\system32\drivers\SynUSB64.sys
20:27:21.0347 3308 SynasUSB - ok
20:27:21.0409 3308 [ 8F63178D1DB81BB79270AE55ECDD8321 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:27:21.0425 3308 SynTP - ok
20:27:21.0519 3308 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:27:21.0597 3308 SysMain - ok
20:27:21.0643 3308 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:27:21.0706 3308 TabletInputService - ok
20:27:21.0753 3308 [ 024ADC7F69D1776D72CC5D031B41CE4F ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
20:27:21.0815 3308 tap0901 - ok
20:27:21.0846 3308 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:27:21.0924 3308 TapiSrv - ok
20:27:21.0955 3308 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:27:22.0002 3308 TBS - ok
20:27:22.0096 3308 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:27:22.0158 3308 Tcpip - ok
20:27:22.0205 3308 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:27:22.0252 3308 TCPIP6 - ok
20:27:22.0283 3308 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:27:22.0330 3308 tcpipreg - ok
20:27:22.0361 3308 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:27:22.0439 3308 TDPIPE - ok
20:27:22.0455 3308 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:27:22.0501 3308 TDTCP - ok
20:27:22.0564 3308 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:27:22.0642 3308 tdx - ok
20:27:22.0689 3308 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:27:22.0704 3308 TermDD - ok
20:27:22.0767 3308 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:27:22.0860 3308 TermService - ok
20:27:22.0891 3308 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:27:22.0954 3308 Themes - ok
20:27:22.0985 3308 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:27:23.0047 3308 THREADORDER - ok
20:27:23.0141 3308 [ C676B0F52F2B6483AFB88F79CABB011E ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
20:27:23.0157 3308 Tpkd - ok
20:27:23.0203 3308 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:27:23.0297 3308 TrkWks - ok
20:27:23.0406 3308 [ EA43DE1743C1BA0D2D17B8DB90C91D88 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
20:27:23.0437 3308 truecrypt - ok
20:27:23.0500 3308 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:27:23.0593 3308 TrustedInstaller - ok
20:27:23.0656 3308 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:23.0703 3308 tssecsrv - ok
20:27:23.0765 3308 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:27:23.0843 3308 TsUsbFlt - ok
20:27:23.0921 3308 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:27:23.0999 3308 tunnel - ok
20:27:24.0061 3308 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW64 C:\Windows\system32\DRIVERS\TVICHW64.SYS
20:27:24.0077 3308 TVICHW64 - ok
20:27:24.0108 3308 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:27:24.0139 3308 uagp35 - ok
20:27:24.0186 3308 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:27:24.0280 3308 udfs - ok
20:27:24.0311 3308 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:27:24.0358 3308 UI0Detect - ok
20:27:24.0420 3308 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:27:24.0436 3308 uliagpkx - ok
20:27:24.0514 3308 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:27:24.0576 3308 umbus - ok
20:27:24.0639 3308 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:27:24.0654 3308 UmPass - ok
20:27:24.0717 3308 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:27:24.0748 3308 UmRdpService - ok
20:27:24.0795 3308 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:27:24.0888 3308 upnphost - ok
20:27:25.0013 3308 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:27:25.0060 3308 UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:27:25.0060 3308 UPnPService - detected UnsignedFile.Multi.Generic (1)
20:27:25.0122 3308 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:27:25.0185 3308 USBAAPL64 - ok
20:27:25.0263 3308 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:27:25.0309 3308 usbaudio - ok
20:27:25.0341 3308 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:25.0419 3308 usbccgp - ok
