| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: browse to save virusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2013, 22:02
| #1 |
 |  browse to save virus halihalo hab auch dieses problem und schon mal otl runtergeladen und laufen lassen. hab zwar schon so einen thread gelesenn aber ich hab das so verstanden dass das bei jedem anders zu löschen ist?! na jedenfalls bin ich nicht grad die schlauste auf dem gebiet und hoff auf hilfe =) edit ogott ich hab ja lauter errors -.- Code:
ATTFilter OTL logfile created on: 17.01.2013 20:54:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\grinsekathze\Desktop\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,60 Gb Total Physical Memory | 0,27 Gb Available Physical Memory | 16,64% Memory free 3,21 Gb Paging File | 1,08 Gb Available in Paging File | 33,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282,84 Gb Total Space | 176,52 Gb Free Space | 62,41% Space Free | Partition Type: NTFS Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS Computer Name: GRINSEKATHZE-PC | User Name: grinsekathze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\grinsekathze\Desktop\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe () PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FreemiumSystemStoreService) -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (HP Wireless Assistant Service) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681 IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4 IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.at/" FF - prefs.js..extensions.enabledAddons: 501e6fa18edf8%40501e6fa18ee31.info:1.0 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 08:34:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 13:46:30 | 000,000,000 | ---D | M] [2011.11.24 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Extensions [2013.01.15 20:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions [2012.08.05 14:07:13 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\Firefox\Profiles\00ave1we.default\extensions\501e6fa18edf8@501e6fa18ee31.info [2013.01.15 20:41:53 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.02.20 12:00:03 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\DivXWebPlayer@divx.com.xpi [2013.01.15 20:37:18 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\elemhidehelper@adblockplus.org.xpi [2013.01.15 20:41:53 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.01.15 20:41:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.10 20:28:13 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011.12.01 19:17:22 | 000,002,289 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\ecosia.xml [2011.11.24 14:09:31 | 000,002,314 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\forestle-de.xml [2013.01.09 16:06:00 | 000,002,329 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\Funmoods.xml [2012.08.05 14:07:24 | 000,003,915 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\sweetim.xml [2012.09.17 10:41:06 | 000,002,399 | ---- | M] () -- C:\Users\grinsekathze\AppData\Roaming\mozilla\firefox\profiles\00ave1we.default\searchplugins\Web Search.xml [2013.01.11 08:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.11 08:34:24 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.18 08:21:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 16:58:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.18 08:21:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.18 08:21:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.18 08:21:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.18 08:21:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Codecv Class) - {2D588057-BD3F-075B-B569-0C8FC43F046B} - C:\ProgramData\Codecv\bhoclass.dll File not found O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F7FB87-78B2-4A8C-A823-CC7F3395D176}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2d81870e-1dd0-11e1-830f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2d81870e-1dd0-11e1-830f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2d818754-1dd0-11e1-830f-101f745606e1}\Shell - "" = AutoRun O33 - MountPoints2\{2d818754-1dd0-11e1-830f-101f745606e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{dfdfc172-6525-11e1-88ed-d0df9abf4704}\Shell - "" = AutoRun O33 - MountPoints2\{dfdfc172-6525-11e1-88ed-d0df9abf4704}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.17 11:22:58 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.thumbnails [2013.01.17 11:19:36 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\fontconfig [2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\gegl-0.2 [2013.01.17 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\.gimp-2.8 [2013.01.17 11:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.01.15 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\OSTTIROL WICHTIG [2013.01.14 06:52:06 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\Desktop\ideen & upcycling [2013.01.11 08:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.10 15:05:33 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.10 15:05:33 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.10 15:05:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.10 15:04:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.09 16:05:28 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Funmoods [2013.01.09 16:04:11 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\PutLockerDownloader [2013.01.09 16:03:44 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.01.06 12:19:59 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver [2013.01.05 14:36:47 | 000,000,000 | ---D | C] -- C:\Users\grinsekathze\AppData\Local\WinZip [2012.12.21 21:42:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 21:42:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 21:42:05 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 21:42:05 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll ========== Files - Modified Within 30 Days ========== [2013.01.17 19:41:35 | 000,406,381 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0005.JPG [2013.01.17 19:38:58 | 000,703,061 | ---- | M] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf [2013.01.17 12:51:27 | 000,670,791 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0009.JPG [2013.01.17 12:51:20 | 000,564,667 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0007.JPG [2013.01.17 12:51:17 | 000,661,282 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0008.JPG [2013.01.17 11:43:04 | 000,000,924 | ---- | M] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk [2013.01.17 11:42:54 | 000,275,565 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0126.png [2013.01.17 11:42:54 | 000,002,118 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel [2013.01.17 11:37:45 | 000,000,485 | ---- | M] () -- C:\Windows\cdplayer.ini [2013.01.17 11:37:39 | 000,001,534 | ---- | M] () -- C:\ProgramData\ss.ini [2013.01.17 11:36:16 | 000,737,137 | ---- | M] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf [2013.01.17 09:20:33 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.17 09:20:33 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.17 09:20:33 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.17 09:20:33 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.17 09:20:33 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.16 23:26:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 23:26:45 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 23:19:26 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.01.16 23:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.11 03:21:01 | 000,296,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 16:04:46 | 000,368,102 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx [2013.01.09 16:04:46 | 000,031,465 | ---- | M] () -- C:\Users\grinsekathze\AppData\Local\funmoods.crx [2013.01.09 16:03:44 | 000,000,924 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Movie2KDownloader.lnk [2012.12.20 08:29:39 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.12.20 08:29:16 | 000,701,576 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Hochkar-Panoramakarte_DE.jpg [2012.12.19 23:03:42 | 000,843,391 | ---- | M] () -- C:\Users\grinsekathze\Desktop\BAGS Kollektivvertrag 2012.pdf [2012.12.19 13:39:53 | 000,279,411 | ---- | M] () -- C:\Users\grinsekathze\Desktop\Lebenslauf Kathrin Blumauer.pdf ========== Files Created - No Company Name ========== [2013.01.17 19:41:35 | 000,406,381 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0005.JPG [2013.01.17 19:08:43 | 000,703,061 | ---- | C] () -- C:\Users\grinsekathze\Desktop\AP_A1_Umzugsservice.pdf [2013.01.17 12:51:06 | 000,670,791 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0009.JPG [2013.01.17 12:51:06 | 000,564,667 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0007.JPG [2013.01.17 12:51:05 | 000,661,282 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0008.JPG [2013.01.17 11:42:54 | 000,002,118 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\recently-used.xbel [2013.01.17 11:42:52 | 000,275,565 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0126.png [2013.01.17 11:34:52 | 000,737,137 | ---- | C] () -- C:\Users\grinsekathze\Desktop\DSC_0126.xcf [2013.01.17 11:19:25 | 000,000,924 | ---- | C] () -- C:\Users\grinsekathze\Desktop\GIMP 2.lnk [2013.01.17 11:15:17 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.01.09 16:05:28 | 000,368,102 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx [2013.01.09 16:05:26 | 000,031,465 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\funmoods.crx [2013.01.09 16:03:44 | 000,000,924 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Movie2KDownloader.lnk [2013.01.06 12:19:50 | 006,658,246 | ---- | C] () -- C:\Users\grinsekathze\Desktop\gezeitenweltglobus.EXE [2012.12.20 08:29:09 | 000,701,576 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Hochkar-Panoramakarte_DE.jpg [2012.12.19 23:03:42 | 000,843,391 | ---- | C] () -- C:\Users\grinsekathze\Desktop\BAGS Kollektivvertrag 2012.pdf [2012.12.19 13:39:48 | 000,279,411 | ---- | C] () -- C:\Users\grinsekathze\Desktop\Lebenslauf Kathrin Blumauer.pdf [2012.12.07 11:56:23 | 000,000,485 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.12.07 11:32:59 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini [2012.02.25 21:59:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.11 17:37:20 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.28 12:49:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.11.24 17:20:17 | 000,007,599 | ---- | C] () -- C:\Users\grinsekathze\AppData\Local\Resmon.ResmonCfg [2011.08.16 13:51:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.10 08:55:07 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Freemium [2013.01.09 16:05:28 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Funmoods [2013.01.06 12:19:59 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\iScreensaver [2011.11.24 14:58:03 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Jens Lorek [2012.10.09 12:51:15 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\OpenCandy [2012.01.19 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\OpenOffice.org [2012.11.08 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\pdfforge [2012.01.19 11:57:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\SoftGrid Client [2012.03.03 13:31:55 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Sony [2011.11.24 14:03:21 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\Synaptics [2011.12.03 18:06:17 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\T-Mobile [2011.12.11 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TP [2012.10.09 13:41:27 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\TuneUp Software [2013.01.17 21:02:48 | 000,000,000 | ---D | M] -- C:\Users\grinsekathze\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.01.2013 20:54:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\grinsekathze\Desktop\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,60 Gb Total Physical Memory | 0,27 Gb Available Physical Memory | 16,64% Memory free
3,21 Gb Paging File | 1,08 Gb Available in Paging File | 33,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,84 Gb Total Space | 176,52 Gb Free Space | 62,41% Space Free | Partition Type: NTFS
Drive D: | 14,95 Gb Total Space | 1,85 Gb Free Space | 12,35% Space Free | Partition Type: NTFS
Computer Name: GRINSEKATHZE-PC | User Name: grinsekathze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13EEA3A6-E516-4194-A8CE-717DA7B76D75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2268A202-11C0-49F9-9C95-759875048BDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{539FF5B6-5F05-478D-8269-9BBE0D206530}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{540939FC-3ED2-4A9E-A670-847215014E2C}" = rport=139 | protocol=6 | dir=out | app=system |
