| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: Ransom und PUM.UserWLoadWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2013, 11:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner: Ransom und PUM.UserWLoad Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.01.2013, 12:31
| #17 |
 | Trojaner: Ransom und PUM.UserWLoad Hallo,
__________________hab alles wie vorgeschlagen ausgeführt. Anbei nun der neue Log vom TDSS-Killer: Code:
ATTFilter 12:28:30.0490 4496 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:28:30.0670 4496 ============================================================
12:28:30.0670 4496 Current date / time: 2013/01/30 12:28:30.0670
12:28:30.0670 4496 SystemInfo:
12:28:30.0670 4496
12:28:30.0670 4496 OS Version: 6.1.7601 ServicePack: 1.0
12:28:30.0670 4496 Product type: Workstation
12:28:30.0670 4496 ComputerName: RM-PC
12:28:30.0670 4496 UserName: RM
12:28:30.0670 4496 Windows directory: C:\Windows
12:28:30.0670 4496 System windows directory: C:\Windows
12:28:30.0670 4496 Running under WOW64
12:28:30.0670 4496 Processor architecture: Intel x64
12:28:30.0670 4496 Number of processors: 4
12:28:30.0670 4496 Page size: 0x1000
12:28:30.0670 4496 Boot type: Normal boot
12:28:30.0670 4496 ============================================================
12:28:31.0120 4496 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:28:31.0120 4496 ============================================================
12:28:31.0120 4496 \Device\Harddisk0\DR0:
12:28:31.0120 4496 MBR partitions:
12:28:31.0120 4496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x950ABA9
12:28:31.0140 4496 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC005000, BlocksNum 0x19429000
12:28:31.0140 4496 ============================================================
12:28:31.0190 4496 C: <-> \Device\Harddisk0\DR0\Partition1
12:28:31.0210 4496 D: <-> \Device\Harddisk0\DR0\Partition2
12:28:31.0210 4496 ============================================================
12:28:31.0210 4496 Initialize success
12:28:31.0210 4496 ============================================================
12:29:00.0424 4688 ============================================================
12:29:00.0424 4688 Scan started
12:29:00.0424 4688 Mode: Manual; SigCheck; TDLFS;
12:29:00.0424 4688 ============================================================
12:29:00.0923 4688 ================ Scan system memory ========================
12:29:00.0923 4688 System memory - ok
12:29:00.0923 4688 ================ Scan services =============================
12:29:01.0188 4688 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:29:01.0313 4688 1394ohci - ok
12:29:01.0375 4688 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:29:01.0391 4688 ACPI - ok
12:29:01.0406 4688 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:29:01.0453 4688 AcpiPmi - ok
12:29:01.0656 4688 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:29:01.0672 4688 AdobeARMservice - ok
12:29:01.0734 4688 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:29:01.0750 4688 adp94xx - ok
12:29:01.0812 4688 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:29:01.0828 4688 adpahci - ok
12:29:01.0874 4688 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:29:01.0890 4688 adpu320 - ok
12:29:01.0921 4688 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:29:01.0984 4688 AeLookupSvc - ok
12:29:02.0124 4688 [ 079CBA3C5C9AB11B2B4E6BD729A860F2 ] AFBAgent C:\Windows\system32\FBAgent.exe
12:29:02.0140 4688 AFBAgent - ok
12:29:02.0233 4688 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:29:02.0296 4688 AFD - ok
12:29:02.0342 4688 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:29:02.0358 4688 agp440 - ok
12:29:02.0389 4688 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:29:02.0467 4688 ALG - ok
12:29:02.0530 4688 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:29:02.0545 4688 aliide - ok
12:29:02.0561 4688 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:29:02.0576 4688 amdide - ok
12:29:02.0623 4688 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:29:02.0654 4688 AmdK8 - ok
12:29:02.0686 4688 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:29:02.0717 4688 AmdPPM - ok
12:29:02.0748 4688 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:29:02.0764 4688 amdsata - ok
12:29:02.0795 4688 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:29:02.0810 4688 amdsbs - ok
12:29:02.0826 4688 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:29:02.0826 4688 amdxata - ok
12:29:02.0904 4688 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
12:29:02.0920 4688 Amsp - ok
12:29:03.0060 4688 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:29:03.0076 4688 AntiVirSchedulerService - ok
12:29:03.0107 4688 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:29:03.0107 4688 AntiVirService - ok
12:29:03.0154 4688 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:29:03.0216 4688 AppID - ok
12:29:03.0278 4688 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:29:03.0356 4688 AppIDSvc - ok
12:29:03.0434 4688 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:29:03.0466 4688 Appinfo - ok
12:29:03.0544 4688 [ BC79F60984A8A7D1AF4AF6E281BD12FB ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
12:29:03.0559 4688 Application Updater - ok
12:29:03.0637 4688 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:29:03.0637 4688 arc - ok
12:29:03.0653 4688 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:29:03.0668 4688 arcsas - ok
12:29:03.0746 4688 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
12:29:03.0762 4688 ASLDRService - ok
12:29:03.0778 4688 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
12:29:03.0778 4688 ASMMAP64 - ok
12:29:03.0949 4688 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:29:03.0949 4688 aspnet_state - ok
12:29:03.0980 4688 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:04.0058 4688 AsyncMac - ok
12:29:04.0136 4688 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:29:04.0152 4688 atapi - ok
12:29:04.0230 4688 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:29:04.0370 4688 athr - ok
12:29:04.0433 4688 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
12:29:04.0448 4688 ATKGFNEXSrv - ok
12:29:04.0495 4688 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
12:29:04.0511 4688 ATKWMIACPIIO - ok
12:29:04.0558 4688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:29:04.0651 4688 AudioEndpointBuilder - ok
12:29:04.0667 4688 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:29:04.0698 4688 AudioSrv - ok
12:29:04.0745 4688 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:29:04.0760 4688 avgntflt - ok
12:29:04.0792 4688 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:29:04.0807 4688 avipbb - ok
12:29:04.0823 4688 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:29:04.0838 4688 avkmgr - ok
12:29:04.0885 4688 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:29:04.0979 4688 AxInstSV - ok
12:29:05.0041 4688 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:29:05.0182 4688 b06bdrv - ok
12:29:05.0244 4688 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:05.0291 4688 b57nd60a - ok
12:29:05.0338 4688 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:29:05.0400 4688 BDESVC - ok
12:29:05.0416 4688 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:29:05.0478 4688 Beep - ok
12:29:05.0572 4688 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:29:05.0681 4688 BFE - ok
12:29:05.0759 4688 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:29:05.0837 4688 BITS - ok
12:29:05.0868 4688 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:05.0915 4688 blbdrive - ok
12:29:05.0993 4688 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:29:06.0008 4688 Bonjour Service - ok
12:29:06.0055 4688 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:29:06.0086 4688 bowser - ok
12:29:06.0133 4688 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:29:06.0164 4688 BrFiltLo - ok
12:29:06.0180 4688 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:29:06.0227 4688 BrFiltUp - ok
12:29:06.0274 4688 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
12:29:06.0336 4688 Browser - ok
12:29:06.0367 4688 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:29:06.0427 4688 Brserid - ok
12:29:06.0437 4688 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:06.0497 4688 BrSerWdm - ok
12:29:06.0517 4688 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:06.0567 4688 BrUsbMdm - ok
12:29:06.0567 4688 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:06.0597 4688 BrUsbSer - ok
12:29:06.0617 4688 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:29:06.0647 4688 BTHMODEM - ok
12:29:06.0697 4688 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:29:06.0737 4688 bthserv - ok
12:29:06.0767 4688 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:29:06.0797 4688 cdfs - ok
12:29:06.0837 4688 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:29:06.0867 4688 cdrom - ok
12:29:06.0907 4688 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:29:06.0957 4688 CertPropSvc - ok
12:29:07.0007 4688 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:29:07.0037 4688 circlass - ok
12:29:07.0087 4688 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:29:07.0107 4688 CLFS - ok
12:29:07.0177 4688 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:07.0187 4688 clr_optimization_v2.0.50727_32 - ok
12:29:07.0227 4688 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:29:07.0247 4688 clr_optimization_v2.0.50727_64 - ok
12:29:07.0327 4688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:29:07.0337 4688 clr_optimization_v4.0.30319_32 - ok
12:29:07.0357 4688 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:29:07.0367 4688 clr_optimization_v4.0.30319_64 - ok
12:29:07.0407 4688 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:07.0437 4688 CmBatt - ok
12:29:07.0477 4688 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:29:07.0487 4688 cmdide - ok
12:29:07.0527 4688 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:29:07.0557 4688 CNG - ok
12:29:07.0577 4688 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:29:07.0587 4688 Compbatt - ok
12:29:07.0617 4688 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:29:07.0657 4688 CompositeBus - ok
12:29:07.0667 4688 COMSysApp - ok
12:29:07.0767 4688 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
12:29:07.0787 4688 cphs - ok
12:29:07.0847 4688 [ 8F5B84350BFC4FE3A65D921B4BD0E737 ] cpuz135 C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys
12:29:07.0857 4688 cpuz135 - ok
12:29:07.0897 4688 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:29:07.0907 4688 crcdisk - ok
12:29:07.0947 4688 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:29:07.0967 4688 CryptSvc - ok
12:29:08.0117 4688 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:29:08.0137 4688 cvhsvc - ok
12:29:08.0187 4688 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:29:08.0257 4688 DcomLaunch - ok
12:29:08.0307 4688 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:29:08.0357 4688 defragsvc - ok
12:29:08.0387 4688 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:29:08.0444 4688 DfsC - ok
12:29:08.0522 4688 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:29:08.0538 4688 dg_ssudbus - ok
12:29:08.0569 4688 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:29:08.0600 4688 Dhcp - ok
12:29:08.0662 4688 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:29:08.0725 4688 discache - ok
12:29:08.0772 4688 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:29:08.0787 4688 Disk - ok
12:29:08.0803 4688 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:29:08.0850 4688 Dnscache - ok
12:29:08.0896 4688 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:29:08.0959 4688 dot3svc - ok
12:29:08.0974 4688 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:29:09.0021 4688 DPS - ok
12:29:09.0084 4688 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:29:09.0115 4688 drmkaud - ok
12:29:09.0162 4688 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:29:09.0177 4688 dtsoftbus01 - ok
12:29:09.0224 4688 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:29:09.0271 4688 DXGKrnl - ok
12:29:09.0302 4688 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:29:09.0349 4688 EapHost - ok
12:29:09.0427 4688 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:29:09.0552 4688 ebdrv - ok
12:29:09.0598 4688 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:29:09.0661 4688 EFS - ok
12:29:09.0739 4688 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:29:09.0848 4688 ehRecvr - ok
12:29:09.0895 4688 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:29:09.0957 4688 ehSched - ok
12:29:10.0035 4688 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:29:10.0051 4688 elxstor - ok
12:29:10.0098 4688 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:29:10.0113 4688 ErrDev - ok
12:29:10.0160 4688 [ 5B042AA9CEBDAB5B61E747DDCEBFF51B ] ETD C:\Windows\system32\DRIVERS\ETD.sys
12:29:10.0176 4688 ETD - ok
12:29:10.0207 4688 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:29:10.0269 4688 EventSystem - ok
12:29:10.0363 4688 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:29:10.0410 4688 ew_hwusbdev - ok
12:29:10.0441 4688 [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
12:29:10.0488 4688 ew_usbenumfilter - ok
12:29:10.0534 4688 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:29:10.0581 4688 exfat - ok
12:29:10.0612 4688 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:29:10.0659 4688 fastfat - ok
12:29:10.0706 4688 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:29:10.0753 4688 Fax - ok
12:29:10.0784 4688 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:29:10.0815 4688 fdc - ok
12:29:10.0862 4688 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:29:10.0940 4688 fdPHost - ok
12:29:10.0971 4688 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:29:11.0002 4688 FDResPub - ok
12:29:11.0049 4688 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:29:11.0065 4688 FileInfo - ok
12:29:11.0080 4688 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:29:11.0143 4688 Filetrace - ok
12:29:11.0200 4688 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:11.0220 4688 flpydisk - ok
12:29:11.0260 4688 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:29:11.0270 4688 FltMgr - ok
12:29:11.0330 4688 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:29:11.0410 4688 FontCache - ok
12:29:11.0460 4688 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:29:11.0470 4688 FontCache3.0.0.0 - ok
12:29:11.0490 4688 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:29:11.0500 4688 FsDepends - ok
12:29:11.0550 4688 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:29:11.0560 4688 Fs_Rec - ok
12:29:11.0600 4688 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:29:11.0620 4688 fvevol - ok
12:29:11.0650 4688 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:29:11.0660 4688 gagp30kx - ok
12:29:11.0710 4688 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:29:11.0780 4688 gpsvc - ok
12:29:11.0860 4688 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:11.0870 4688 gupdate - ok
12:29:11.0910 4688 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:29:11.0920 4688 gupdatem - ok
12:29:11.0960 4688 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:29:12.0030 4688 hcw85cir - ok
12:29:12.0080 4688 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:29:12.0120 4688 HdAudAddService - ok
12:29:12.0150 4688 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:29:12.0180 4688 HDAudBus - ok
12:29:12.0200 4688 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:29:12.0230 4688 HidBatt - ok
12:29:12.0250 4688 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:29:12.0280 4688 HidBth - ok
12:29:12.0320 4688 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:29:12.0350 4688 HidIr - ok
12:29:12.0380 4688 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:29:12.0430 4688 hidserv - ok
12:29:12.0490 4688 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
12:29:12.0500 4688 HidUsb - ok
12:29:12.0530 4688 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:29:12.0580 4688 hkmsvc - ok
12:29:12.0610 4688 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:29:12.0680 4688 HomeGroupListener - ok
12:29:12.0710 4688 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:29:12.0750 4688 HomeGroupProvider - ok
12:29:12.0860 4688 [ D1E9CB573A9EDF7BE12E9C57F32E97F7 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
12:29:12.0890 4688 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning
12:29:12.0890 4688 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)
12:29:12.0930 4688 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:29:12.0950 4688 HpSAMD - ok
12:29:13.0000 4688 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:29:13.0060 4688 HTTP - ok
12:29:13.0100 4688 [ B83B273ADD4272CD7C6AF8191F76822D ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
12:29:13.0150 4688 huawei_cdcacm - ok
12:29:13.0210 4688 [ BAFE6B0B92BE69144D59907550A07678 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
12:29:13.0230 4688 huawei_enumerator - ok
12:29:13.0280 4688 [ 1516C281F2A824D17EAA08A6BE30BC00 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
12:29:13.0330 4688 huawei_ext_ctrl - ok
12:29:13.0370 4688 [ B960EE5D3440FEF5F4588ACAE05A8043 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
12:29:13.0390 4688 huawei_wwanecm - ok
12:29:13.0400 4688 [ F47F112DC883F7A9E4618A006CC6DE1B ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:29:13.0460 4688 hwdatacard - ok
12:29:13.0490 4688 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:29:13.0500 4688 hwpolicy - ok
12:29:13.0540 4688 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:29:13.0560 4688 i8042prt - ok
12:29:13.0600 4688 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:29:13.0610 4688 iaStor - ok
12:29:13.0650 4688 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:29:13.0670 4688 iaStorV - ok
12:29:13.0730 4688 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:29:13.0750 4688 idsvc - ok
12:29:14.0040 4688 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:29:14.0418 4688 igfx - ok
12:29:14.0449 4688 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:29:14.0465 4688 iirsp - ok
12:29:14.0527 4688 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:29:14.0590 4688 IKEEXT - ok
12:29:14.0668 4688 [ 3E3926F4FA7C9162C5C3EC6BF1E4F349 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:29:14.0777 4688 IntcAzAudAddService - ok
12:29:14.0839 4688 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:29:14.0870 4688 IntcDAud - ok
12:29:14.0902 4688 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:29:14.0917 4688 intelide - ok
12:29:14.0964 4688 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:29:14.0995 4688 intelppm - ok
12:29:15.0026 4688 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:29:15.0073 4688 IPBusEnum - ok
12:29:15.0089 4688 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:15.0151 4688 IpFilterDriver - ok
12:29:15.0214 4688 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:29:15.0260 4688 iphlpsvc - ok
12:29:15.0307 4688 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:29:15.0338 4688 IPMIDRV - ok
12:29:15.0432 4688 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:29:15.0479 4688 IPNAT - ok
12:29:15.0510 4688 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:29:15.0557 4688 IRENUM - ok
12:29:15.0619 4688 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:29:15.0619 4688 isapnp - ok
12:29:15.0666 4688 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:29:15.0666 4688 iScsiPrt - ok
12:29:15.0728 4688 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:29:15.0744 4688 kbdclass - ok
12:29:15.0791 4688 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:29:15.0806 4688 kbdhid - ok
12:29:15.0869 4688 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
12:29:15.0869 4688 kbfiltr - ok
12:29:15.0884 4688 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:29:15.0884 4688 KeyIso - ok
12:29:15.0916 4688 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:29:15.0931 4688 KSecDD - ok
12:29:15.0978 4688 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:29:15.0994 4688 KSecPkg - ok
12:29:16.0040 4688 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:29:16.0087 4688 ksthunk - ok
12:29:16.0134 4688 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:29:16.0165 4688 KtmRm - ok
12:29:16.0212 4688 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:29:16.0243 4688 LanmanServer - ok
12:29:16.0274 4688 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:29:16.0321 4688 LanmanWorkstation - ok
12:29:16.0384 4688 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:29:16.0430 4688 lltdio - ok
12:29:16.0493 4688 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:29:16.0540 4688 lltdsvc - ok
12:29:16.0586 4688 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:29:16.0638 4688 lmhosts - ok