20:27:25.0450 3308 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:27:25.0481 3308 usbcir - ok
20:27:25.0543 3308 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:27:25.0559 3308 usbehci - ok
20:27:25.0606 3308 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:27:25.0653 3308 usbhub - ok
20:27:25.0684 3308 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:27:25.0731 3308 usbohci - ok
20:27:25.0793 3308 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:27:25.0840 3308 usbprint - ok
20:27:25.0887 3308 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:27:25.0902 3308 usbscan - ok
20:27:25.0980 3308 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
20:27:26.0043 3308 usbser - ok
20:27:26.0058 3308 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:26.0121 3308 USBSTOR - ok
20:27:26.0152 3308 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:27:26.0199 3308 usbuhci - ok
20:27:26.0277 3308 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:27:26.0323 3308 usbvideo - ok
20:27:26.0339 3308 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:27:26.0417 3308 UxSms - ok
20:27:26.0495 3308 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
20:27:26.0526 3308 VAIO Event Service - ok
20:27:26.0542 3308 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:27:26.0557 3308 VaultSvc - ok
20:27:26.0604 3308 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:27:26.0635 3308 vdrvroot - ok
20:27:26.0698 3308 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:27:26.0791 3308 vds - ok
20:27:26.0885 3308 [ 00C7DF4F50962BA218AB60D32869100B ] vflt C:\Windows\system32\DRIVERS\vfilter.sys
20:27:26.0932 3308 vflt - ok
20:27:26.0979 3308 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:27.0010 3308 vga - ok
20:27:27.0025 3308 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:27:27.0103 3308 VgaSave - ok
20:27:27.0150 3308 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:27:27.0166 3308 vhdmp - ok
20:27:27.0213 3308 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:27:27.0228 3308 viaide - ok
20:27:27.0275 3308 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:27:27.0306 3308 vmbus - ok
20:27:27.0322 3308 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:27:27.0369 3308 VMBusHID - ok
20:27:27.0431 3308 [ A99CA064AD11266FE7067A79BF78BBB5 ] vnet C:\Windows\system32\DRIVERS\virtualnet.sys
20:27:27.0493 3308 vnet - ok
20:27:27.0556 3308 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:27:27.0571 3308 volmgr - ok
20:27:27.0634 3308 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:27:27.0649 3308 volmgrx - ok
20:27:27.0696 3308 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:27:27.0727 3308 volsnap - ok
20:27:27.0821 3308 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:27:27.0852 3308 vpnagent - ok
20:27:27.0899 3308 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
20:27:27.0915 3308 vpnva - ok
20:27:27.0977 3308 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:27:27.0993 3308 vsmraid - ok
20:27:28.0071 3308 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:27:28.0180 3308 VSS - ok
20:27:28.0195 3308 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:27:28.0242 3308 vwifibus - ok
20:27:28.0289 3308 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:27:28.0305 3308 vwififlt - ok
20:27:28.0351 3308 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:27:28.0414 3308 vwifimp - ok
20:27:28.0461 3308 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:27:28.0554 3308 W32Time - ok
20:27:28.0601 3308 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:27:28.0632 3308 WacomPen - ok
20:27:28.0695 3308 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:27:28.0788 3308 WANARP - ok
20:27:28.0788 3308 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:27:28.0835 3308 Wanarpv6 - ok
20:27:28.0960 3308 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:27:29.0007 3308 WatAdminSvc - ok
20:27:29.0085 3308 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:27:29.0147 3308 wbengine - ok
20:27:29.0178 3308 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:27:29.0194 3308 WbioSrvc - ok