"{561061A0-97E3-4C9C-9F0E-8F67AAE55EFA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6457E410-9D31-4B8B-A7D1-0F0ED27E3EF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6A350EE5-D3F7-4A45-B487-F165E12A15F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{6CD84F12-28D6-4A94-B43E-C844C5ED8AA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F7B7847-2B6F-4717-8956-248F2BE83111}" = rport=445 | protocol=6 | dir=out | app=system |
"{801618EB-A544-4901-8103-15C9472A867E}" = lport=139 | protocol=6 | dir=in | app=system |
"{84050A94-2CFF-48DF-84B4-4DD06C822FF0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8992A69C-A922-4071-A185-DADBDDFDFDCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89BA3465-7CB5-426B-92C1-9EBF0A7D8550}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FF5F538-755F-49B3-B4B4-B8F79B322488}" = lport=137 | protocol=17 | dir=in | app=system |
"{96AA3A6D-4BA5-4822-B9FE-510C6280B224}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5A4C60C-8DF7-4C28-A661-EF49464E43C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB8FE59C-23B6-483C-AEBA-1DF54E48DA13}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C559004E-6364-446C-A1AA-69AAD8FD307E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CB5ED033-54AD-4DAD-A55E-2D63CB825E37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D130D9B6-774F-49ED-8BAB-A7CBF5D31E1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D44AF393-0566-4F4A-B7FF-0053CE790234}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D488656A-AFD4-495C-967F-36381AB2E6BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D52E1818-3EFF-4504-98F0-3DA6F7AA512E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ECAB0EFA-F12F-464F-84D8-F577D58DC191}" = lport=138 | protocol=17 | dir=in | app=system |
"{F473DAB7-4097-40D5-A95C-35C6DEE72B51}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026440B1-F5E6-4CF8-A4A5-184550AF4840}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03756458-D0EF-49D1-80FB-0BB566795FF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{079676D3-E9B1-4B9C-B328-48C8C26948CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1681DB2E-D50D-46D4-AB22-7F62312A7C22}" = protocol=17 | dir=in | app=c:\users\grinsekathze\appdata\local\temp\icreinstall\cnet2_caesar4_demo_en_exe.exe |
"{1C679E14-C62F-4D5D-99FC-605625A6616B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1EE95607-215E-4413-B499-7F11B3FCE57A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2630B676-75AC-4E86-A153-FD0D42AFFFCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{368FD8D7-C361-4F9A-89D8-D7F3F89DC708}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{4677EF26-E74A-41D8-B816-6D8EDF883509}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53A1595F-526E-4C05-BCE1-52A28B87B16E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{59D97E3A-C86A-466C-9D87-F17A80C6506A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5A966CD3-A561-471D-B945-9297A2C7EBCE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{627AFF59-12B3-4CB3-845A-0B312586CC40}" = protocol=6 | dir=out | app=system |
"{69BD1719-1FA8-478D-9CD4-8721E52D4425}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6DA3B3E1-8145-471C-AD72-4C1466029568}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7257FB07-DCF0-4F10-B8D7-F2902EEEFD8B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{74C68BD7-7394-491B-A7DE-D6821A89FCEB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80F24660-0A69-42FB-8681-BA9152D96DBC}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{84C85B64-9AA5-4FD1-923B-248089C83A06}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9A9D6371-B611-43D0-9E62-7D1ECB85DCFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A428ACA6-9BBD-48E7-B803-4FB5315D75A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A5A0FD3C-FC9E-4504-AB4A-1F5260DAD400}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A5DC2E51-FA28-4A2C-BD6A-A0BA1D87D0E5}" = protocol=6 | dir=in | app=c:\users\grinsekathze\appdata\local\temp\icreinstall\cnet2_caesar4_demo_en_exe.exe |
"{B6CC1895-0E53-4C8C-BF8E-17F4D6B8F698}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BE6DBFC1-0CD2-428B-929F-2FEC4C560E2D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C29A2CB7-B77F-4F32-B2B9-4B66D5FE99B8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D07AF249-AD70-43C0-942A-62478836C5CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1295660-6AFE-4BE0-B7A5-DC729CBAA2E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D52E7DA4-91FF-4D8D-BEA4-49162CE7A3EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9AD44F7-1DFE-410E-B0FB-82B5A0CE82A7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DFA2248A-76ED-482A-8181-28D4BFED8034}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0FF9D22-6C06-46B8-AF2C-D15E1FBDFF87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB087712-4227-4562-9932-61DC9DD65422}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{C929FC29-7BAE-455B-97C6-D5E9425949CC}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"TCP Query User{DD914C7F-E884-4C32-9807-E27542C866CD}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{448AA499-95F4-4FCE-ADFF-02686BB4A52A}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe |
"UDP Query User{9266BB6F-CBB5-43AB-92FF-3988CAB6750A}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E6BEFE9-0AFF-C09F-24A8-AA1CB05869BF}" = WMV9/VC-1 Video Playback
"{76A7DF87-2F94-A068-96B1-D5A392B785E1}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EA86AD9-FB32-4B9E-BD56-3068F9B8031F}" = HP Wireless Assistant
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1250C3B-8953-8A3F-9FCF-D43BB6AE0051}" = AMD Fuel
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E04A3037-2F82-C518-D6CA-A63497D3872F}" = ATI Catalyst Install Manager
"GIMP-2_is1" = GIMP 2.8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.10 beta 2 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E73CF7-3B8E-49F6-B09C-3FB122B3938A}" = HP Software Framework
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03046EBB-CB7C-4B98-BEFB-690EB955DA22}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26C4E5F1-314C-F3DF-2294-3685BF5F9E05}" = CCC Help Czech
"{2BF8B295-A214-42AC-B4EC-2AE15E08B0E7}" = HP Documentation
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F1042D-1423-81C6-299B-C21FAB216F93}" = CCC Help Italian
"{6137C043-93EA-6769-90EA-01E87B041117}" = CCC Help Norwegian
"{6265A4F4-91FE-FFEC-1ECA-E5639B80ECB3}" = CCC Help French
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{657BD928-2C0B-7EFA-7740-DE8BC937FEF4}" = CCC Help Thai
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E30DB0-A342-F453-D14D-827B454A9E4A}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833708F-D07C-34AA-B195-698FA0C8879C}" = CCC Help Polish
"{687DB473-1A0F-5B1D-D0E0-A73258207AB2}" = ccc-core-static
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C92846D-67BA-5B17-38F4-E1318A0272B7}" = CCC Help Greek
"{6D437C07-418F-9E01-96EB-DC55F780A198}" = CCC Help Turkish
"{710E96D5-98A1-6732-8768-8F4ACCA520C1}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9299A9E5-4A0F-C936-76BD-62BCBD38CC21}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9B04A7CC-F80E-72C6-8B9E-83A88A5B479B}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6A200F-90D7-F262-9639-16D640298E32}" = CCC Help Finnish
"{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A37E63B7-29E5-CAF4-A81D-0A67946924E0}" = Catalyst Control Center Graphics Previews Common
"{A5449F23-80E8-04D2-EB41-7BE229CCB37B}" = Catalyst Control Center InstallProxy
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0838AAC-DF3E-5865-88D3-E43864E2B065}" = CCC Help Korean
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C257F891-7975-979B-3EDD-D3E74F1F583B}" = CCC Help Hungarian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CBD74B80-E1A2-08A1-69D9-DE37BFA265EF}" = CCC Help German
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA26698F-3E4F-FBAE-8219-5C3D3C1ECA92}" = CCC Help Spanish
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13D5C1F-EA6D-E340-85A9-0EA7221F31E9}" = CCC Help Danish
"{E1D1E335-C6CE-C9A5-12B8-587D561E8B30}" = Catalyst Control Center Localization All
"{E3FE0FA5-D813-14AB-DE7B-594257E9550B}" = CCC Help Chinese Traditional
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E774EEC0-18E6-49C8-A271-07654C0A2047}" = Catalyst Control Center - Branding
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0C4AAC9-C7B6-59B3-789D-D2CA4E0CFCD1}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5468CFB-F146-12D8-913B-513145180028}" = CCC Help Russian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2509E9-7197-8FB8-B35E-090A4F81CA6A}" = CCC Help Chinese Standard
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.11.2012 09:08:00 | Computer Name = grinsekathze-pc | Source = MsiInstaller | ID = 10005
Description =
Error - 09.11.2012 06:12:45 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 10.11.2012 05:54:51 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 12.11.2012 09:20:01 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 13.11.2012 06:27:03 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 02:55:02 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 05:14:04 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 16:16:41 | Computer Name = grinsekathze-pc | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680,
Zeitstempel: 0x50882871 Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680,
Zeitstempel: 0x508827d6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00130ef7 ID des fehlerhaften
Prozesses: 0xe6c Startzeit der fehlerhaften Anwendung: 0x01cdc28333a79e11 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
332bf822-2e98-11e2-a968-101f745606e1
Error - 16.11.2012 05:27:46 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 08:14:18 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
Error - 18.11.2012 05:57:53 | Computer Name = grinsekathze-pc | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 23.04.2012 09:12:15 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041223031211.xml
File not created by asset agent
Error - 17.06.2012 06:12:04 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061217121201.xml
File not created by asset agent
Error - 13.08.2012 04:43:58 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081213104339.xml
File not created by asset agent
Error - 20.08.2012 01:38:55 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081220073849.xml
File not created by asset agent
Error - 02.09.2012 12:36:35 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091202063626.xml
File not created by asset agent
Error - 16.09.2012 12:35:19 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091216063507.xml
File not created by asset agent
Error - 23.09.2012 12:24:17 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091223062413.xml
File not created by asset agent
Error - 02.10.2012 07:31:02 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101202013056.xml
File not created by asset agent
Error - 17.10.2012 05:33:01 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101217113257.xml
File not created by asset agent
Error - 05.01.2013 07:34:23 | Computer Name = grinsekathze-pc | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011305123418.xml
File not created by asset agent
[ HP Wireless Assistant Events ]
Error - 24.11.2011 09:35:14 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 24.11.2011 09:35:20 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 24.11.2011 09:36:25 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 24.11.2011 09:36:30 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 24.11.2011 09:37:35 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 24.11.2011 09:37:40 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Der RPC-Server ist nicht
verfügbar. (Ausnahme von HRESULT: 0x800706BA) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 15.12.2011 16:34:57 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 10.02.2012 12:07:49 | Computer Name = grinsekathze-pc | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Starten des Servers fehlgeschlagen
(Ausnahme von HRESULT: 0x80080005 (CO_E_SERVER_EXEC_FAILURE)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObject.Initialize(Boolean
getObject) bei System.Management.ManagementBaseObject.get_Properties() bei
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) bei