12:29:16.0728 4688 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:29:16.0738 4688 LSI_FC - ok
12:29:16.0748 4688 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:29:16.0758 4688 LSI_SAS - ok
12:29:16.0818 4688 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:29:16.0828 4688 LSI_SAS2 - ok
12:29:16.0838 4688 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:29:16.0848 4688 LSI_SCSI - ok
12:29:16.0888 4688 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:29:16.0938 4688 luafv - ok
12:29:16.0998 4688 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:29:17.0018 4688 Mcx2Svc - ok
12:29:17.0028 4688 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:29:17.0038 4688 megasas - ok
12:29:17.0048 4688 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:29:17.0058 4688 MegaSR - ok
12:29:17.0098 4688 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:29:17.0108 4688 MEIx64 - ok
12:29:17.0188 4688 Microsoft SharePoint Workspace Audit Service - ok
12:29:17.0228 4688 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:29:17.0278 4688 MMCSS - ok
12:29:17.0298 4688 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:29:17.0338 4688 Modem - ok
12:29:17.0368 4688 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:29:17.0408 4688 monitor - ok
12:29:17.0428 4688 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:29:17.0448 4688 mouclass - ok
12:29:17.0468 4688 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:29:17.0498 4688 mouhid - ok
12:29:17.0538 4688 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:29:17.0548 4688 mountmgr - ok
12:29:17.0568 4688 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:29:17.0588 4688 mpio - ok
12:29:17.0598 4688 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:29:17.0648 4688 mpsdrv - ok
12:29:17.0728 4688 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:29:17.0768 4688 MpsSvc - ok
12:29:17.0788 4688 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:29:17.0818 4688 MRxDAV - ok
12:29:17.0848 4688 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:17.0868 4688 mrxsmb - ok
12:29:17.0918 4688 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:17.0938 4688 mrxsmb10 - ok
12:29:17.0978 4688 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:17.0998 4688 mrxsmb20 - ok
12:29:18.0038 4688 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:29:18.0048 4688 msahci - ok
12:29:18.0068 4688 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:29:18.0088 4688 msdsm - ok
12:29:18.0098 4688 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:29:18.0128 4688 MSDTC - ok
12:29:18.0178 4688 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:29:18.0228 4688 Msfs - ok
12:29:18.0258 4688 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:29:18.0318 4688 mshidkmdf - ok
12:29:18.0358 4688 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:29:18.0368 4688 msisadrv - ok
12:29:18.0398 4688 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:29:18.0448 4688 MSiSCSI - ok
12:29:18.0458 4688 msiserver - ok
12:29:18.0478 4688 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:29:18.0528 4688 MSKSSRV - ok
12:29:18.0568 4688 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:18.0618 4688 MSPCLOCK - ok
12:29:18.0628 4688 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:29:18.0663 4688 MSPQM - ok
12:29:18.0726 4688 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:29:18.0741 4688 MsRPC - ok
12:29:18.0772 4688 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:29:18.0772 4688 mssmbios - ok
12:29:18.0788 4688 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:29:18.0835 4688 MSTEE - ok
12:29:18.0850 4688 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:29:18.0866 4688 MTConfig - ok
12:29:18.0897 4688 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:29:18.0913 4688 Mup - ok
12:29:18.0944 4688 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:29:19.0006 4688 napagent - ok
12:29:19.0069 4688 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:29:19.0116 4688 NativeWifiP - ok
12:29:19.0162 4688 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:29:19.0194 4688 NDIS - ok
12:29:19.0209 4688 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:19.0256 4688 NdisCap - ok
12:29:19.0272 4688 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:19.0334 4688 NdisTapi - ok
12:29:19.0365 4688 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:19.0412 4688 Ndisuio - ok
12:29:19.0443 4688 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:19.0506 4688 NdisWan - ok
12:29:19.0537 4688 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:29:19.0584 4688 NDProxy - ok
12:29:19.0646 4688 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:29:19.0662 4688 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:29:19.0662 4688 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:29:19.0708 4688 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:29:19.0771 4688 NetBIOS - ok
12:29:19.0802 4688 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:29:19.0849 4688 NetBT - ok
12:29:19.0896 4688 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:29:19.0911 4688 Netlogon - ok
12:29:19.0958 4688 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:29:20.0020 4688 Netman - ok
12:29:20.0130 4688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:20.0130 4688 NetMsmqActivator - ok
12:29:20.0192 4688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:20.0192 4688 NetPipeActivator - ok
12:29:20.0223 4688 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:29:20.0270 4688 netprofm - ok
12:29:20.0301 4688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:20.0301 4688 NetTcpActivator - ok
12:29:20.0317 4688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:29:20.0317 4688 NetTcpPortSharing - ok
12:29:20.0348 4688 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:29:20.0364 4688 nfrd960 - ok
12:29:20.0473 4688 [ A695F9FDD23EFED49505BE9076825F65 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
12:29:20.0488 4688 NitroReaderDriverReadSpool2 - ok
12:29:20.0535 4688 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:29:20.0582 4688 NlaSvc - ok
12:29:20.0629 4688 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:29:20.0660 4688 Npfs - ok
12:29:20.0691 4688 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:29:20.0738 4688 nsi - ok
12:29:20.0769 4688 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:29:20.0816 4688 nsiproxy - ok
12:29:20.0878 4688 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:29:20.0956 4688 Ntfs - ok
12:29:20.0956 4688 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:29:21.0003 4688 Null - ok
12:29:21.0253 4688 [ 41A7C6ED2BAB4C304633B785C884A912 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:29:21.0627 4688 nvlddmkm - ok
12:29:21.0658 4688 [ D542153CB23459B8AAD88CF17E36B670 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
12:29:21.0674 4688 nvpciflt - ok
12:29:21.0721 4688 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:29:21.0736 4688 nvraid - ok
12:29:21.0736 4688 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:29:21.0752 4688 nvstor - ok
12:29:21.0799 4688 [ 558490B65557A15193E56C44DCF67B64 ] NVSvc C:\Windows\system32\nvvsvc.exe
12:29:21.0846 4688 NVSvc - ok
12:29:21.0939 4688 [ FC968EF459601BB3D18A40BB85EC5193 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12:29:22.0017 4688 nvUpdatusService - ok
12:29:22.0080 4688 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:29:22.0080 4688 nv_agp - ok
12:29:22.0126 4688 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:29:22.0126 4688 ohci1394 - ok
12:29:22.0173 4688 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:29:22.0173 4688 ose - ok
12:29:22.0314 4688 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:29:22.0454 4688 osppsvc - ok
12:29:22.0516 4688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:29:22.0548 4688 p2pimsvc - ok
12:29:22.0594 4688 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:29:22.0641 4688 p2psvc - ok
12:29:22.0672 4688 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:29:22.0688 4688 Parport - ok
12:29:22.0735 4688 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:29:22.0735 4688 partmgr - ok
12:29:22.0766 4688 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:29:22.0797 4688 PcaSvc - ok
12:29:22.0844 4688 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:29:22.0860 4688 pci - ok
12:29:22.0891 4688 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:29:22.0906 4688 pciide - ok
12:29:22.0906 4688 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:22.0922 4688 pcmcia - ok
12:29:22.0938 4688 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:29:22.0953 4688 pcw - ok
12:29:22.0969 4688 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:29:23.0031 4688 PEAUTH - ok
12:29:23.0140 4688 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:29:23.0156 4688 PerfHost - ok
12:29:23.0234 4688 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:29:23.0312 4688 pla - ok
12:29:23.0359 4688 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:29:23.0406 4688 PlugPlay - ok
12:29:23.0468 4688 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:29:23.0499 4688 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
12:29:23.0499 4688 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
12:29:23.0530 4688 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:29:23.0562 4688 PNRPAutoReg - ok
12:29:23.0593 4688 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:29:23.0608 4688 PNRPsvc - ok
12:29:23.0655 4688 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:29:23.0718 4688 PolicyAgent - ok
12:29:23.0749 4688 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:29:23.0796 4688 Power - ok
12:29:23.0827 4688 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:29:23.0874 4688 PptpMiniport - ok
12:29:23.0905 4688 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:29:23.0920 4688 Processor - ok
12:29:23.0952 4688 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:29:23.0998 4688 ProfSvc - ok
12:29:24.0014 4688 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:29:24.0030 4688 ProtectedStorage - ok
12:29:24.0045 4688 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:29:24.0108 4688 Psched - ok
12:29:24.0154 4688 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:29:24.0217 4688 ql2300 - ok
12:29:24.0232 4688 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:29:24.0248 4688 ql40xx - ok