20:27:29.0272 3308 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:27:29.0303 3308 WcesComm - ok
20:27:29.0365 3308 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:27:29.0428 3308 wcncsvc - ok
20:27:29.0459 3308 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:27:29.0490 3308 WcsPlugInService - ok
20:27:29.0506 3308 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:27:29.0537 3308 Wd - ok
20:27:29.0584 3308 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:27:29.0631 3308 Wdf01000 - ok
20:27:29.0631 3308 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:27:29.0771 3308 WdiServiceHost - ok
20:27:29.0771 3308 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:27:29.0787 3308 WdiSystemHost - ok
20:27:29.0849 3308 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:27:29.0911 3308 WebClient - ok
20:27:29.0958 3308 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:27:30.0052 3308 Wecsvc - ok
20:27:30.0067 3308 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:27:30.0114 3308 wercplsupport - ok
20:27:30.0161 3308 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:27:30.0223 3308 WerSvc - ok
20:27:30.0270 3308 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:27:30.0333 3308 WfpLwf - ok
20:27:30.0348 3308 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:27:30.0364 3308 WIMMount - ok
20:27:30.0364 3308 WinDefend - ok
20:27:30.0379 3308 WinHttpAutoProxySvc - ok
20:27:30.0411 3308 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:27:30.0473 3308 Winmgmt - ok
20:27:30.0582 3308 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:27:30.0691 3308 WinRM - ok
20:27:30.0769 3308 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:27:30.0816 3308 WinUsb - ok
20:27:30.0879 3308 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:27:30.0957 3308 Wlansvc - ok
20:27:31.0175 3308 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:31.0253 3308 wlidsvc - ok
20:27:31.0300 3308 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:27:31.0347 3308 WmiAcpi - ok
20:27:31.0409 3308 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:27:31.0440 3308 wmiApSrv - ok
20:27:31.0503 3308 WMPNetworkSvc - ok
20:27:31.0518 3308 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:27:31.0549 3308 WPCSvc - ok
20:27:31.0596 3308 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:27:31.0643 3308 WPDBusEnum - ok
20:27:31.0674 3308 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:27:31.0768 3308 ws2ifsl - ok
20:27:31.0799 3308 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:27:31.0861 3308 wscsvc - ok
20:27:31.0861 3308 WSearch - ok
20:27:31.0971 3308 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:27:32.0049 3308 wuauserv - ok
20:27:32.0080 3308 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:27:32.0142 3308 WudfPf - ok
20:27:32.0205 3308 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:32.0267 3308 WUDFRd - ok
20:27:32.0298 3308 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:27:32.0345 3308 wudfsvc - ok
20:27:32.0376 3308 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:27:32.0439 3308 WwanSvc - ok
20:27:32.0485 3308 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
20:27:32.0548 3308 yukonw7 - ok
20:27:32.0626 3308 [ 928E13688D3A229343FC176601B7237F ] ZMGHPAudioSrv C:\Windows\system32\drivers\zmghpau.sys
20:27:32.0657 3308 ZMGHPAudioSrv ( UnsignedFile.Multi.Generic ) - warning
20:27:32.0657 3308 ZMGHPAudioSrv - detected UnsignedFile.Multi.Generic (1)
20:27:32.0719 3308 ================ Scan global ===============================
20:27:32.0766 3308 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:27:32.0813 3308 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:27:32.0829 3308 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:27:32.0860 3308 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:27:32.0891 3308 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:27:32.0891 3308 [Global] - ok
20:27:32.0891 3308 ================ Scan MBR ==================================