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 20.08.2012 07:28:09 | Computer Name = grinsekathze-pc | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Fehler in der Anwendung. bei HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) bei HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)
Error - 20.08.2012 07:28:13 | Computer Name = grinsekathze-pc | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
[ System Events ]
Error - 16.01.2013 05:36:50 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 05:37:01 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 05:37:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 05:37:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 16:57:39 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 18:19:03 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender-Dienst" ist vom Dienst "PnP-X-IP-Busenumerator"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.01.2013 18:19:03 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 18:19:17 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 18:19:34 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
Error - 16.01.2013 18:19:34 | Computer Name = grinsekathze-pc | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1058
< End of report >
so..ich hoffe ich hab bis jetzt mal alles richtig gemacht. grüssleins kat |
|
17.01.2013, 22:33
| #2 |
| /// Malware-holic   | browse to save virus hi
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ |
|
18.01.2013, 11:25
| #3 |
| | browse to save virus schönen guten morgen =)
__________________ich hoff das passt so...  Code:
ATTFilter 11:02:51.0861 2700 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:02:52.0189 2700 ============================================================
11:02:52.0189 2700 Current date / time: 2013/01/18 11:02:52.0189
11:02:52.0189 2700 SystemInfo:
11:02:52.0189 2700
11:02:52.0189 2700 OS Version: 6.1.7601 ServicePack: 1.0
11:02:52.0189 2700 Product type: Workstation
11:02:52.0189 2700 ComputerName: GRINSEKATHZE-PC
11:02:52.0189 2700 UserName: grinsekathze
11:02:52.0189 2700 Windows directory: C:\Windows
11:02:52.0189 2700 System windows directory: C:\Windows
11:02:52.0189 2700 Running under WOW64
11:02:52.0189 2700 Processor architecture: Intel x64
11:02:52.0189 2700 Number of processors: 2
11:02:52.0189 2700 Page size: 0x1000
11:02:52.0189 2700 Boot type: Normal boot
11:02:52.0189 2700 ============================================================
11:02:53.0343 2700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:02:53.0359 2700 ============================================================
11:02:53.0359 2700 \Device\Harddisk0\DR0:
11:02:53.0359 2700 MBR partitions:
11:02:53.0359 2700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:02:53.0359 2700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x235AF000
11:02:53.0359 2700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23613000, BlocksNum 0x1DE7800
11:02:53.0359 2700 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
11:02:53.0359 2700 ============================================================
11:02:53.0375 2700 C: <-> \Device\Harddisk0\DR0\Partition2
11:02:53.0406 2700 D: <-> \Device\Harddisk0\DR0\Partition3
11:02:53.0406 2700 ============================================================
11:02:53.0406 2700 Initialize success
11:02:53.0406 2700 ============================================================
11:03:29.0954 1020 ============================================================
11:03:29.0954 1020 Scan started
11:03:29.0954 1020 Mode: Manual; SigCheck; TDLFS;
11:03:29.0954 1020 ============================================================
11:03:31.0374 1020 ================ Scan system memory ========================
11:03:31.0374 1020 System memory - ok
11:03:31.0374 1020 ================ Scan services =============================
11:03:32.0232 1020 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:03:32.0793 1020 1394ohci - ok
11:03:32.0840 1020 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:03:32.0887 1020 ACPI - ok
11:03:32.0949 1020 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:03:33.0105 1020 AcpiPmi - ok
11:03:33.0277 1020 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:03:33.0324 1020 AdobeARMservice - ok
11:03:33.0386 1020 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:03:33.0449 1020 adp94xx - ok
11:03:33.0511 1020 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:03:33.0558 1020 adpahci - ok
11:03:33.0667 1020 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:03:33.0714 1020 adpu320 - ok
11:03:33.0776 1020 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:03:34.0135 1020 AeLookupSvc - ok
11:03:34.0213 1020 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
11:03:34.0229 1020 AERTFilters - ok
11:03:34.0307 1020 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:03:34.0416 1020 AFD - ok
11:03:34.0494 1020 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:03:34.0541 1020 agp440 - ok
11:03:34.0619 1020 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:03:34.0712 1020 ALG - ok
11:03:34.0759 1020 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:03:34.0790 1020 aliide - ok
11:03:34.0837 1020 [ F4F8D818F8BB7EAFB7B9A259D6CBFE68 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:03:34.0977 1020 AMD External Events Utility - ok
11:03:35.0040 1020 AMD FUEL Service - ok
11:03:35.0055 1020 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
11:03:35.0087 1020 AMD Reservation Manager - ok
11:03:35.0133 1020 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:03:35.0165 1020 amdide - ok
11:03:35.0196 1020 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:03:35.0352 1020 amdiox64 - ok
11:03:35.0399 1020 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:03:35.0461 1020 AmdK8 - ok
11:03:35.0726 1020 [ E93230B4214A90854BE7F27E61C1E8FD ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:03:36.0132 1020 amdkmdag - ok
11:03:36.0210 1020 [ 2B614A1CB27F36C5B2D96E554472A809 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:03:36.0272 1020 amdkmdap - ok
11:03:36.0303 1020 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:03:36.0366 1020 AmdPPM - ok
11:03:36.0413 1020 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:03:36.0459 1020 amdsata - ok
11:03:36.0573 1020 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:03:36.0623 1020 amdsbs - ok
11:03:36.0653 1020 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:03:36.0683 1020 amdxata - ok
11:03:36.0713 1020 [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
11:03:36.0733 1020 amd_sata - ok
11:03:36.0753 1020 [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
11:03:36.0783 1020 amd_xata - ok
11:03:36.0843 1020 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:03:36.0893 1020 AntiVirSchedulerService - ok
11:03:36.0963 1020 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:03:36.0983 1020 AntiVirService - ok
11:03:37.0023 1020 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:03:37.0243 1020 AppID - ok
11:03:37.0283 1020 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:03:37.0373 1020 AppIDSvc - ok
11:03:37.0413 1020 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:03:37.0523 1020 Appinfo - ok
11:03:37.0573 1020 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:03:37.0603 1020 arc - ok
11:03:37.0633 1020 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:03:37.0673 1020 arcsas - ok
11:03:37.0693 1020 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:03:37.0793 1020 AsyncMac - ok
11:03:37.0833 1020 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:03:37.0873 1020 atapi - ok
11:03:37.0933 1020 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
11:03:37.0973 1020 AthBTPort - ok
11:03:38.0043 1020 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
11:03:38.0073 1020 Atheros Bt&Wlan Coex Agent - ok
11:03:38.0093 1020 [ 684B36CA4067DA7000CF95771A3CF0E7 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:03:38.0113 1020 AtherosSvc - ok
11:03:38.0223 1020 [ 7C2D67E273E76ADC3ADB621B8404C5FB ] athr C:\Windows\system32\DRIVERS\athrx.sys
11:03:38.0433 1020 athr - ok
11:03:38.0503 1020 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:03:38.0543 1020 AtiHDAudioService - ok
11:03:38.0594 1020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:03:38.0703 1020 AudioEndpointBuilder - ok
11:03:38.0735 1020 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:03:38.0813 1020 AudioSrv - ok
11:03:38.0859 1020 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:03:38.0906 1020 avgntflt - ok
11:03:38.0937 1020 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:03:38.0984 1020 avipbb - ok
11:03:39.0015 1020 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:03:39.0047 1020 avkmgr - ok
11:03:39.0093 1020 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:03:39.0218 1020 AxInstSV - ok
11:03:39.0265 1020 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:03:39.0343 1020 b06bdrv - ok
11:03:39.0374 1020 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:03:39.0468 1020 b57nd60a - ok
11:03:39.0546 1020 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:03:39.0655 1020 BCM43XX - ok
11:03:39.0686 1020 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:03:39.0764 1020 BDESVC - ok
11:03:39.0795 1020 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:03:39.0873 1020 Beep - ok
11:03:39.0951 1020 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:03:40.0092 1020 BFE - ok
11:03:40.0154 1020 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:03:40.0295 1020 BITS - ok
11:03:40.0326 1020 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:03:40.0373 1020 blbdrive - ok
11:03:40.0435 1020 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:03:40.0466 1020 Bonjour Service - ok
11:03:40.0513 1020 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:03:40.0591 1020 bowser - ok
11:03:40.0622 1020 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:03:40.0669 1020 BrFiltLo - ok
11:03:40.0700 1020 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:03:40.0747 1020 BrFiltUp - ok
11:03:40.0778 1020 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:03:40.0872 1020 Browser - ok
11:03:40.0919 1020 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:03:41.0028 1020 Brserid - ok
11:03:41.0059 1020 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:03:41.0106 1020 BrSerWdm - ok
11:03:41.0153 1020 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:03:41.0199 1020 BrUsbMdm - ok
11:03:41.0215 1020 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:03:41.0262 1020 BrUsbSer - ok
11:03:41.0324 1020 [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
11:03:41.0371 1020 BTATH_A2DP - ok
11:03:41.0418 1020 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
11:03:41.0433 1020 BTATH_BUS - ok
11:03:41.0465 1020 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:03:41.0511 1020 BTATH_HCRP - ok
11:03:41.0527 1020 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:03:41.0558 1020 BTATH_LWFLT - ok
11:03:41.0574 1020 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
11:03:41.0605 1020 BTATH_RCP - ok
11:03:41.0652 1020 [ FF8B065F96E4D9525AA7227299FBD05C ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
11:03:41.0699 1020 BtFilter - ok
11:03:41.0745 1020 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:03:41.0823 1020 BthEnum - ok
11:03:41.0855 1020 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:03:41.0917 1020 BTHMODEM - ok
11:03:41.0964 1020 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:03:42.0026 1020 BthPan - ok
11:03:42.0073 1020 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:03:42.0151 1020 BTHPORT - ok
11:03:42.0198 1020 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:03:42.0291 1020 bthserv - ok
11:03:42.0323 1020 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:03:42.0385 1020 BTHUSB - ok
11:03:42.0416 1020 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:03:42.0510 1020 cdfs - ok
11:03:42.0572 1020 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:03:42.0635 1020 cdrom - ok
11:03:42.0681 1020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:03:42.0791 1020 CertPropSvc - ok
11:03:42.0837 1020 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:03:42.0931 1020 circlass - ok
11:03:43.0009 1020 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:03:43.0040 1020 CLFS - ok
11:03:43.0118 1020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:03:43.0149 1020 clr_optimization_v2.0.50727_32 - ok
11:03:43.0212 1020 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:03:43.0259 1020 clr_optimization_v2.0.50727_64 - ok
11:03:43.0274 1020 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
11:03:43.0305 1020 clwvd - ok
11:03:43.0352 1020 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:03:43.0399 1020 CmBatt - ok