12:29:24.0279 4688 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:29:24.0295 4688 QWAVE - ok
12:29:24.0310 4688 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:29:24.0342 4688 QWAVEdrv - ok
12:29:24.0404 4688 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
12:29:24.0420 4688 RapiMgr - ok
12:29:24.0451 4688 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:29:24.0498 4688 RasAcd - ok
12:29:24.0544 4688 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:24.0607 4688 RasAgileVpn - ok
12:29:24.0638 4688 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:29:24.0700 4688 RasAuto - ok
12:29:24.0732 4688 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:24.0794 4688 Rasl2tp - ok
12:29:24.0825 4688 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:29:24.0903 4688 RasMan - ok
12:29:24.0934 4688 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:24.0997 4688 RasPppoe - ok
12:29:25.0028 4688 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:29:25.0090 4688 RasSstp - ok
12:29:25.0122 4688 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:29:25.0168 4688 rdbss - ok
12:29:25.0184 4688 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:29:25.0215 4688 rdpbus - ok
12:29:25.0246 4688 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:25.0278 4688 RDPCDD - ok
12:29:25.0293 4688 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:29:25.0340 4688 RDPENCDD - ok
12:29:25.0387 4688 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:29:25.0434 4688 RDPREFMP - ok
12:29:25.0465 4688 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:29:25.0512 4688 RDPWD - ok
12:29:25.0574 4688 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:29:25.0574 4688 rdyboost - ok
12:29:25.0621 4688 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:29:25.0668 4688 RemoteAccess - ok
12:29:25.0777 4688 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:29:25.0824 4688 RemoteRegistry - ok
12:29:25.0839 4688 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:29:25.0886 4688 RpcEptMapper - ok
12:29:25.0902 4688 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:29:25.0917 4688 RpcLocator - ok
12:29:25.0948 4688 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:29:25.0995 4688 RpcSs - ok
12:29:26.0042 4688 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:29:26.0073 4688 rspndr - ok
12:29:26.0136 4688 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
12:29:26.0151 4688 RSUSBVSTOR - ok
12:29:26.0182 4688 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:29:26.0198 4688 RTL8167 - ok
12:29:26.0214 4688 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:29:26.0229 4688 SamSs - ok
12:29:26.0260 4688 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:29:26.0260 4688 sbp2port - ok
12:29:26.0307 4688 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:29:26.0354 4688 SCardSvr - ok
12:29:26.0385 4688 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:29:26.0432 4688 scfilter - ok
12:29:26.0463 4688 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:29:26.0588 4688 Schedule - ok
12:29:26.0604 4688 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:29:26.0650 4688 SCPolicySvc - ok
12:29:26.0666 4688 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:29:26.0728 4688 SDRSVC - ok
12:29:26.0822 4688 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:29:26.0838 4688 SeaPort - ok
12:29:26.0900 4688 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:29:26.0947 4688 secdrv - ok
12:29:26.0978 4688 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:29:27.0040 4688 seclogon - ok
12:29:27.0056 4688 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:29:27.0103 4688 SENS - ok
12:29:27.0103 4688 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:29:27.0148 4688 SensrSvc - ok
12:29:27.0178 4688 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:29:27.0198 4688 Serenum - ok
12:29:27.0238 4688 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:29:27.0268 4688 Serial - ok
12:29:27.0308 4688 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:29:27.0318 4688 sermouse - ok
12:29:27.0338 4688 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:29:27.0398 4688 SessionEnv - ok
12:29:27.0438 4688 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:29:27.0458 4688 sffdisk - ok
12:29:27.0468 4688 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:29:27.0478 4688 sffp_mmc - ok
12:29:27.0488 4688 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:29:27.0508 4688 sffp_sd - ok
12:29:27.0538 4688 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:29:27.0568 4688 sfloppy - ok
12:29:27.0658 4688 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
12:29:27.0678 4688 Sftfs - ok
12:29:27.0738 4688 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:29:27.0758 4688 sftlist - ok
12:29:27.0788 4688 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:29:27.0808 4688 Sftplay - ok
12:29:27.0818 4688 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:29:27.0828 4688 Sftredir - ok
12:29:27.0848 4688 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
12:29:27.0858 4688 Sftvol - ok
12:29:27.0878 4688 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:29:27.0898 4688 sftvsa - ok
12:29:27.0978 4688 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:29:28.0048 4688 SharedAccess - ok
12:29:28.0088 4688 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:29:28.0148 4688 ShellHWDetection - ok
12:29:28.0188 4688 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
12:29:28.0228 4688 SiSGbeLH - ok
12:29:28.0278 4688 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:29:28.0288 4688 SiSRaid2 - ok
12:29:28.0298 4688 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:29:28.0308 4688 SiSRaid4 - ok
12:29:28.0488 4688 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:29:28.0588 4688 Skype C2C Service - ok
12:29:28.0628 4688 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:29:28.0638 4688 SkypeUpdate - ok
12:29:28.0678 4688 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:29:28.0738 4688 Smb - ok
12:29:28.0788 4688 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:29:28.0808 4688 SNMPTRAP - ok
12:29:28.0808 4688 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:29:28.0828 4688 spldr - ok
12:29:28.0868 4688 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
12:29:28.0908 4688 Spooler - ok
12:29:28.0998 4688 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:29:29.0138 4688 sppsvc - ok
12:29:29.0148 4688 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:29:29.0205 4688 sppuinotify - ok
12:29:29.0251 4688 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:29:29.0281 4688 srv - ok
12:29:29.0331 4688 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:29:29.0371 4688 srv2 - ok
12:29:29.0401 4688 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:29:29.0441 4688 srvnet - ok
12:29:29.0461 4688 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:29:29.0511 4688 SSDPSRV - ok
12:29:29.0531 4688 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:29:29.0581 4688 SstpSvc - ok
12:29:29.0681 4688 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
12:29:29.0691 4688 ssudmdm - ok
12:29:29.0731 4688 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:29:29.0741 4688 stexstor - ok
12:29:29.0761 4688 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:29:29.0771 4688 StillCam - ok
12:29:29.0831 4688 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:29:29.0871 4688 stisvc - ok
12:29:29.0911 4688 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:29:29.0921 4688 swenum - ok
12:29:29.0961 4688 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:29:30.0011 4688 swprv - ok
12:29:30.0061 4688 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:29:30.0151 4688 SysMain - ok
12:29:30.0181 4688 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:29:30.0201 4688 TabletInputService - ok
12:29:30.0241 4688 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:29:30.0281 4688 TapiSrv - ok
12:29:30.0301 4688 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:29:30.0351 4688 TBS - ok
12:29:30.0421 4688 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:29:30.0501 4688 Tcpip - ok
12:29:30.0571 4688 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:29:30.0611 4688 TCPIP6 - ok
12:29:30.0631 4688 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:29:30.0671 4688 tcpipreg - ok
12:29:30.0751 4688 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:29:30.0791 4688 TDPIPE - ok
12:29:30.0811 4688 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:29:30.0841 4688 TDTCP - ok
12:29:30.0891 4688 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:29:30.0921 4688 tdx - ok
12:29:30.0971 4688 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:29:30.0991 4688 TermDD - ok
12:29:31.0011 4688 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:29:31.0081 4688 TermService - ok
12:29:31.0111 4688 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:29:31.0141 4688 Themes - ok
12:29:31.0181 4688 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:29:31.0211 4688 THREADORDER - ok
12:29:31.0262 4688 [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
12:29:31.0262 4688 TiMiniService - ok
12:29:31.0309 4688 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
12:29:31.0324 4688 tmactmon - ok
12:29:31.0340 4688 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
12:29:31.0356 4688 tmcomm - ok
12:29:31.0356 4688 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
12:29:31.0371 4688 tmevtmgr - ok
12:29:31.0387 4688 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
12:29:31.0387 4688 tmtdi - ok
12:29:31.0434 4688 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:29:31.0480 4688 TrkWks - ok
12:29:31.0621 4688 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:29:31.0652 4688 TrustedInstaller - ok
12:29:31.0699 4688 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:29:31.0746 4688 tssecsrv - ok
12:29:31.0808 4688 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:29:31.0855 4688 TsUsbFlt - ok
12:29:31.0886 4688 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:29:31.0948 4688 tunnel - ok
12:29:31.0995 4688 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:29:32.0011 4688 uagp35 - ok
12:29:32.0042 4688 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:29:32.0104 4688 udfs - ok
12:29:32.0161 4688 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:29:32.0181 4688 UI0Detect - ok
12:29:32.0211 4688 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:29:32.0221 4688 uliagpkx - ok