20:27:32.0907 3308 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:27:33.0250 3308 \Device\Harddisk0\DR0 - ok
20:27:33.0250 3308 ================ Scan VBR ==================================
20:27:33.0265 3308 [ 0BC0CE3995075CAA0A20712CD00CC205 ] \Device\Harddisk0\DR0\Partition1
20:27:33.0265 3308 \Device\Harddisk0\DR0\Partition1 - ok
20:27:33.0297 3308 [ 19100200355CB1BBE078A153A24EE461 ] \Device\Harddisk0\DR0\Partition2
20:27:33.0297 3308 \Device\Harddisk0\DR0\Partition2 - ok
20:27:33.0297 3308 ============================================================
20:27:33.0297 3308 Scan finished
20:27:33.0297 3308 ============================================================
20:27:33.0343 1188 Detected object count: 9
20:27:33.0343 1188 Actual detected object count: 9
20:27:54.0185 1188 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0185 1188 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0185 1188 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0185 1188 Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 Multi-user Cleanup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0185 1188 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0185 1188 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0185 1188 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0185 1188 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0185 1188 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:27:54.0201 1188 ZMGHPAudioSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:27:54.0201 1188 ZMGHPAudioSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
13.01.2013, 21:04
| #6 | |
| /// Malware-holic | GVU Trojaner entfernen hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> GVU Trojaner entfernen |
|
13.01.2013, 21:41
| #7 |
| | GVU Trojaner entfernen Hier der Log von Combofix: Code:
ATTFilter Combofix Logfile: |
|
14.01.2013, 20:40
| #8 |
| /// Malware-holic | GVU Trojaner entfernen hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.01.2013, 21:02
| #9 |
| | GVU Trojaner entfernen Hey, danke schon mal soweit  Hier die Liste mit den Programmen: Code:
ATTFilter notwendig: ABBYY FineReader 11 ABBYY 15.06.2012 715MB 11.0.289 (glaube ich) notwendig: Adobe AIR Adobe Systems Incorporated 08.04.2012 3.2.0.2070 (glaube ich) notwendig: Adobe Digital Editions 28.04.2012 notwendig: Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 notwendig: Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 notwendig: Adobe Photoshop CS2 Adobe Systems, Inc. 07.01.2013 9.0 notwendig: Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 18.08.2012 118MB 9.5.2 notwendig: Adobe Shockwave Player 11.5 Adobe Systems, Inc. 15.01.2011 11.5.9.615 unbekannt: Akamai NetSession Interface Akamai Technologies, Inc 13.11.2012 unbekannt: Akamai NetSession Interface Service Akamai Technologies, Inc 13.11.2012 notwendig: Allway Sync version 10.5.8 Botkind Inc 15.10.2010 21,4MB unbekannt: Anki 05.09.2011 notwendig: Apple Application Support Apple Inc. 15.09.2012 64,5MB 2.2.2 notwendig: Apple Mobile Device Support Apple Inc. 15.09.2012 23,7MB 6.0.0.59 notwendig: Apple Software Update Apple Inc. 12.01.2012 2,38MB 2.1.3.127 notwendig: ASIO4ALL Michael Tippach 07.11.2010 2.10 notwendig: Avira Free Antivirus Avira 15.11.2012 108MB 12.1.9.1236 unnötig: AVM FRITZ!Box USB-Fernanschluss AVM Berlin 24.12.2010 2.2.1.0 notwendig: Bonjour Apple Inc. 12.01.2012 2,00MB 3.0.0.10 notwendig: BPM-Studio 4 Demo AlcaTech 30.12.2010 18,4MB 4.9.93 notwendig: Bullzip PDF Printer 7.2.0.1304 Bullzip 11.04.2011 8,89MB 7.2.0.1304 notwendig: Canon MF Toolbox 4.9.1.1.mf09 Canon 16.06.2011 3.2.0 notwendig: Canon MF4360-4390 16.06.2011 notwendig: Canon MG3100 series MP Drivers 01.09.2012 notwendig: CCleaner Piriform 19.12.2012 3.26 notwendig: Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 29.10.2012 3.1.01065 notwendig: Citavi Swiss Academic Software 09.05.2012 69,2MB 3.2.0.0 notwendig: DarkWave Studio 3.0.7 ExperimentalScene 16.09.2010 3.0.7 notwendig: DivX-Setup DivX, LLC 23.03.2012 2.6.1.8 notwendig: Dropbox Dropbox, Inc. 22.12.2012 1.6.10 notwendig: EES - Engineering Equation Solver F-Chart Software 01.11.2012 9 notwendig: eLicenser Control Steinberg Media Technologies GmbH 06.04.2012 notwendig: ffdshow [rev 2946] [2009-05-15] 09.12.2010 1.0 unnötig: Firebird SQL Server - MAGIX Edition MAGIX AG 12.10.2012 11,5MB 2.1.31.0 notwendig: GIMP 2.6.8 18.05.2011 notwendig: Google Chrome Google Inc. 12.09.2011 23.0.1271.97 notwendig: Google Drive Google, Inc. 30.11.2012 16,0MB 1.6.3837.2778 notwendig:Google Gears Google 29.06.2011 9,05MB 0.5.3600 notwendig: GPL Ghostscript Artifex Software Inc. 30.07.2012 9.05 notwendig: GPL Ghostscript Lite 8.70 11.04.2011 12,8MB notwendig: ICQ7.2 ICQ 20.01.2011 7.2 unbekannt: Intel® Matrix Storage Manager Intel Corporation 15.07.2010 unbekannt: Interlok driver setup x64 PACE Anti-Piracy 08.09.2010 161KB 5.8.13 notwendig: IrfanView (remove only) Irfan Skiljan 15.07.2010 1,50MB 4.27 notwendig: iTunes Apple Inc. 15.09.2012 180MB 10.7.0.21 notwendig: Java(TM) 6 Update 22 Sun Microsystems, Inc. 15.07.2010 97,2MB 6.0.220 unnötig: Kaminfeuer Comprehensive Edition Free 03.12.2012 notwendig: Logitech SetPoint Logitech 15.07.2010 17,0KB 4.80 notwendig: Logitech Touch Mouse Server 1.0 Logitech Inc. 06.03.2012 1.0 notwendig: Lotus Notes 7.0 IBM 04.06.2011 314MB 7.00.5244 unnötig: MAGIX Goya burnR 2.3.1.3 (D) MAGIX AG 23.08.2010 2.3.1.3 unnötig: MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D) MAGIX AG 23.08.2010 4.0.0.10 unnötig: MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 23.08.2010 2.3.2.0 unnötig: MAGIX Screenshare MAGIX AG 16.09.2010 1,43MB 4.3.6.1987 unnötig: MAGIX Speed burnR (MSI) MAGIX AG 12.10.2012 7.0.2.6 notwendig: Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 13.01.2013 18,4MB 1.70.0.1100 notwendig: Media Go Sony 27.10.2010 107MB 1.5.312 (glaube ich) notwendig: Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.08.2010 38,8MB 4.0.30319 (glaube ich) notwendig: Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.08.2010 2,93MB 4.0.30319 notwendig: Microsoft Office Home and Student 2010 Microsoft Corporation 29.09.2011 14.0.6029.1000 (glaube ich) notwendig: Microsoft Silverlight Microsoft Corporation 11.05.2012 199MB 4.1.10329.0 (glaube ich) notwendig: Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 30.08.2010 1,72MB 3.1.0000 (glaube ich) notwendig: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 16.07.2010 260KB 8.0.50727.4053 (glaube ich) notwendig: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 16.07.2010 252KB 8.0.50727.4053 (glaube ich) notwendig: Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.06.2011 300KB 8.0.56336 (glaube ich) notwendig: Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 15.07.2010 708KB 8.0.61000 (glaube ich) notwendig: Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 24.04.2011 580KB 8.0.51011 (glaube ich) notwendig: Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 16.07.2010 212KB 9.0.30729.4148 (glaube ich) notwendig: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 17.09.2010 200KB 9.0.30729.4148 (glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 24.04.2011 790KB 9.0.30729.5570 (glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 24.04.2011 598KB 9.0.30729.5570 (glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 15.07.2010 2,52MB 9.0.21022 (glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.06.2011 788KB 9.0.30729.6161 (glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 16.09.2010 596KB 9.0.30729 (glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.10.2010 594KB 9.0.30729.4148 (glaube ich) notwendig: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 600KB 9.0.30729.6161 (glaube ich) notwendig: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.02.2012 16,5MB 10.0.40219 notwendig: Mobile Partner Huawei Technologies Co.,Ltd 11.10.2010 11.302.09.04.382 notwendig: Mozilla Firefox 16.0.2 (x86 de) Mozilla 31.10.2012 44,4MB 16.0.2 (glaube ich) notwendig: Mozilla Maintenance Service Mozilla 05.12.2012 329KB 17.0 notwendig: Mozilla Thunderbird 17.0 (x86 de) Mozilla 05.12.2012 41,9MB 17.0 unbekannt: MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.08.2010 1,27MB 4.20.9870.0 unbekannt: MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.08.2010 1,33MB 4.20.9876.0 unbekannt: MSXML 4.0 SP3 Parser Microsoft Corporation 12.10.2012 1,47MB 4.30.2100.0 unbekannt: MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 13.10.2012 1,53MB 4.30.2114.0 unbekannt: MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 13.01.2013 1,54MB 4.30.2117.0 unnötig: Need for Speed 01.03.2011 unnötig: Need For Speed™ World Electronic Arts 13.11.2012 12,5MB 1.0.0.659 notwendig: NVIDIA Drivers NVIDIA Corporation 15.07.2010 1.9 notwendig: OpenOffice.org 3.2 OpenOffice.org 15.07.2010 380MB 3.2.9502 notwendig: Opera 12.12 Opera Software ASA 20.12.2012 12.12.1707 notwendig: PC Connectivity Solution Nokia 17.11.2010 15,0MB 8.15.1.0 unnötig: PCSX2 - Playstation 2 Emulator 10.11.2012 notwendig: PDF Blender 11.04.2011 unnötig: PlayStation(R)Network Downloader Sony Computer Entertainment Inc. 27.10.2010 682KB 2.03.00126 unnötig: PlayStation(R)Store Sony Computer Entertainment Inc. 27.10.2010 3,64MB 3.2.11.09227 notwendig: QuickTime Apple Inc. 15.09.2012 73,2MB 7.72.80.56 notwendig: Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.07.2010 6.0.1.5964 notwendig: RWTH OpenVPN Client 2.1_rc19c 31.12.2011 2.1_rc19c notwendig: Samplitude Music Studio 15 15.0.1.0 (D) MAGIX AG 30.10.2010 15.0.1.0 notwendig: Samplitude Music Studio 17 Download-Version MAGIX AG 16.09.2010 17.0.0.0 notwendig: Sandboxie 3.66 (64-bit) SANDBOXIE L.T.D 25.03.2012 3.66 notwendig: Secure Download Manager e-academy Inc. 27.08.2012 935KB 3.0.5 notwendig: Setting Utility Series Sony Corporation 15.07.2010 5.1.0.11200 notwendig: Shrew Soft VPN Client 11.09.2012 unnötig: Skype Click to Call Skype Technologies S.A. 16.05.2012 14,3MB 5.9.9216 notwendig: Skype™ 6.0 Skype Technologies S.A. 09.12.2012 20,3MB 6.0.126 notwendig: Sony Ericsson PC Companion 2.01.078 Sony Ericsson 23.01.2011 16,4MB 2.01.078 notwendig: Sony Ericsson PC Suite 6.011.00 Sony Ericsson 06.08.2010 6.011.00 notwendig: Sony Ericsson Update Service Sony Ericsson Mobile Communications AB 23.01.2011 2.11.1.9 notwendig: Spotify Spotify AB 04.11.2012 0.8.5.1333.g822e0de8 notwendig: Steinberg Cubase LE 4 Steinberg Media Technologies GmbH 21.10.2010 199MB 4.0.3.2233 notwendig: Synaptics Pointing Device Driver Synaptics Incorporated 27.07.2010 14.0.3.0 notwendig: t@x 2009 Standard Buhl Data Service GmbH 26.12.2010 16.00.6228 notwendig: t@x 2010 Standard Buhl Data Service GmbH 31.12.2010 17.00.6531 notwendig: t@x 2011 Buhl Data Service GmbH 31.12.2010 18.00.6928 notwendig: t@x 2012 Buhl Data Service GmbH 29.04.2012 19.00.7303 notwendig: TELL ME MORE Auralog 02.01.2012 unbekannt: Text-To-Speech-Runtime Magix Development GmbH 23.08.2010 260KB 1.0.0.0 notwendig: TmNationsForever Nadeo 04.10.2010 notwendig: TrueCrypt TrueCrypt Foundation 05.06.2011 7.0a notwendig: TuxGuitar Herac 16.05.2012 10,6MB 1.2 notwendig: VAIO Control Center Sony Corporation 16.07.2010 4.1.0.10160 notwendig: VAIO Event Service Sony Corporation 15.07.2010 5.1.0.11300 notwendig: Virtual DJ Home - Atomix Productions 30.12.2010 notwendig: VLC media player 2.0.2 VideoLAN 11.09.2012 2.0.2 Vnotwendig: ST Bridge 1.1 08.09.2010 notwendig: WIDCOMM Bluetooth Software Broadcom Corporation 15.07.2010 144MB 6.2.1.500 notwendig: Winamp Nullsoft, Inc 13.06.2012 5.623 notwendig: Winamp Erkennungs-Plug-in Nullsoft, Inc 13.06.2012 75,0KB 1.0.0.1 (glaube ich) notwendig: Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Broadcom 15.07.2010 09/09/2009 6.2.0.9405 (glaube ich) notwendig: Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 15.07.2010 07/28/2009 6.2.0.9800 (glaube ich) notwendig: Windows Live Essentials Microsoft Corporation 07.04.2012 15.4.3555.0308 (glaube ich) notwendig: Windows Live Sync Microsoft Corporation 26.07.2010 2,79MB 14.0.8117.416 (glaube ich) notwendig: Windows Mobile-Gerätecenter 27.01.2012 (glaube ich) notwendig: Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 17.11.2010 10/12/2007 6.85.4.0 notwendig: WinRAR 26.09.2010 notwendig: XMind XMind Ltd. 07.10.2011 3.2.1 notwendig: Zattoo4 4.0.5 Zattoo Inc. 02.06.2012 4.0.5 |