11:03:43.0415 1020 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:03:43.0446 1020 cmdide - ok
11:03:43.0493 1020 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:03:43.0586 1020 CNG - ok
11:03:43.0617 1020 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:03:43.0664 1020 Compbatt - ok
11:03:43.0711 1020 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:03:43.0758 1020 CompositeBus - ok
11:03:43.0773 1020 COMSysApp - ok
11:03:43.0805 1020 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:03:43.0836 1020 crcdisk - ok
11:03:43.0898 1020 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:03:43.0992 1020 CryptSvc - ok
11:03:44.0054 1020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:03:44.0148 1020 DcomLaunch - ok
11:03:44.0179 1020 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:03:44.0304 1020 defragsvc - ok
11:03:44.0319 1020 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:03:44.0429 1020 DfsC - ok
11:03:44.0491 1020 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:03:44.0616 1020 Dhcp - ok
11:03:44.0663 1020 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:03:44.0741 1020 discache - ok
11:03:44.0803 1020 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:03:44.0834 1020 Disk - ok
11:03:44.0881 1020 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:03:44.0959 1020 Dnscache - ok
11:03:45.0006 1020 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:03:45.0115 1020 dot3svc - ok
11:03:45.0146 1020 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:03:45.0240 1020 DPS - ok
11:03:45.0287 1020 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:03:45.0333 1020 drmkaud - ok
11:03:45.0380 1020 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:03:45.0458 1020 DXGKrnl - ok
11:03:45.0489 1020 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:03:45.0599 1020 EapHost - ok
11:03:45.0723 1020 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:03:45.0973 1020 ebdrv - ok
11:03:46.0004 1020 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:03:46.0082 1020 EFS - ok
11:03:46.0176 1020 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:03:46.0285 1020 ehRecvr - ok
11:03:46.0301 1020 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:03:46.0363 1020 ehSched - ok
11:03:46.0410 1020 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:03:46.0472 1020 elxstor - ok
11:03:46.0488 1020 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:03:46.0550 1020 ErrDev - ok
11:03:46.0597 1020 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:03:46.0706 1020 EventSystem - ok
11:03:46.0753 1020 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:03:46.0847 1020 exfat - ok
11:03:46.0862 1020 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:03:46.0971 1020 fastfat - ok
11:03:47.0018 1020 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:03:47.0096 1020 Fax - ok
11:03:47.0112 1020 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:03:47.0190 1020 fdc - ok
11:03:47.0221 1020 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:03:47.0299 1020 fdPHost - ok
11:03:47.0315 1020 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:03:47.0424 1020 FDResPub - ok
11:03:47.0471 1020 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:03:47.0502 1020 FileInfo - ok
11:03:47.0533 1020 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:03:47.0627 1020 Filetrace - ok
11:03:47.0673 1020 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:03:47.0705 1020 flpydisk - ok
11:03:47.0720 1020 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:03:47.0783 1020 FltMgr - ok
11:03:47.0845 1020 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:03:47.0970 1020 FontCache - ok
11:03:48.0032 1020 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:03:48.0079 1020 FontCache3.0.0.0 - ok
11:03:48.0344 1020 [ EAE9B4318A46C08037BDB5CFE3053CF2 ] FreemiumSystemStoreService C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
11:03:48.0776 1020 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - warning
11:03:48.0776 1020 FreemiumSystemStoreService - detected UnsignedFile.Multi.Generic (1)
11:03:48.0826 1020 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:03:48.0866 1020 FsDepends - ok
11:03:48.0896 1020 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:03:48.0926 1020 Fs_Rec - ok
11:03:48.0956 1020 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:03:48.0996 1020 fvevol - ok
11:03:49.0036 1020 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:03:49.0076 1020 gagp30kx - ok
11:03:49.0136 1020 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:03:49.0256 1020 gpsvc - ok
11:03:49.0276 1020 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:03:49.0346 1020 hcw85cir - ok
11:03:49.0396 1020 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:03:49.0466 1020 HdAudAddService - ok
11:03:49.0496 1020 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:03:49.0546 1020 HDAudBus - ok
11:03:49.0596 1020 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:03:49.0646 1020 HidBatt - ok
11:03:49.0686 1020 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:03:49.0736 1020 HidBth - ok
11:03:49.0766 1020 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:03:49.0806 1020 HidIr - ok
11:03:49.0846 1020 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:03:49.0946 1020 hidserv - ok
11:03:50.0006 1020 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:03:50.0046 1020 HidUsb - ok
11:03:50.0066 1020 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:03:50.0176 1020 hkmsvc - ok
11:03:50.0206 1020 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:03:50.0316 1020 HomeGroupListener - ok
11:03:50.0356 1020 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:03:50.0446 1020 HomeGroupProvider - ok
11:03:50.0556 1020 [ 7A24AD37416B91E4B5E5B46BD25C075F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
11:03:50.0586 1020 HP Health Check Service - ok
11:03:50.0656 1020 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:03:50.0676 1020 HP Wireless Assistant Service - ok
11:03:50.0722 1020 [ 03431817C7236371433D3C860810FE8A ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:03:50.0753 1020 HPDrvMntSvc.exe - ok
11:03:50.0784 1020 [ CC518F83732860997C3FAF56D15627A7 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:03:50.0831 1020 hpqwmiex - ok
11:03:50.0847 1020 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:03:50.0878 1020 HpSAMD - ok
11:03:50.0956 1020 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:03:50.0971 1020 HPWMISVC - ok
11:03:51.0034 1020 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:03:51.0143 1020 HTTP - ok
11:03:51.0159 1020 hwdatacard - ok
11:03:51.0174 1020 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:03:51.0221 1020 hwpolicy - ok
11:03:51.0268 1020 hwusbdev - ok
11:03:51.0318 1020 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:03:51.0358 1020 i8042prt - ok
11:03:51.0418 1020 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:03:51.0478 1020 iaStorV - ok
11:03:51.0598 1020 [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:03:53.0869 1020 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
11:03:53.0869 1020 IconMan_R - detected UnsignedFile.Multi.Generic (1)
11:03:53.0963 1020 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:03:54.0057 1020 idsvc - ok
11:03:54.0088 1020 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:03:54.0135 1020 iirsp - ok
11:03:54.0166 1020 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:03:54.0306 1020 IKEEXT - ok
11:03:54.0400 1020 [ 336C3A6BF14D5A9AF35AF07C6B6B29CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:03:54.0634 1020 IntcAzAudAddService - ok
11:03:54.0696 1020 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:03:54.0743 1020 intelide - ok
11:03:54.0790 1020 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:03:54.0852 1020 intelppm - ok
11:03:54.0899 1020 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:03:55.0008 1020 IPBusEnum - ok
11:03:55.0039 1020 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:03:55.0133 1020 IpFilterDriver - ok
11:03:55.0180 1020 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:03:55.0273 1020 iphlpsvc - ok
11:03:55.0305 1020 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:03:55.0351 1020 IPMIDRV - ok
11:03:55.0383 1020 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:03:55.0492 1020 IPNAT - ok
11:03:55.0523 1020 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:03:55.0570 1020 IRENUM - ok
11:03:55.0601 1020 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:03:55.0632 1020 isapnp - ok
11:03:55.0679 1020 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:03:55.0726 1020 iScsiPrt - ok
11:03:55.0757 1020 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:03:55.0788 1020 kbdclass - ok
11:03:55.0819 1020 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:03:55.0866 1020 kbdhid - ok
11:03:55.0882 1020 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:03:55.0913 1020 KeyIso - ok
11:03:55.0944 1020 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:03:55.0975 1020 KSecDD - ok
11:03:56.0007 1020 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:03:56.0038 1020 KSecPkg - ok
11:03:56.0069 1020 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:03:56.0163 1020 ksthunk - ok
11:03:56.0209 1020 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:03:56.0319 1020 KtmRm - ok
11:03:56.0381 1020 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:03:56.0490 1020 LanmanServer - ok
11:03:56.0537 1020 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:03:56.0646 1020 LanmanWorkstation - ok
11:03:56.0693 1020 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:03:56.0787 1020 lltdio - ok
11:03:56.0818 1020 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:03:56.0927 1020 lltdsvc - ok
11:03:56.0974 1020 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:03:57.0083 1020 lmhosts - ok
11:03:57.0114 1020 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:03:57.0161 1020 LSI_FC - ok
11:03:57.0223 1020 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:03:57.0270 1020 LSI_SAS - ok
11:03:57.0301 1020 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:03:57.0333 1020 LSI_SAS2 - ok
11:03:57.0364 1020 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:03:57.0395 1020 LSI_SCSI - ok
11:03:57.0442 1020 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:03:57.0551 1020 luafv - ok
11:03:57.0582 1020 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:03:57.0645 1020 Mcx2Svc - ok
11:03:57.0691 1020 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:03:57.0723 1020 megasas - ok
11:03:57.0754 1020 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:03:57.0801 1020 MegaSR - ok
11:03:57.0832 1020 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:03:57.0941 1020 MMCSS - ok
11:03:57.0972 1020 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:03:58.0066 1020 Modem - ok
11:03:58.0097 1020 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:03:58.0159 1020 monitor - ok
11:03:58.0206 1020 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:03:58.0237 1020 mouclass - ok
11:03:58.0269 1020 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:03:58.0331 1020 mouhid - ok
11:03:58.0347 1020 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:03:58.0378 1020 mountmgr - ok
11:03:58.0456 1020 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:03:58.0503 1020 MozillaMaintenance - ok
11:03:58.0534 1020 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:03:58.0581 1020 mpio - ok
11:03:58.0627 1020 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:03:58.0737 1020 mpsdrv - ok
11:03:58.0799 1020 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:03:58.0939 1020 MpsSvc - ok
11:03:58.0971 1020 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:03:59.0033 1020 MRxDAV - ok
11:03:59.0080 1020 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:03:59.0173 1020 mrxsmb - ok
11:03:59.0205 1020 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:03:59.0251 1020 mrxsmb10 - ok
11:03:59.0283 1020 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:03:59.0345 1020 mrxsmb20 - ok
11:03:59.0376 1020 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:03:59.0407 1020 msahci - ok
11:03:59.0439 1020 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:03:59.0485 1020 msdsm - ok
11:03:59.0517 1020 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:03:59.0610 1020 MSDTC - ok
11:03:59.0673 1020 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:03:59.0766 1020 Msfs - ok
11:03:59.0813 1020 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:03:59.0891 1020 mshidkmdf - ok
11:03:59.0938 1020 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:03:59.0985 1020 msisadrv - ok