12:29:32.0271 4688 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:29:32.0311 4688 umbus - ok
12:29:32.0371 4688 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:29:32.0381 4688 UmPass - ok
12:29:32.0401 4688 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:29:32.0461 4688 upnphost - ok
12:29:32.0571 4688 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:29:32.0601 4688 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
12:29:32.0601 4688 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
12:29:32.0641 4688 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:29:32.0671 4688 usbccgp - ok
12:29:32.0701 4688 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:29:32.0731 4688 usbcir - ok
12:29:32.0751 4688 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:29:32.0761 4688 usbehci - ok
12:29:32.0791 4688 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:29:32.0811 4688 usbhub - ok
12:29:32.0881 4688 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:29:32.0891 4688 usbohci - ok
12:29:32.0951 4688 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:29:32.0971 4688 usbprint - ok
12:29:33.0001 4688 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:29:33.0031 4688 usbscan - ok
12:29:33.0051 4688 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:29:33.0101 4688 USBSTOR - ok
12:29:33.0171 4688 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:29:33.0201 4688 usbuhci - ok
12:29:33.0241 4688 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:29:33.0261 4688 usbvideo - ok
12:29:33.0311 4688 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:29:33.0371 4688 UxSms - ok
12:29:33.0391 4688 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:29:33.0411 4688 VaultSvc - ok
12:29:33.0431 4688 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:29:33.0441 4688 vdrvroot - ok
12:29:33.0481 4688 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:29:33.0521 4688 vds - ok
12:29:33.0561 4688 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:29:33.0581 4688 vga - ok
12:29:33.0631 4688 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:29:33.0671 4688 VgaSave - ok
12:29:33.0701 4688 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:29:33.0711 4688 vhdmp - ok
12:29:33.0731 4688 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:29:33.0741 4688 viaide - ok
12:29:33.0811 4688 [ 59E6D1CC4EA1A19D07570AA0657ED966 ] VmbService C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
12:29:33.0841 4688 VmbService ( UnsignedFile.Multi.Generic ) - warning
12:29:33.0841 4688 VmbService - detected UnsignedFile.Multi.Generic (1)
12:29:33.0881 4688 [ 1E4D31FEC921300C5F262C52F5FCC666 ] vodafone_K3805-z_dc_enum C:\Windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys
12:29:33.0921 4688 vodafone_K3805-z_dc_enum - ok
12:29:33.0961 4688 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:29:33.0971 4688 volmgr - ok
12:29:34.0001 4688 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:29:34.0021 4688 volmgrx - ok
12:29:34.0061 4688 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:29:34.0071 4688 volsnap - ok
12:29:34.0121 4688 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:29:34.0141 4688 vsmraid - ok
12:29:34.0181 4688 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:29:34.0279 4688 VSS - ok
12:29:34.0295 4688 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:29:34.0342 4688 vwifibus - ok
12:29:34.0357 4688 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:29:34.0388 4688 vwififlt - ok
12:29:34.0404 4688 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:29:34.0451 4688 vwifimp - ok
12:29:34.0513 4688 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:29:34.0576 4688 W32Time - ok
12:29:34.0591 4688 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:29:34.0607 4688 WacomPen - ok
12:29:34.0654 4688 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:29:34.0700 4688 WANARP - ok
12:29:34.0732 4688 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:29:34.0763 4688 Wanarpv6 - ok
12:29:34.0841 4688 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:29:34.0903 4688 WatAdminSvc - ok
12:29:34.0966 4688 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:29:35.0059 4688 wbengine - ok
12:29:35.0106 4688 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:29:35.0122 4688 WbioSrvc - ok
12:29:35.0168 4688 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
12:29:35.0184 4688 WcesComm - ok
12:29:35.0200 4688 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:29:35.0231 4688 wcncsvc - ok
12:29:35.0246 4688 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:29:35.0293 4688 WcsPlugInService - ok
12:29:35.0324 4688 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:29:35.0340 4688 Wd - ok
12:29:35.0356 4688 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:29:35.0387 4688 Wdf01000 - ok
12:29:35.0402 4688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:29:35.0527 4688 WdiServiceHost - ok
12:29:35.0527 4688 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:29:35.0543 4688 WdiSystemHost - ok
12:29:35.0574 4688 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:29:35.0621 4688 WebClient - ok
12:29:35.0652 4688 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:29:35.0699 4688 Wecsvc - ok
12:29:35.0730 4688 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:29:35.0777 4688 wercplsupport - ok
12:29:35.0824 4688 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:29:35.0855 4688 WerSvc - ok
12:29:35.0917 4688 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:29:35.0964 4688 WfpLwf - ok
12:29:35.0995 4688 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
12:29:36.0011 4688 WimFltr - ok
12:29:36.0026 4688 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:29:36.0042 4688 WIMMount - ok
12:29:36.0073 4688 WinDefend - ok
12:29:36.0089 4688 WinHttpAutoProxySvc - ok
12:29:36.0151 4688 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:29:36.0214 4688 Winmgmt - ok
12:29:36.0276 4688 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:29:36.0385 4688 WinRM - ok
12:29:36.0432 4688 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:29:36.0448 4688 WinUsb - ok
12:29:36.0494 4688 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:29:36.0619 4688 Wlansvc - ok
12:29:36.0666 4688 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:29:36.0697 4688 WmiAcpi - ok
12:29:36.0728 4688 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:29:36.0760 4688 wmiApSrv - ok
12:29:36.0791 4688 WMPNetworkSvc - ok
12:29:36.0822 4688 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:29:36.0853 4688 WPCSvc - ok
12:29:36.0884 4688 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:29:36.0900 4688 WPDBusEnum - ok
12:29:36.0916 4688 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:29:36.0947 4688 ws2ifsl - ok
12:29:36.0994 4688 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:29:37.0025 4688 wscsvc - ok
12:29:37.0025 4688 WSearch - ok
12:29:37.0103 4688 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:29:37.0198 4688 wuauserv - ok
12:29:37.0218 4688 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:29:37.0268 4688 WudfPf - ok
12:29:37.0308 4688 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:29:37.0348 4688 WUDFRd - ok
12:29:37.0388 4688 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:29:37.0428 4688 wudfsvc - ok
12:29:37.0468 4688 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:29:37.0498 4688 WwanSvc - ok
12:29:37.0538 4688 ================ Scan global ===============================
12:29:37.0578 4688 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:29:37.0608 4688 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:29:37.0618 4688 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:29:37.0658 4688 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:29:37.0698 4688 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:29:37.0698 4688 [Global] - ok
12:29:37.0698 4688 ================ Scan MBR ==================================
12:29:37.0718 4688 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:29:38.0138 4688 \Device\Harddisk0\DR0 - ok
12:29:38.0138 4688 ================ Scan VBR ==================================
12:29:38.0138 4688 [ 8780F32968AC345293C81CCF55D68718 ] \Device\Harddisk0\DR0\Partition1
12:29:38.0138 4688 \Device\Harddisk0\DR0\Partition1 - ok
12:29:38.0178 4688 [ 1C5AE03775EA584DCAEC710D91357528 ] \Device\Harddisk0\DR0\Partition2
12:29:38.0178 4688 \Device\Harddisk0\DR0\Partition2 - ok
12:29:38.0178 4688 ============================================================
12:29:38.0178 4688 Scan finished
12:29:38.0178 4688 ============================================================
12:29:38.0188 4496 Detected object count: 5
12:29:38.0188 4496 Actual detected object count: 5
12:29:44.0936 4496 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:44.0936 4496 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:44.0936 4496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:44.0936 4496 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:44.0936 4496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:44.0936 4496 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:44.0936 4496 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:44.0936 4496 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:29:44.0936 4496 VmbService ( UnsignedFile.Multi.Generic ) - skipped by user
12:29:44.0936 4496 VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.01.2013, 12:44
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Ransom und PUM.UserWLoad adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren
__________________Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ |
|
30.01.2013, 12:56
| #19 |
| | Trojaner: Ransom und PUM.UserWLoad Auch erledigt mit folgendem Ergebnis: Code:
ATTFilter # AdwCleaner v2.109 - Datei am 30/01/2013 um 12:55:12 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : RM - RM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\RM\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Application Updater
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Ordner Gefunden : C:\Program Files (x86)\Application Updater
Ordner Gefunden : C:\Program Files (x86)\Common Files\spigot
Ordner Gefunden : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\RM\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\RM\AppData\LocalLow\pdfforge
Ordner Gefunden : C:\Users\RM\AppData\LocalLow\Search Settings