|
15.01.2013, 21:24
| #10 |
| /// Malware-holic | GVU Trojaner entfernen deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Anki AVM Firebird Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Kaminfeuer MAGIX : alle Need for : alle PCSX2 PlayStation: alle Skype Click öffne ccleaner, analysieren, starten, pc neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:07
| #11 |
| | GVU Trojaner entfernen Hey Markus, habe soweit alles gemacht, wie du beschrieben hast. Hier der log von Adwcleaner: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 15/01/2013 um 22:04:30 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Martin - MARTINSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\Users\Martin\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-3183987224-1095028075-2954487604-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v16.0.2 (de)
Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\prefs.js
Gefunden : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/#inbox");
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");
-\\ Google Chrome v24.0.1312.52
Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini
Gefunden : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gefunden : application/x-winampx-1.0.0.1=,0
*************************
AdwCleaner[R1].txt - [2662 octets] - [15/01/2013 22:04:30]
########## EOF - C:\AdwCleaner[R1].txt - [2722 octets] ##########
|
|
15.01.2013, 22:16
| #12 |
| /// Malware-holic | GVU Trojaner entfernen hi Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten bitte, teste, wie der PC läuft + programme, auch alle instalierten Browser
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:37
| #13 |
| | GVU Trojaner entfernen Hier die Log-Datei Code:
ATTFilter # AdwCleaner v2.105 - Datei am 15/01/2013 um 22:18:52 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Martin - MARTINSPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (de)
Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\dwydhe2m.default\prefs.js
Gelöscht : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/#inbox");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");
-\\ Google Chrome v24.0.1312.52
Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.12.1707.0
Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gelöscht : application/x-winampx-1.0.0.1=,0
*************************
AdwCleaner[R1].txt - [2789 octets] - [15/01/2013 22:04:30]
AdwCleaner[S1].txt - [2634 octets] - [15/01/2013 22:18:52]
########## EOF - C:\AdwCleaner[S1].txt - [2694 octets] ##########
Browser funktionieren auch alle, jedoch sagt mir der Internet Explorer, dass ich den neusten flashplayer installieren muss (auf youtube getestet). Bei Chrome, Firefox und Opera geht der Flashplayer jedoch. |
|
15.01.2013, 22:38
| #14 |
| /// Malware-holic | GVU Trojaner entfernen kannst du instaliern. öffne otl, bereinigen, PC startet neu, remover werden gelöscht. lösche über gebliebene Logs, Remover, Setups, leere den Papierkorb. sichere den Pc ab: als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.01.2013, 22:54
| #15 |
| | GVU Trojaner entfernen Ja, super! Sind wir dann soweit durch und der PC ist erstmal wieder sicher?? Ich danke dir auf jeden Fall ganz herzlich für deine Hilfe Ihr macht hier echt nen super Job mit euren Hilfestellungen und den ausführlich beschriebenen Anleitungen zu jedem Schritt. Was ist denn von Kaspersky als Sicherheitssoftware zu halten? Das hatte ich früher mal und fand das eigtl. immer ganz gut... Ich werde mir aber definitiv deine genannten Programme alle mal anschauen und dann entscheiden, welches ich zukünftig nehme. |
|
| Themen zu GVU Trojaner entfernen |
| akamai, antivir, avg, avira, bho, bonjour, canon, ccsetup, cubase, entfernen, error, failed, fehler, firefox, flash player, format, install.exe, logfile, object, photoshop, plug-in, port, realtek, registry, richtlinie, rundll, security, software, svchost.exe, systemwiederherstellung gemacht, trojaner, udp |
Linear-Darstellung