11:04:00.0016 1020 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:04:00.0203 1020 MSiSCSI - ok
11:04:00.0219 1020 msiserver - ok
11:04:00.0297 1020 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:04:00.0390 1020 MSKSSRV - ok
11:04:00.0421 1020 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:04:00.0531 1020 MSPCLOCK - ok
11:04:00.0546 1020 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:04:00.0624 1020 MSPQM - ok
11:04:00.0671 1020 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:04:00.0718 1020 MsRPC - ok
11:04:00.0796 1020 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:04:00.0811 1020 mssmbios - ok
11:04:00.0827 1020 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:04:00.0936 1020 MSTEE - ok
11:04:00.0967 1020 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:04:01.0014 1020 MTConfig - ok
11:04:01.0046 1020 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:04:01.0077 1020 Mup - ok
11:04:01.0124 1020 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:04:01.0217 1020 napagent - ok
11:04:01.0264 1020 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:04:01.0342 1020 NativeWifiP - ok
11:04:01.0404 1020 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:04:01.0451 1020 NDIS - ok
11:04:01.0498 1020 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:04:01.0592 1020 NdisCap - ok
11:04:01.0638 1020 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:04:01.0732 1020 NdisTapi - ok
11:04:01.0763 1020 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:04:01.0872 1020 Ndisuio - ok
11:04:01.0904 1020 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:04:01.0997 1020 NdisWan - ok
11:04:02.0013 1020 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:04:02.0091 1020 NDProxy - ok
11:04:02.0138 1020 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:04:02.0294 1020 NetBIOS - ok
11:04:02.0340 1020 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:04:02.0418 1020 NetBT - ok
11:04:02.0434 1020 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:04:02.0465 1020 Netlogon - ok
11:04:02.0512 1020 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:04:02.0606 1020 Netman - ok
11:04:02.0637 1020 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:04:02.0762 1020 netprofm - ok
11:04:02.0793 1020 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:04:02.0840 1020 NetTcpPortSharing - ok
11:04:02.0871 1020 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:04:02.0918 1020 nfrd960 - ok
11:04:02.0964 1020 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:04:03.0074 1020 NlaSvc - ok
11:04:03.0105 1020 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:04:03.0183 1020 Npfs - ok
11:04:03.0214 1020 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:04:03.0292 1020 nsi - ok
11:04:03.0308 1020 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:04:03.0370 1020 nsiproxy - ok
11:04:03.0448 1020 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:04:03.0573 1020 Ntfs - ok
11:04:03.0620 1020 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:04:03.0682 1020 Null - ok
11:04:03.0713 1020 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:04:03.0776 1020 NVENETFD - ok
11:04:03.0822 1020 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:04:03.0869 1020 nvraid - ok
11:04:03.0885 1020 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:04:03.0932 1020 nvstor - ok
11:04:03.0963 1020 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:04:04.0010 1020 nv_agp - ok
11:04:04.0025 1020 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:04:04.0056 1020 ohci1394 - ok
11:04:04.0103 1020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:04:04.0181 1020 p2pimsvc - ok
11:04:04.0244 1020 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:04:04.0322 1020 p2psvc - ok
11:04:04.0353 1020 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:04:04.0400 1020 Parport - ok
11:04:04.0431 1020 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:04:04.0462 1020 partmgr - ok
11:04:04.0493 1020 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:04:04.0571 1020 PcaSvc - ok
11:04:04.0602 1020 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:04:04.0649 1020 pci - ok
11:04:04.0665 1020 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:04:04.0696 1020 pciide - ok
11:04:04.0727 1020 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:04:04.0774 1020 pcmcia - ok
11:04:04.0805 1020 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:04:04.0836 1020 pcw - ok
11:04:04.0868 1020 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:04:04.0992 1020 PEAUTH - ok
11:04:05.0117 1020 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:04:05.0164 1020 PerfHost - ok
11:04:05.0242 1020 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:04:05.0382 1020 pla - ok
11:04:05.0445 1020 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:04:05.0507 1020 PlugPlay - ok
11:04:05.0538 1020 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:04:05.0601 1020 PNRPAutoReg - ok
11:04:05.0632 1020 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:04:05.0663 1020 PNRPsvc - ok
11:04:05.0710 1020 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:04:05.0819 1020 PolicyAgent - ok
11:04:05.0866 1020 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:04:05.0960 1020 Power - ok
11:04:05.0991 1020 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:04:06.0100 1020 PptpMiniport - ok
11:04:06.0116 1020 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:04:06.0162 1020 Processor - ok
11:04:06.0194 1020 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
11:04:06.0303 1020 ProfSvc - ok
11:04:06.0318 1020 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:04:06.0350 1020 ProtectedStorage - ok
11:04:06.0381 1020 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:04:06.0443 1020 Psched - ok
11:04:06.0521 1020 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:04:06.0615 1020 ql2300 - ok
11:04:06.0630 1020 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:04:06.0693 1020 ql40xx - ok
11:04:06.0755 1020 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:04:06.0818 1020 QWAVE - ok
11:04:06.0849 1020 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:04:06.0911 1020 QWAVEdrv - ok
11:04:06.0927 1020 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:04:07.0020 1020 RasAcd - ok
11:04:07.0052 1020 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:04:07.0145 1020 RasAgileVpn - ok
11:04:07.0176 1020 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:04:07.0270 1020 RasAuto - ok
11:04:07.0317 1020 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:04:07.0410 1020 Rasl2tp - ok
11:04:07.0457 1020 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:04:07.0551 1020 RasMan - ok
11:04:07.0582 1020 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:04:07.0691 1020 RasPppoe - ok
11:04:07.0707 1020 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:04:07.0816 1020 RasSstp - ok
11:04:07.0847 1020 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:04:07.0956 1020 rdbss - ok
11:04:07.0972 1020 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:04:08.0034 1020 rdpbus - ok
11:04:08.0066 1020 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:04:08.0128 1020 RDPCDD - ok
11:04:08.0144 1020 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:04:08.0237 1020 RDPENCDD - ok
11:04:08.0253 1020 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:04:08.0331 1020 RDPREFMP - ok
11:04:08.0362 1020 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:04:08.0440 1020 RDPWD - ok
11:04:08.0487 1020 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:04:08.0534 1020 rdyboost - ok
11:04:08.0565 1020 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:04:08.0658 1020 RemoteAccess - ok
11:04:08.0705 1020 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:04:08.0814 1020 RemoteRegistry - ok
11:04:08.0877 1020 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:04:08.0924 1020 RFCOMM - ok
11:04:08.0955 1020 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:04:09.0048 1020 RpcEptMapper - ok
11:04:09.0080 1020 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:04:09.0126 1020 RpcLocator - ok
11:04:09.0158 1020 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:04:09.0236 1020 RpcSs - ok
11:04:09.0282 1020 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
11:04:09.0314 1020 RSPCIESTOR - ok
11:04:09.0360 1020 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:04:09.0438 1020 rspndr - ok
11:04:09.0485 1020 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:04:09.0548 1020 RTL8167 - ok
11:04:09.0563 1020 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:04:09.0594 1020 SamSs - ok
11:04:09.0610 1020 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:04:09.0657 1020 sbp2port - ok
11:04:09.0688 1020 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:04:09.0782 1020 SCardSvr - ok
11:04:09.0797 1020 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:04:09.0906 1020 scfilter - ok
11:04:09.0953 1020 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:04:10.0109 1020 Schedule - ok
11:04:10.0140 1020 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:04:10.0203 1020 SCPolicySvc - ok
11:04:10.0250 1020 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:04:10.0312 1020 sdbus - ok
11:04:10.0359 1020 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:04:10.0452 1020 SDRSVC - ok
11:04:10.0484 1020 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:04:10.0577 1020 secdrv - ok
11:04:10.0608 1020 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:04:10.0686 1020 seclogon - ok
11:04:10.0718 1020 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:04:10.0811 1020 SENS - ok
11:04:10.0842 1020 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:04:10.0920 1020 SensrSvc - ok
11:04:10.0952 1020 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
11:04:10.0998 1020 Serenum - ok
11:04:11.0030 1020 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:04:11.0076 1020 Serial - ok
11:04:11.0123 1020 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:04:11.0154 1020 sermouse - ok
11:04:11.0217 1020 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:04:11.0310 1020 SessionEnv - ok
11:04:11.0342 1020 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:04:11.0373 1020 sffdisk - ok
11:04:11.0404 1020 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:04:11.0451 1020 sffp_mmc - ok
11:04:11.0466 1020 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:04:11.0513 1020 sffp_sd - ok
11:04:11.0560 1020 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:04:11.0607 1020 sfloppy - ok
11:04:11.0654 1020 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:04:11.0794 1020 SharedAccess - ok
11:04:11.0841 1020 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:04:11.0950 1020 ShellHWDetection - ok
11:04:11.0981 1020 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:04:12.0012 1020 SiSRaid2 - ok
11:04:12.0044 1020 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:04:12.0075 1020 SiSRaid4 - ok
11:04:12.0137 1020 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:04:12.0231 1020 Smb - ok
11:04:12.0293 1020 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:04:12.0340 1020 SNMPTRAP - ok
11:04:12.0356 1020 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:04:12.0387 1020 spldr - ok
11:04:12.0418 1020 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
11:04:12.0527 1020 Spooler - ok
11:04:12.0621 1020 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:04:12.0824 1020 sppsvc - ok
11:04:12.0855 1020 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:04:12.0933 1020 sppuinotify - ok
11:04:12.0980 1020 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:04:13.0058 1020 srv - ok
11:04:13.0089 1020 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:04:13.0167 1020 srv2 - ok
11:04:13.0198 1020 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:04:13.0245 1020 SrvHsfHDA - ok
11:04:13.0292 1020 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:04:13.0401 1020 SrvHsfV92 - ok
11:04:13.0432 1020 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:04:13.0494 1020 SrvHsfWinac - ok
11:04:13.0526 1020 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:04:13.0572 1020 srvnet - ok
11:04:13.0604 1020 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:04:13.0697 1020 SSDPSRV - ok
11:04:13.0713 1020 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:04:13.0806 1020 SstpSvc - ok
11:04:13.0838 1020 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:04:13.0869 1020 stexstor - ok
11:04:13.0931 1020 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:04:14.0009 1020 stisvc - ok