Ordner Gefunden : C:\Users\RM\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\de9cd069e6904243
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKLM\Software\Application Updater
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\pdfforge
Schlüssel Gefunden : HKLM\Software\Search Settings
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKU\S-1-5-21-358859069-3282203192-411896712-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gefunden : HKU\S-1-5-21-358859069-3282203192-411896712-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16447
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\RM\AppData\Roaming\Mozilla\Firefox\Profiles\o2xm30y9.default-1358187317151\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3704 octets] - [30/01/2013 12:55:12]
########## EOF - C:\AdwCleaner[R1].txt - [3764 octets] ##########
|
|
30.01.2013, 13:35
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Ransom und PUM.UserWLoad adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2013, 13:46
| #21 |
| | Trojaner: Ransom und PUM.UserWLoad Anbei erst mal die Textdatei vom adwcleaner.exe: Die Prüfung mit OTL mache ich auch gleich. Code:
ATTFilter # AdwCleaner v2.109 - Datei am 30/01/2013 um 13:41:41 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : RM - RM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\RM\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Application Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\RM\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\RM\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\RM\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\RM\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\de9cd069e6904243
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKU\S-1-5-21-358859069-3282203192-411896712-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16447
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\RM\AppData\Roaming\Mozilla\Firefox\Profiles\o2xm30y9.default-1358187317151\prefs.js
C:\Users\RM\AppData\Roaming\Mozilla\Firefox\Profiles\o2xm30y9.default-1358187317151\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3827 octets] - [30/01/2013 12:55:12]
AdwCleaner[S1].txt - [3727 octets] - [30/01/2013 13:41:41]
########## EOF - C:\AdwCleaner[S1].txt - [3787 octets] ##########
Code:
ATTFilter OTL logfile created on: 30.01.2013 13:47:55 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RM\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,21% Memory free 7,83 Gb Paging File | 5,99 Gb Available in Paging File | 76,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 5,96 Gb Free Space | 8,00% Space Free | Partition Type: NTFS Drive D: | 202,08 Gb Total Space | 194,20 Gb Free Space | 96,10% Space Free | Partition Type: NTFS Computer Name: RM-PC | User Name: RM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\RM\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - D:\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Users\RM\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - D:\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (vodafone_K3805-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (cpuz135) -- C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys (CPUID) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE461 IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.18 08:36:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 22:53:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.16 16:14:18 | 000,000,000 | ---D | M] [2011.11.21 12:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RM\AppData\Roaming\mozilla\Extensions [2013.01.30 13:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.05 11:18:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.21 22:53:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-358859069-3282203192-411896712-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [KiesPreload] D:\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [syshost32] C:\Users\RM\AppData\Local\{FE65F03A-7610-0FB6-92BD-A28F7195183E}\syshost.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-358859069-3282203192-411896712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DFDB45E-B539-4935-8C4A-21FB10AA0B70}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C56A932-0B3A-4807-93DF-E5A38BF76187}: DhcpNameServer = 192.168.0.3 192.168.0.150 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62139292-9DD5-4F90-B35C-08BB6903237E}: NameServer = 212.65.129.2 212.65.140.142 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{01b8f3ca-922c-11e1-89ab-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{01b8f3ca-922c-11e1-89ab-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{01b8f3d6-922c-11e1-89ab-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{01b8f3d6-922c-11e1-89ab-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{01b8f3d8-922c-11e1-89ab-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{01b8f3d8-922c-11e1-89ab-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{0561b5b8-f0d4-11e1-ad1c-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{0561b5b8-f0d4-11e1-ad1c-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{0561b5ba-f0d4-11e1-ad1c-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{0561b5ba-f0d4-11e1-ad1c-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{059fb3a3-f282-11e1-b73d-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{059fb3a3-f282-11e1-b73d-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{094abb4c-7e41-11e1-984b-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{094abb4c-7e41-11e1-984b-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5618a702-c5c9-11e1-87e8-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{5618a702-c5c9-11e1-87e8-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5618a704-c5c9-11e1-87e8-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{5618a704-c5c9-11e1-87e8-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6458dbf8-4410-11e1-bdac-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{6458dbf8-4410-11e1-bdac-f46d042511bc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{972d3197-96d4-11e1-9199-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{972d3197-96d4-11e1-9199-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{972d319b-96d4-11e1-9199-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{972d319b-96d4-11e1-9199-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a9b9151f-6dc7-11e1-810d-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{a9b9151f-6dc7-11e1-810d-f46d042511bc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a9b915a3-6dc7-11e1-810d-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{a9b915a3-6dc7-11e1-810d-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a1a1-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a1a1-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a1aa-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a1aa-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a1bb-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a1bb-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a266-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a266-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 12:27:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\RM\Desktop\tdsskiller.exe [2013.01.29 23:10:17 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\mbar-1.01.0.1017 [2013.01.29 15:31:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\RM\Desktop\aswMBR.exe [2013.01.29 14:14:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RM\Desktop\OTL.exe [2013.01.29 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Is aktuell [2013.01.25 16:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.25 16:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.25 09:43:32 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Privat [2013.01.22 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Neuer Ordner [2013.01.17 18:44:04 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\stick [2013.01.14 19:15:21 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Alte Firefox-Daten [2013.01.14 09:24:37 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Roaming\Malwarebytes [2013.01.14 09:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.14 09:24:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.14 09:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.14 09:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.14 09:20:53 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\rkill [2013.01.13 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Local\{FE65F03A-7610-0FB6-92BD-A28F7195183E} [2013.01.13 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\RM\Local Settings [2013.01.11 10:52:25 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Roaming\Unuvus [2013.01.11 10:52:25 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Roaming\Ozpyki [2013.01.11 10:52:25 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Roaming\Fuyno [2013.01.10 19:15:16 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Roaming\Skype [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\RM\Desktop\*.tmp files -> C:\Users\RM\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.30 13:50:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 13:50:37 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 13:43:23 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.01.30 13:43:21 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.30 13:43:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.30 13:42:53 | 3151,839,232 | -HS- | M] () -- C:\hiberfil.sys [2013.01.30 13:37:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.30 12:54:13 | 000,580,235 | ---- | M] () -- C:\Users\RM\Desktop\adwcleaner.exe [2013.01.30 12:27:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\RM\Desktop\tdsskiller.exe [2013.01.29 23:09:49 | 013,562,257 | ---- | M] () -- C:\Users\RM\Desktop\mbar-1.01.0.1017.zip [2013.01.29 21:58:01 | 000,000,512 | ---- | M] () -- C:\Users\RM\Desktop\MBR.dat [2013.01.29 15:33:05 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\RM\Desktop\aswMBR.exe [2013.01.29 15:31:12 | 000,365,568 | ---- | M] () -- C:\Users\RM\Desktop\gmer_2.0.18454.exe [2013.01.29 14:14:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RM\Desktop\OTL.exe [2013.01.29 11:57:11 | 001,645,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.29 11:57:11 | 000,708,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.29 11:57:11 | 000,664,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.29 11:57:11 | 000,152,292 