11:04:14.0040 1020 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:04:14.0072 1020 swenum - ok
11:04:14.0118 1020 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:04:14.0228 1020 swprv - ok
11:04:14.0306 1020 [ EC4DCA6539EB97376F1A1743D209D842 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:04:14.0399 1020 SynTP - ok
11:04:14.0462 1020 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:04:14.0602 1020 SysMain - ok
11:04:14.0633 1020 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:04:14.0696 1020 TabletInputService - ok
11:04:14.0711 1020 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:04:14.0805 1020 TapiSrv - ok
11:04:14.0820 1020 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:04:14.0898 1020 TBS - ok
11:04:14.0992 1020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:04:15.0164 1020 Tcpip - ok
11:04:15.0226 1020 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:04:15.0288 1020 TCPIP6 - ok
11:04:15.0335 1020 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:04:15.0429 1020 tcpipreg - ok
11:04:15.0444 1020 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:04:15.0507 1020 TDPIPE - ok
11:04:15.0538 1020 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:04:15.0569 1020 TDTCP - ok
11:04:15.0600 1020 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:04:15.0694 1020 tdx - ok
11:04:15.0725 1020 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:04:15.0772 1020 TermDD - ok
11:04:15.0819 1020 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:04:15.0944 1020 TermService - ok
11:04:15.0959 1020 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:04:16.0006 1020 Themes - ok
11:04:16.0022 1020 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:04:16.0100 1020 THREADORDER - ok
11:04:16.0115 1020 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:04:16.0224 1020 TrkWks - ok
11:04:16.0287 1020 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:04:16.0365 1020 TrustedInstaller - ok
11:04:16.0412 1020 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:04:16.0505 1020 tssecsrv - ok
11:04:16.0552 1020 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:04:16.0614 1020 TsUsbFlt - ok
11:04:16.0630 1020 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:04:16.0677 1020 TsUsbGD - ok
11:04:16.0739 1020 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:04:16.0848 1020 tunnel - ok
11:04:16.0880 1020 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:04:16.0926 1020 uagp35 - ok
11:04:16.0958 1020 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:04:17.0067 1020 udfs - ok
11:04:17.0098 1020 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:04:17.0145 1020 UI0Detect - ok
11:04:17.0176 1020 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:04:17.0223 1020 uliagpkx - ok
11:04:17.0254 1020 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:04:17.0332 1020 umbus - ok
11:04:17.0363 1020 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:04:17.0410 1020 UmPass - ok
11:04:17.0457 1020 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:04:17.0550 1020 upnphost - ok
11:04:17.0582 1020 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:04:17.0613 1020 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
11:04:17.0613 1020 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
11:04:17.0644 1020 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:04:17.0691 1020 usbccgp - ok
11:04:17.0738 1020 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:04:17.0784 1020 usbcir - ok
11:04:17.0831 1020 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:04:17.0878 1020 usbehci - ok
11:04:17.0909 1020 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
11:04:17.0940 1020 usbfilter - ok
11:04:17.0972 1020 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:04:18.0050 1020 usbhub - ok
11:04:18.0081 1020 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:04:18.0112 1020 usbohci - ok
11:04:18.0143 1020 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:04:18.0190 1020 usbprint - ok
11:04:18.0237 1020 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:04:18.0284 1020 usbscan - ok
11:04:18.0299 1020 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:04:18.0346 1020 USBSTOR - ok
11:04:18.0362 1020 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:04:18.0408 1020 usbuhci - ok
11:04:18.0440 1020 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:04:18.0502 1020 usbvideo - ok
11:04:18.0533 1020 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:04:18.0627 1020 UxSms - ok
11:04:18.0642 1020 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:04:18.0674 1020 VaultSvc - ok
11:04:18.0705 1020 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:04:18.0736 1020 vdrvroot - ok
11:04:18.0783 1020 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:04:18.0892 1020 vds - ok
11:04:18.0939 1020 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:04:18.0986 1020 vga - ok
11:04:19.0001 1020 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:04:19.0095 1020 VgaSave - ok
11:04:19.0142 1020 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:04:19.0173 1020 vhdmp - ok
11:04:19.0204 1020 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:04:19.0235 1020 viaide - ok
11:04:19.0266 1020 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:04:19.0313 1020 volmgr - ok
11:04:19.0360 1020 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:04:19.0407 1020 volmgrx - ok
11:04:19.0422 1020 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:04:19.0469 1020 volsnap - ok
11:04:19.0500 1020 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:04:19.0547 1020 vsmraid - ok
11:04:19.0625 1020 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:04:19.0812 1020 VSS - ok
11:04:19.0859 1020 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:04:19.0937 1020 vwifibus - ok
11:04:19.0968 1020 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:04:20.0031 1020 vwififlt - ok
11:04:20.0062 1020 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:04:20.0156 1020 W32Time - ok
11:04:20.0187 1020 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:04:20.0249 1020 WacomPen - ok
11:04:20.0280 1020 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:04:20.0390 1020 WANARP - ok
11:04:20.0405 1020 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:04:20.0483 1020 Wanarpv6 - ok
11:04:20.0546 1020 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:04:20.0655 1020 WatAdminSvc - ok
11:04:20.0733 1020 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:04:20.0889 1020 wbengine - ok
11:04:20.0904 1020 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:04:20.0967 1020 WbioSrvc - ok
11:04:21.0014 1020 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:04:21.0076 1020 wcncsvc - ok
11:04:21.0107 1020 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:04:21.0170 1020 WcsPlugInService - ok
11:04:21.0185 1020 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:04:21.0216 1020 Wd - ok
11:04:21.0279 1020 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:04:21.0357 1020 Wdf01000 - ok
11:04:21.0372 1020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:04:21.0544 1020 WdiServiceHost - ok
11:04:21.0544 1020 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:04:21.0591 1020 WdiSystemHost - ok
11:04:21.0606 1020 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:04:21.0731 1020 WebClient - ok
11:04:21.0794 1020 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:04:21.0918 1020 Wecsvc - ok
11:04:21.0934 1020 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:04:22.0012 1020 wercplsupport - ok
11:04:22.0059 1020 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:04:22.0137 1020 WerSvc - ok
11:04:22.0184 1020 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:04:22.0246 1020 WfpLwf - ok
11:04:22.0277 1020 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:04:22.0308 1020 WIMMount - ok
11:04:22.0340 1020 WinDefend - ok
11:04:22.0355 1020 WinHttpAutoProxySvc - ok
11:04:22.0433 1020 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:04:22.0527 1020 Winmgmt - ok
11:04:22.0620 1020 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:04:22.0839 1020 WinRM - ok
11:04:22.0901 1020 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:04:22.0964 1020 WinUsb - ok
11:04:23.0026 1020 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:04:23.0104 1020 Wlansvc - ok
11:04:23.0276 1020 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:04:23.0416 1020 wlidsvc - ok
11:04:23.0463 1020 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:04:23.0494 1020 WmiAcpi - ok
11:04:23.0541 1020 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:04:23.0603 1020 wmiApSrv - ok
11:04:23.0634 1020 WMPNetworkSvc - ok
11:04:23.0681 1020 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:04:23.0744 1020 WPCSvc - ok
11:04:23.0759 1020 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:04:23.0837 1020 WPDBusEnum - ok
11:04:23.0884 1020 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:04:23.0978 1020 ws2ifsl - ok
11:04:24.0009 1020 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:04:24.0071 1020 wscsvc - ok
11:04:24.0087 1020 WSearch - ok
11:04:24.0180 1020 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:04:24.0305 1020 wuauserv - ok
11:04:24.0336 1020 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:04:24.0414 1020 WudfPf - ok
11:04:24.0477 1020 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:04:24.0586 1020 WUDFRd - ok
11:04:24.0617 1020 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:04:24.0695 1020 wudfsvc - ok
11:04:24.0726 1020 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:04:24.0789 1020 WwanSvc - ok
11:04:24.0820 1020 ================ Scan global ===============================
11:04:24.0836 1020 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:04:24.0882 1020 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:04:24.0914 1020 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:04:24.0945 1020 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:04:24.0976 1020 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:04:25.0007 1020 [Global] - ok
11:04:25.0007 1020 ================ Scan MBR ==================================
11:04:25.0023 1020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:04:25.0569 1020 \Device\Harddisk0\DR0 - ok
11:04:25.0569 1020 ================ Scan VBR ==================================
11:04:25.0584 1020 [ CC19002F1A2549251F24115F36038378 ] \Device\Harddisk0\DR0\Partition1
11:04:25.0584 1020 \Device\Harddisk0\DR0\Partition1 - ok
11:04:25.0616 1020 [ 098F8FD3AFDE6FB790CDB0319490B21D ] \Device\Harddisk0\DR0\Partition2
11:04:25.0616 1020 \Device\Harddisk0\DR0\Partition2 - ok
11:04:25.0662 1020 [ E6678DEA60319DCB04F22FF5B0FAED69 ] \Device\Harddisk0\DR0\Partition3
11:04:25.0662 1020 \Device\Harddisk0\DR0\Partition3 - ok
11:04:25.0694 1020 [ 8C5F7B331DCCB8A00D4AF4C1A8C82F01 ] \Device\Harddisk0\DR0\Partition4
11:04:25.0694 1020 \Device\Harddisk0\DR0\Partition4 - ok
11:04:25.0694 1020 ============================================================
11:04:25.0694 1020 Scan finished
11:04:25.0694 1020 ============================================================
11:04:25.0725 3296 Detected object count: 3
11:04:25.0725 3296 Actual detected object count: 3
11:15:19.0090 3296 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0090 3296 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:15:19.0090 3296 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0090 3296 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:15:19.0100 3296 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:15:19.0100 3296 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
wegen den vielen errors...liegt das daran das ich mal (weil ich einen work pc hab) per internetanleitung einige angeblich unnötige sachen deaktiviert hab, wodurch er anscheinend schneller werden soll ? DANKE schonmal! liebe grüsleins |
|
18.01.2013, 18:14
| #4 | |
| /// Malware-holic | browse to save virus Hi das man fehlermeldungen hatt, in der event anzeige ist normal. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.01.2013, 20:46
| #5 |
| | browse to save virusCode:
ATTFilter ComboFix 13-01-17.04 - grinsekathze 18.01.2013 20:21:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.1643.893 [GMT 1:00]
ausgeführt von:: c:\users\grinsekathze\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\cpbmkibemaidoekhhilpbncccjlanopj.crx
c:\programdata\Codecv\data\content.js
c:\programdata\Codecv\data\jsondb.js
c:\programdata\Codecv\settings.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-18 bis 2013-01-18 ))))))))))))))))))))))))))))))
.