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.29 11:57:11 | 000,125,238 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.27 20:58:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.27 20:58:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.15 08:35:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.14 12:35:37 | 000,002,257 | ---- | M] () -- C:\Users\RM\Desktop\Internetbrowser.lnk [2013.01.14 09:24:28 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 20:46:41 | 000,011,368 | -HS- | M] () -- C:\Users\RM\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.13 20:46:41 | 000,011,368 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.01 14:41:15 | 000,213,355 | ---- | M] () -- C:\Users\RM\Desktop\Dr.MauchGesundheitsfuehrer(ueberarbeitet).pdf [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\RM\Desktop\*.tmp files -> C:\Users\RM\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.30 12:54:13 | 000,580,235 | ---- | C] () -- C:\Users\RM\Desktop\adwcleaner.exe [2013.01.29 23:09:45 | 013,562,257 | ---- | C] () -- C:\Users\RM\Desktop\mbar-1.01.0.1017.zip [2013.01.29 21:58:01 | 000,000,512 | ---- | C] () -- C:\Users\RM\Desktop\MBR.dat [2013.01.29 15:31:12 | 000,365,568 | ---- | C] () -- C:\Users\RM\Desktop\gmer_2.0.18454.exe [2013.01.15 08:35:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.15 08:35:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.14 10:33:01 | 000,002,257 | ---- | C] () -- C:\Users\RM\Desktop\Internetbrowser.lnk [2013.01.14 09:24:28 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.13 16:00:10 | 000,011,368 | -HS- | C] () -- C:\Users\RM\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.13 16:00:10 | 000,011,368 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013.01.01 14:41:15 | 000,213,355 | ---- | C] () -- C:\Users\RM\Desktop\Dr.MauchGesundheitsfuehrer(ueberarbeitet).pdf [2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.06.26 17:24:27 | 000,007,597 | ---- | C] () -- C:\Users\RM\AppData\Local\Resmon.ResmonCfg [2012.04.29 20:07:20 | 000,000,600 | ---- | C] () -- C:\Users\RM\PUTTY.RND [2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.28 10:58:44 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.12.26 20:33:22 | 000,063,488 | ---- | C] () -- C:\Windows\SysWow64\EZTW32.DLL [2011.12.02 22:03:15 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.02 22:03:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.12.02 22:03:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.12.02 22:03:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.18 23:39:50 | 001,623,814 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2011.04.18 08:32:04 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.04.18 06:56:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.01.2013 13:47:55 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,21% Memory free
7,83 Gb Paging File | 5,99 Gb Available in Paging File | 76,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 5,96 Gb Free Space | 8,00% Space Free | Partition Type: NTFS
Drive D: | 202,08 Gb Total Space | 194,20 Gb Free Space | 96,10% Space Free | Partition Type: NTFS
Computer Name: RM-PC | User Name: RM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A3A4C4-D535-44F7-AF03-D3842618B488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{193A0B8A-D12B-479A-8516-A92C598EC39D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{27AC2CAD-AB1C-4332-A409-4F1CD9CCA81C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2AF1705F-AF85-48EA-AC62-6A9045722076}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36474965-0726-4862-9160-169C42B907DC}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{4D3AEA01-5F74-4810-A946-EF51A0923968}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62077DC6-3595-4A8C-B71F-2E60387A709E}" = rport=445 | protocol=6 | dir=out | app=system |
"{623E5DAB-14AF-4195-BE86-1D7BE781513F}" = rport=138 | protocol=17 | dir=out | app=system |
"{65C493F4-B0B0-4958-B611-33F420E0A715}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6CD6F138-4B18-4D3B-9D9A-841C7AEE56C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71BB7BA7-BC49-487E-BD90-FA5F243A8801}" = lport=139 | protocol=6 | dir=in | app=system |
"{77C23848-550A-4CB9-B062-2182126FA7D0}" = lport=445 | protocol=6 | dir=in | app=system |
"{78C32B9B-803C-4DAE-B40F-BCCB21720EC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DC5FD13-3197-4EBB-B38B-1BBEB882E848}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A7CBA76-8F44-41B4-9736-F1B8F2EFED73}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8F10134F-DF96-4CB0-B9BD-6B062268E04A}" = lport=138 | protocol=17 | dir=in | app=system |
"{912E66DA-5320-44F1-85AB-191FC3AFC356}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACD0B406-5C5E-43C3-84BB-7D8091714E14}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B4DA49AF-BCF5-47A4-9ABB-EFC05CB19C6B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CABCA414-0E26-4B16-B1B4-85254EA73721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF3C2DC4-9BF8-410A-AF87-7F3FBDEB2997}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{D8640F52-02EE-4243-99E4-776A7F78EF38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC68C7A7-6DC5-4A52-8770-4C30D854D77D}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD6F6446-2187-4F20-B4E8-DC649E4D2DE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E28487F7-BC3D-4051-A6C2-4AB6C501851C}" = rport=137 | protocol=17 | dir=out | app=system |
"{EED2B4F5-1A33-4550-BD46-852B15BE7EA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFDB426A-F9CA-402A-84C8-11BC6DFF31F4}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0397E381-FA52-48A9-BDC2-21EE4245B9FD}" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"{04C10ED8-FDB5-44BD-800D-92C7DD9984EA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{06074D2A-5158-4471-8479-ED477EA4D080}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15390B71-8B92-4531-982F-1E8E50551C8B}" = protocol=6 | dir=out | app=system |
"{17547657-6B86-4406-B40E-A627D17735D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D414148-18EC-42A8-9A21-AF0190706D1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21AE3589-0D66-4CDB-9F0C-B62454DC7CBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{236A3B81-8252-43B6-AA59-4884055F6B83}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2805D3AF-A713-4BC0-9CFF-CC2E7E97DB27}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2C1635E6-F82D-4F7D-B65B-ECA44539C723}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{355C2DD5-FCA6-41BF-96BA-A8DB72164E36}" = protocol=6 | dir=in | app=c:\users\rm\appdata\roaming\dropbox\bin\dropbox.exe |
"{39A6534D-0EC0-4B82-9E95-2C0CEA1DACB2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C0EAD3F-B46B-42DB-B3F8-D6E61C7670DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{44A71846-A6AC-4D3A-8B54-FCFDAA31C643}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4AFA5D74-4AF3-4E30-A935-B0A22EF2110E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F9753B3-ED17-4AB4-A276-620747193D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53937A7F-D5D1-4940-8EE9-9CFC6AE2BB9D}" = protocol=17 | dir=in | app=c:\users\rm\appdata\roaming\dropbox\bin\dropbox.exe |
"{55669809-0665-4617-89E6-9FD8EB90E97C}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{57B397C3-F28C-4F26-8266-0EB12A989006}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5845912F-3935-4BC5-AB6F-FFB5408830F5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{61721674-CD00-439D-82A8-F03109D3DB8E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6240CC34-D9E5-4C4B-9899-1FF1E1C48339}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{636DDF34-7E72-47A0-ACA0-CA9F00C856FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C3418A2-9C10-4F12-B9C4-C3B10C88E932}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82FF8CF1-1300-46A4-BC19-27A599870711}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{877177A9-7479-4764-95FF-2C9E2EB95467}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88FD23AA-2BDE-4DF9-8E83-E84E56CE3F78}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8A0303D6-17CB-4D72-907C-AA8C13172CFA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{942CFB45-04A7-4EA5-BDCC-06A661F4FB17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C19C7BD-7181-4FE4-9590-60650A41737F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A69626F2-B999-43FD-9635-94287B551B04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6967408-1452-475D-948B-E1EDDF1D0388}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA850C36-363D-401D-A2C0-EB961B19B81D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B19B8A51-4417-40FF-A666-CF46742E0018}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B45231CB-DF91-4CA1-B1E3-12743B236541}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9D49B48-8F18-4C55-B21D-45C436D8487F}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{BACE5DF8-6775-4D0E-BE92-77AE836ADC08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C65EE8EB-6D14-4F76-86DF-DA4908E4B07A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEA5FCCC-A822-40BB-B4AB-EE6848FC99DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D39EFB5B-3ECC-4192-8D3A-3A39CACB0CCC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F15BD83D-6DCD-4B71-8223-BD245A7900BA}" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"{F63F869B-ECC7-4A51-BBDF-8DFFA23D709B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{FD5DABCB-325E-41AF-9ABB-67A3B34ABFDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{12203E37-1961-4BC4-9F0C-8BA4FFCC29D6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{154B98D6-F124-40D0-A843-3A87D2382025}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{193B6079-DD5A-44A5-80C3-136568B22ABE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{23D61310-2780-43E7-8DB5-8F2CE067B0DC}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
"TCP Query User{2BBF0BBC-6474-4404-90C8-8D1EFE3454F8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{3BA5E084-44D9-4D65-81D0-7F3F8E982F19}C:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe |
"TCP Query User{52B88726-61B8-4BA9-8024-7116601602D0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{646B8E91-1DAC-4E72-9C28-C83096FBF535}C:\program files (x86)\nimbuzz\nimbuzz.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nimbuzz\nimbuzz.exe |
"TCP Query User{69C77E88-6C9D-4802-80E1-944C655853D0}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{8A524C66-5EB0-492B-B5F2-1E4E21A63F2D}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