.
2013-01-18 19:30 . 2013-01-18 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-18 09:52 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F51BAE48-AE8A-402E-955C-A431863DC46C}\mpengine.dll
2013-01-17 10:22 . 2013-01-17 10:22 -------- d-----w- c:\users\grinsekathze\.thumbnails
2013-01-17 10:19 . 2013-01-17 10:19 -------- d-----w- c:\users\grinsekathze\AppData\Local\fontconfig
2013-01-17 10:19 . 2013-01-17 11:00 -------- d-----w- c:\users\grinsekathze\.gimp-2.8
2013-01-17 10:19 . 2013-01-17 10:19 -------- d-----w- c:\users\grinsekathze\AppData\Local\gegl-0.2
2013-01-17 10:13 . 2013-01-17 10:15 -------- d-----w- c:\program files\GIMP 2
2013-01-10 14:05 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 14:05 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 14:05 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 14:05 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-10 14:05 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-10 14:05 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-10 14:05 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 14:05 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-10 14:04 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-10 14:04 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 15:05 . 2013-01-09 15:05 -------- d-----w- c:\users\grinsekathze\AppData\Roaming\Funmoods
2013-01-09 15:04 . 2013-01-09 15:04 -------- d-----w- c:\users\grinsekathze\AppData\Local\PutLockerDownloader
2013-01-06 11:19 . 2013-01-06 11:19 -------- d-----w- c:\users\grinsekathze\AppData\Roaming\iScreensaver
2013-01-05 13:36 . 2013-01-05 13:36 -------- d-----w- c:\users\grinsekathze\AppData\Local\WinZip
2012-12-21 20:42 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 20:42 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 20:42 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 20:42 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 07:06 . 2012-12-12 23:58 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 23:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 23:59 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 23:59 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 23:59 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 23:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 23:59 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 23:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 23:59 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 23:59 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 23:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 23:59 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 23:59 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 23:59 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 23:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 23:59 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 23:59 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 23:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 23:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 23:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 23:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 23:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 09:43 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:43 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 09:42 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 09:42 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\grinsekathze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-01-06 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-01-06 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-01-06 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-01-06 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-01-06 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-01-06 279200]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-12 86224]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-01-06 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-01-06 53920]
S2 FreemiumSystemStoreService;Freemium System Store Service;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe -displayname Freemium System Store Service -servicename:FreemiumSystemStoreService [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-01 115216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-01-06 28832]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-01-06 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-01-06 379040]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.at/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0B0FtDyD0C0C0E0FtBzytN0D0Tzu0CtAyByDtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1302105681&q=
FF - user.js: extensions.funmoods.id - D0DF9ABF05CCEF29
FF - user.js: extensions.funmoods.instlDay - 15714
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:4:42
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{2D588057-BD3F-075B-B569-0C8FC43F046B} - c:\programdata\Codecv\bhoclass.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-1ClickDownload - c:\program files (x86)\Movie2KDownloader.com\uninst.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FreemiumSystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe\" -displayname \"Freemium System Store Service\" -servicename:FreemiumSystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-118737067-2683697216-1242472475-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:76,d1,19,14,b5,30,fd,69,cd,83,74,41,da,e3,ac,7d,ee,c9,d9,d9,8a,c8,b2,
f6,17,19,92,75,e5,fd,cb,8b,a6,4a,92,8f,bc,bb,b1,be,f4,5a,d3,8e,a9,09,f9,0a,\
"??"=hex:f7,a7,5b,65,81,72,06,82,12,46,31,47,31,e1,b6,f8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-18 20:40:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-18 19:40
.
Vor Suchlauf: 8 Verzeichnis(se), 193.322.848.256 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 195.542.134.784 Bytes frei
.
- - End Of File - - 168E2C9F4172BF5CE777795C92D16A99
hatte keine fehlermeldung beim neustart browse to save is noch da =( mir fällt grad ein..mal ned wichtige frage... was is das genau? trojaner oder was? was richtet es an auf meinem laptop? spioniert das alles aus was ich mache? d.h. sollt ich mir sorgen machen wegen passwörtern, netbanking etc? wie gefährlich is das ding? danke und lg |
|
19.01.2013, 18:15
| #6 |
| /// Malware-holic | browse to save virus Hi das ist adware, sorgen musst du dir keine machen. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> browse to save virus |
|
20.01.2013, 13:19
| #7 |
| | browse to save virus hier das log von malwarebytes leider ist browse to save noch immmer da Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.20.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 grinsekathze :: GRINSEKATHZE-PC [Administrator] 20.01.2013 10:39:25 mbam-log-2013-01-20 (10-39-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 322813 Laufzeit: 1 Stunde(n), 44 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 11 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\ProgramData\Codec\Codec.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\grinsekathze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\grinsekathze\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\grinsekathze\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\grinsekathze\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\grinsekathze\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) lg |
|
20.01.2013, 20:06
| #8 |
| /// Malware-holic | browse to save virus Hi dafür aber einige anderen Toolbars, wir kommen voran. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 12:11
| #9 |
| | browse to save virusCode:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 17.01.2013 6,00MB 11.4.402.278 UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist Adobe Flash Player 11 Plugin Adobe Systems Incorporated 17.01.2013 6,00MB 11.4.402.287 UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist Adobe Reader XI (11.0.01) - Deutsch Adobe Systems Incorporated 13.01.2013 133MB 11.0.01 NOTWENDIG Atheros Driver Installation Program Atheros 16.08.2011 9.2 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist ATI Catalyst Install Manager ATI Technologies, Inc. 16.08.2011 22,4MB 3.0.808.0 NOTWENDIG ?? ati = grafikkarte? Avira Free Antivirus Avira 17.01.2013 105MB 12.1.9.1236 UNNÖTIG Bluetooth Win7 Suite (64) Atheros Communications 16.08.2011 59,4MB 7.02.000.55 UNNÖTIG Bonjour Apple Inc. 26.12.2011 2,04MB 3.0.0.10 UNNÖTIG BZW UNBEKANNT weiß nicht wie wichtig und für was es gut ist CCleaner Piriform 19.12.2012 3.26 NOTWENDIG Cisco EAP-FAST Module Cisco Systems, Inc. 16.08.2011 1,55MB 2.2.14 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Cisco LEAP Module Cisco Systems, Inc. 16.08.2011 644KB 1.0.19 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Cisco PEAP Module Cisco Systems, Inc. 16.08.2011 1,23MB 1.1.6 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist CyberLink YouCam CyberLink Corp. 16.08.2011 102MB 3.2.1.3726 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Energy Star Digital Logo Hewlett-Packard 16.08.2011 300KB 1.0.1 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist FreeRIP 3.92 GreenTree Applications SRL 17.01.2013 3.92 UNNÖTIG GIMP 2.8.2 The GIMP Team 17.01.2013 244MB 2.8.2 UNNÖTIG HP Documentation Hewlett-Packard 10.05.2011 304MB 1.1.0.0 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind HP On Screen Display Hewlett-Packard Company 10.05.2011 1,43MB 1.0.7 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind HP Power Manager Hewlett-Packard Company 16.08.2011 3,61MB 1.2.1 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind HP Quick Launch Hewlett-Packard Company 10.05.2011 7,14MB 2.3.6 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind HP Setup Hewlett-Packard Company 10.05.2011 8.5.4526.3645 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind HP Software Framework Hewlett-Packard Company 10.05.2011 2,80MB 4.0.108.1 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind HP Support Assistant Hewlett-Packard Company 10.05.2011 62,9MB 5.1.11.1 UNBEKANNT bzw weiß nicht welche hp sachen notwendig sind HP Wireless Assistant Hewlett-Packard 10.05.2011 5,60MB 4.0.10.0 NOTWENDIG - wlan Java(TM) 6 Update 22 Oracle 10.05.2011 97,0MB 6.0.220 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Java(TM) 6 Update 22 (64-bit) Oracle 10.05.2011 90,6MB 6.0.220 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist JDownloader 0.9 AppWork GmbH 19.01.2013 0.9 UNNÖTIG Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 20.01.2013 18,4MB 1.70.0.1100 NOTWENDIG sollt ich ev. behalten? Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 12.09.2012 90,8MB 12.0.4518.1014 NOTWENDIG Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.05.2011 1,69MB 3.1.0000 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 03.03.2012 338KB 8.0.59193 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 16.08.2011 620KB 8.0.59192 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 03.03.2012 308KB 8.0.51011 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.05.2011 788KB 9.0.30729 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 16.08.2011 788KB 9.0.30729.4148 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 08.11.2012 788KB 9.0.30729.6161 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.08.2011 592KB 9.0.30729.4148 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 08.11.2012 600KB 9.0.30729.6161 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 16.08.2011 13,6MB 10.0.30319 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.11.2011 11,1MB 10.0.40219 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Microsoft_VC90_CRT_x86 Microsoft Corporation 10.05.2011 1,37MB 1.0.0 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Mozilla Firefox 18.0.1 (x86 de) Mozilla 19.01.2013 52,1MB 18.0.1 NOTWENDIG Mozilla Maintenance Service Mozilla 19.01.2013 330KB 18.0.1 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist OpenOffice.org 3.4.1 Apache Software Foundation 08.11.2012 331MB 3.41.9593 NOTWENDIG Realtek Ethernet Controller Driver Realtek 16.08.2011 7.42.304.2011 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist (router???) Realtek High Definition Audio Driver Realtek Semiconductor Corp. 16.08.2011 6.0.1.6287 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Realtek PCIE Card Reader Realtek Semiconductor Corp. 16.08.2011 6.1.7600.77 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Sandboxie 3.76 (64-bit) SANDBOXIE L.T.D 20.01.2013 3.76 NOTWENDIG Skype™ 5.1 Skype Technologies S.A. 10.05.2011 22,5MB 5.1.104 UNNÖTIG Synaptics Pointing Device Driver Synaptics Incorporated 16.08.2011 46,4MB 15.2.4.3 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist VLC media player 2.0.4 VideoLAN 08.11.2012 2.0.4 NOTWENGIG Windows Live Essentials Microsoft Corporation 10.05.2011 15.4.3508.1109 UNBEKANNT bzw weiß nicht wie wichtig und für was es gut ist Windows Media Player Firefox Plugin Microsoft Corp 21.01.2012 296KB 1.0.0.8 UNNÖTIG WinRAR 4.10 beta 2 (64-bit) win.rar GmbH 14.12.2011 4.10.2 UNNÖTIG WinZip 14.5 WinZip Computing, S.L. 24.11.2011 19,9MB 14.5.9095 UNNÖTIG µTorrent 17.01.2013 3.0.0 UNNÖTIG ....bei den meisten blinkt zwar ein lamperl in meinem kopf wenn ichs les, weiß aber einfach nicht wozu es gut ist ..sorry hab auch schon überlegt neu aufzusetzen aber das hab ich noch nie gemacht und hab davor bisschen schiss, zumal die recovery auf laufwerk D is und ich keine cd hab --> null plan^^ sandboxie hat mir mein bruder empfohlen und benutz ich jez auch seit samstag aja, mein laptop is übrigens seit dem herumgelösche etc um einiges langsamer geworden bzw er reagiertt irgendwie langsamer ...  grüsleins edit mir fällt grad ein dass ich ja vor einigen tagen in der msconfig die meisten "nicht-microsoft-dienste" deaktiviert hab...auf anraten mit begründung dass er dann schneller läuft....hmm...läuft er deshalb jetzt vielleicht langsamer?? Geändert von siskat (21.01.2013 um 12:33 Uhr) |
|
21.01.2013, 13:01
| #10 |
| /// Malware-holic | browse to save virus deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader download - All versions haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: CyberLink FreeRIP GIMP Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: JDownloader Windows Live : für dich unnötige. µTorrent Öffne mal malwarebytes, und gucke, ob der Hintergrund wächter aktiv ist, falls ja, deaktivieren, neustarten und testen. öffne CCleaner, extras, autostart liste, pals txt speichern inhalt posten. warum konfigurierst du irgendwas an dem gerät, frag doch einfach mal vorher... macht mir die arbeit nicht unbedingt einfacher. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 13:36
| #11 |
| | browse to save virus bei freerip: error: 2 - das system kann die angegebene datei nicht finden. bei jdownloader steht no JVM could be found on your system. please define EXEJ_JAVA_HOME to point to an installed 32-bit JDK or JRE or download a JRE from www.java.com mc afee security scan plus hats trotzdem installiert obwohl ich den haken weggeklickt habe.. Geändert von siskat (21.01.2013 um 14:04 Uhr) |
|
21.01.2013, 13:42
| #12 |
| /// Malware-holic | browse to save virus
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 15:02
| #13 |
| | browse to save virus adw cleaner nach neustart Code:
ATTFilter # AdwCleaner v2.106 - Datei am 21/01/2013 um 14:52:26 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : grinsekathze - GRINSEKATHZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\grinsekathze\Desktop\adwcleaner06.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\funmoods.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\SweetIm.xml
Datei Gefunden : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\Web Search.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\FreeRIP
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\grinsekathze\AppData\Local\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\Funmoods
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\grinsekathze\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-118737067-2683697216-1242472475-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\prefs.js
Gefunden : user_pref("extensions.501e6fa18eea5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gefunden : user_pref("extensions.enabledAddons", "501e6fa18edf8%40501e6fa18ee31.info:1.0,DivXWebPlayer%40divx.c[...]
Gefunden : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Gefunden : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true);
Gefunden : user_pref("extensions.funmoods.aflt", "nv1");
Gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Gefunden : user_pref("extensions.funmoods.cntry", "AT");
Gefunden : user_pref("extensions.funmoods.cv", "cv5");
Gefunden : user_pref("extensions.funmoods.dfltLng", "");
Gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Gefunden : user_pref("extensions.funmoods.dnsErr", true);
Gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Gefunden : user_pref("extensions.funmoods.excTlbr", false);
Gefunden : user_pref("extensions.funmoods.hdrMd5", "95A62F3E1104E70F6B5ADABB17E13675");
Gefunden : user_pref("extensions.funmoods.hmpg", true);
Gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1[...]
Gefunden : user_pref("extensions.funmoods.id", "D0DF9ABF05CCEF29");
Gefunden : user_pref("extensions.funmoods.instlDay", "15714");
Gefunden : user_pref("extensions.funmoods.instlRef", "nv1");
Gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gefunden : user_pref("extensions.funmoods.newTab", true);
Gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2[...]
Gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods.sg", "none");
Gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEt[...]
Gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gefunden : user_pref("extensions.funmoods_i.newTab", true);
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:4:42");
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("extensions.softonic_i.aflt", "SD");
Gefunden : user_pref("extensions.softonic_i.dfltLng", "de");
Gefunden : user_pref("extensions.softonic_i.excTlbr", false);
Gefunden : user_pref("extensions.softonic_i.id", "6eacef29000000000000d0df9abf4704");
Gefunden : user_pref("extensions.softonic_i.instlDay", "15395");
Gefunden : user_pref("extensions.softonic_i.instlRef", "MON00016");
Gefunden : user_pref("extensions.softonic_i.newTab", false);
Gefunden : user_pref("extensions.softonic_i.prdct", "softonic");
Gefunden : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gefunden : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gefunden : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Gefunden : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...]
Gefunden : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gefunden : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:56:21");
Gefunden : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gefunden : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&[...]
*************************
AdwCleaner[R1].txt - [10860 octets] - [20/01/2013 18:38:10]
AdwCleaner[R2].txt - [10663 octets] - [21/01/2013 14:52:26]
########## EOF - C:\AdwCleaner[R2].txt - [10724 octets] ##########
ccleaner autostartliste nach neustart Code:
ATTFilter Ja HKCU:Run SandboxieControl SANDBOXIE L.T.D "C:\Program Files\Sandboxie\SbieCtrl.exe"
Ja HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja HKLM:Run AthBtTray Atheros Commnucations "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
Ja HKLM:Run AtherosBtStack Atheros Communications "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
Ja HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Ja HKLM:Run HP Quick Launch Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
Ja HKLM:Run HPOSD Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
Ja HKLM:Run HPWirelessAssistant C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
Ja HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
Ja HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Ja Startup User OpenOffice.org 3.4.1.lnk C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
jdownloader entfernen hat funktioniert mit revo freerip is aus der deinstal liste bei CCleaner verschwunden, wurde aba nicht deinstalliert...finde freerip auch mit revo nichtmehr soll ich die quarantäneliste von Malwarebytes löschen? achja hab auch gleich mit revo den mc afee sec scan gelöscht hintergrundwächter find ich nicht bei malwarebytes thx |
|
21.01.2013, 15:11
| #14 |
| /// Malware-holic | browse to save virus ccleaner Autostart, alle Haken raus, außer: SandboxieControl avgnt HPWirelessAssistant SynTPEnh und den haken bei startup raus. neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten, teste, wie der PC läuft + Programme wie browser.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 17:22
| #15 |
| | browse to save virus ja, mein lappi is definitiv wieder schneller  log nach 1xneustart Code:
ATTFilter # AdwCleaner v2.106 - Datei am 21/01/2013 um 17:04:18 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : grinsekathze - GRINSEKATHZE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\grinsekathze\Desktop\adwcleaner06.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\funmoods.xml
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\grinsekathze\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\grinsekathze\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=198a6544-cc40-4f60-8c55-84412599d5ca&searchtype=hp&exp=true --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\prefs.js
C:\Users\grinsekathze\AppData\Roaming\Mozilla\Firefox\Profiles\00ave1we.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.501e6fa18eea5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Gelöscht : user_pref("extensions.enabledAddons", "501e6fa18edf8%40501e6fa18ee31.info:1.0,DivXWebPlayer%40divx.c[...]
Gelöscht : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Gelöscht : user_pref("extensions.ffxtlbra@softonic.com.install-event-fired", true);
Gelöscht : user_pref("extensions.funmoods.aflt", "nv1");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.cntry", "AT");
Gelöscht : user_pref("extensions.funmoods.cv", "cv5");
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hdrMd5", "95A62F3E1104E70F6B5ADABB17E13675");
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1[...]
Gelöscht : user_pref("extensions.funmoods.id", "D0DF9ABF05CCEF29");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15714");
Gelöscht : user_pref("extensions.funmoods.instlRef", "nv1");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTab", true);
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.sg", "none");
Gelöscht : user_pref("extensions.funmoods.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEt[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:4:42");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("extensions.softonic_i.aflt", "SD");
Gelöscht : user_pref("extensions.softonic_i.dfltLng", "de");
Gelöscht : user_pref("extensions.softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.softonic_i.id", "6eacef29000000000000d0df9abf4704");
Gelöscht : user_pref("extensions.softonic_i.instlDay", "15395");
Gelöscht : user_pref("extensions.softonic_i.instlRef", "MON00016");
Gelöscht : user_pref("extensions.softonic_i.newTab", false);
Gelöscht : user_pref("extensions.softonic_i.prdct", "softonic");
Gelöscht : user_pref("extensions.softonic_i.prtnrId", "softonic");
Gelöscht : user_pref("extensions.softonic_i.smplGrp", "eng7");
Gelöscht : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault_chrome");
Gelöscht : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00016/tb_v1?SearchSour[...]
Gelöscht : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Gelöscht : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.521:56:21");
Gelöscht : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&[...]
*************************
AdwCleaner[R1].txt - [10860 octets] - [20/01/2013 18:38:10]
AdwCleaner[R2].txt - [10768 octets] - [21/01/2013 14:52:26]
AdwCleaner[S2].txt - [10690 octets] - [21/01/2013 17:04:18]
########## EOF - C:\AdwCleaner[S2].txt - [10751 octets] ##########
browse to safe noch da ..is ja schräg edit browser startet zwar schneller aber switch zwischen den tabs ir ur zach |
|
| Themen zu browse to save virus |
| 1clickdownload, adobe reader xi, antivir, bonjour, browse to save, desktop, error, failed, firefox, flash player, freemium, icreinstall, install.exe, installation, launch, logfile, mozilla, msiexec.exe, msiinstaller, plug-in, problem, realtek, registry, scan, security, software, starten, starten des servers fehlgeschlagen (0x80080005), svchost.exe, windows |
Linear-Darstellung