"TCP Query User{8AA05044-3D7A-4AA2-A831-C064C14D385F}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{91C53FB9-06A9-46E5-89F7-EC40F8E8F09F}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"TCP Query User{949B491D-0EE4-4E96-B9E0-92C4E8BB93ED}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DFB9EDB9-5086-4228-A8FD-997C296BDA4F}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{F39E1DAB-B41D-45B5-B131-9B7BA4880C78}C:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe |
"UDP Query User{078179D4-7D55-436C-A53F-5FF53C7F1627}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{144DD26E-6243-4982-8838-0235B2FA2A7C}C:\program files (x86)\nimbuzz\nimbuzz.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nimbuzz\nimbuzz.exe |
"UDP Query User{40373981-24C3-43D4-B6A9-DB7A9D7224C4}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{56F785AD-FA4C-4E7C-80BD-3CFE1D2BF6AC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{59578A1A-11AA-472E-A41E-7CE8D56054E2}C:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe |
"UDP Query User{6E72BE20-DC5D-4676-87AC-8D344A4066E3}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"UDP Query User{7A110688-FA36-4DC4-876F-A17E168A5220}C:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe |
"UDP Query User{7E9F986C-4FF0-4D28-89EA-098CF0C3B583}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{81A9B80C-5B54-4DF8-99A8-22108BFA9CF7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{85E3A0CF-0411-4A18-A534-3B5737063F13}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{BE1D029A-AB08-4599-9FBA-0D1EC03D09AF}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
"UDP Query User{BE8FDBCF-BF76-4619-AB80-C160AA29D27B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{C13957CC-02A6-4237-8FF9-0EC81C516204}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C989CC7F-ED0E-4300-B3D7-32955EF37631}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{F0BAF490-E670-4F27-8172-0FE051AFB8C5}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E206106-BD80-4D56-8F74-FE43AA1C7160}" = Nitro PDF Reader 2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-3 (x64)
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{807B5468-0F57-4844-B9A6-E5E5E888F419}" = pdfforge Toolbar v4.8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{865E1902-B6FE-4AF0-B61D-A82EBC53569E}" = hppSendFaxM1530
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9112FEA9-0F64-453C-BEA5-9A782F87EDAA}" = hppTLBXFXM1530
"{915B91B8-4001-4DCA-805C-177B29215643}" = PHP 5.3.10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1D53426-D6F3-4886-A72B-E1A8C82259E9}" = hppM1530LaserJetService
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}" = HPLaserJetHelp_LearnCenter
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}" = HP LJ M1530 MFP Series HP Scan
"{C462F75B-9A35-4A84-AE52-E8C9112AAE87}" = hppFaxUtilityM1530
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FD575F8B-6141-455A-8AE5-F2D2E08520FC}" = hppFaxDrvM1530
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Nimbuzz" = Nimbuzz 2.3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"PC Wizard 2012_is1" = PC Wizard 2012.2.0
"PDF Editor 3" = PDF Editor 3
"Plants vs Zombies" = Plants vs Zombies
"Revo Uninstaller" = Revo Uninstaller 1.93
"STvcard gold_is1" = STvcard 3.0.0 gold
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"VLC media player" = VLC media player 1.1.11
"World of Goo" = World of Goo
"XMedia Recode" = XMedia Recode 3.0.5.6
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.01.2013 10:49:28 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 10:57:03 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 10:57:26 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:42:13 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:42:14 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:52:26 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:52:26 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:57:28 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 16:38:45 | Computer Name = RM-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 29.01.2013 16:55:42 | Computer Name = RM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0x4c4 Startzeit der fehlerhaften Anwendung: 0x01cdfe60c8f52aab Pfad der
fehlerhaften Anwendung: C:\Users\RM\Desktop\aswMBR.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 3de64d1e-6a56-11e2-96c1-14dae919e4d1
Error - 29.01.2013 19:34:05 | Computer Name = RM-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
[ System Events ]
Error - 30.01.2013 08:42:18 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 30.01.2013 08:44:21 | Computer Name = RM-PC | Source = PNRPSvc | ID = 102
Description =
Error - 30.01.2013 08:44:22 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 30.01.2013 08:44:22 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 30.01.2013 08:44:30 | Computer Name = RM-PC | Source = PNRPSvc | ID = 102
Description =
Error - 30.01.2013 08:44:30 | Computer Name = RM-PC | Source = PNRPSvc | ID = 102
Description =
Error - 30.01.2013 08:44:30 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 30.01.2013 08:44:30 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 30.01.2013 08:44:30 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 30.01.2013 08:44:30 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
|
|
30.01.2013, 15:02
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Ransom und PUM.UserWLoadFixen mit OTL
Code:
ATTFilter :OTL
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [syshost32] C:\Users\RM\AppData\Local\{FE65F03A-7610-0FB6-92BD-A28F7195183E}\syshost.exe File not found
:Files
C:\Users\RM\Desktop\MBR.dat
C:\ProgramData\FullRemove.exe
C:\Users\RM\AppData\Local\{FE65F03A-7610-0FB6-92BD-A28F7195183E}
C:\Users\RM\AppData\Roaming\Unuvus
C:\Users\RM\AppData\Roaming\Ozpyki
C:\Users\RM\AppData\Roaming\Fuyno
C:\Users\RM\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2013, 17:15
| #23 |
| | Trojaner: Ransom und PUM.UserWLoad Hier nun das Textdokument von OTL.exe nach dem Fix: Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-358859069-3282203192-411896712-1001\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32 deleted successfully.
========== FILES ==========
C:\Users\RM\Desktop\MBR.dat moved successfully.
C:\ProgramData\FullRemove.exe moved successfully.
C:\Users\RM\AppData\Local\{FE65F03A-7610-0FB6-92BD-A28F7195183E} folder moved successfully.
C:\Users\RM\AppData\Roaming\Unuvus folder moved successfully.
C:\Users\RM\AppData\Roaming\Ozpyki folder moved successfully.
C:\Users\RM\AppData\Roaming\Fuyno folder moved successfully.
C:\Users\RM\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\RM\Desktop\cmd.bat deleted successfully.
C:\Users\RM\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 327677 bytes
->Temporary Internet Files folder emptied: 7679797 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 845 bytes
User: Gast1
User: Public
User: RM
->Temp folder emptied: 4173220610 bytes
->Temporary Internet Files folder emptied: 4099465170 bytes
->Java cache emptied: 5122794 bytes
->FireFox cache emptied: 66244171 bytes
->Flash cache emptied: 8139986 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 406366588 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 136955 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 8.361,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 01302013_151451
Files\Folders moved on Reboot...
C:\Users\RM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
31.01.2013, 10:49
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Ransom und PUM.UserWLoad Eine neue Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 11:17
| #25 |
| | Trojaner: Ransom und PUM.UserWLoad Hier das neue Ergebnis von OTL.exe: Code:
ATTFilter OTL logfile created on: 31.01.2013 10:51:11 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RM\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 53,63% Memory free 7,83 Gb Paging File | 5,53 Gb Available in Paging File | 70,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,52 Gb Total Space | 13,31 Gb Free Space | 17,86% Space Free | Partition Type: NTFS Drive D: | 202,08 Gb Total Space | 194,20 Gb Free Space | 96,10% Space Free | Partition Type: NTFS Computer Name: RM-PC | User Name: RM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\RM\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - D:\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (VmbService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.) DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.) DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.) DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (vodafone_K3805-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (cpuz135) -- C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys (CPUID) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-358859069-3282203192-411896712-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ASUT_deDE461 IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-358859069-3282203192-411896712-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.18 08:36:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 22:53:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.16 16:14:18 | 000,000,000 | ---D | M] [2011.11.21 12:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RM\AppData\Roaming\mozilla\Extensions [2013.01.30 13:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.05 11:18:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.21 22:53:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-358859069-3282203192-411896712-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] D:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [KiesAirMessage] D:\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [KiesPDLR] D:\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1001..\Run: [KiesPreload] D:\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-358859069-3282203192-411896712-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-358859069-3282203192-411896712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DFDB45E-B539-4935-8C4A-21FB10AA0B70}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C56A932-0B3A-4807-93DF-E5A38BF76187}: DhcpNameServer = 192.168.0.3 192.168.0.150 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62139292-9DD5-4F90-B35C-08BB6903237E}: NameServer = 212.65.129.2 212.65.140.142 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{01b8f3ca-922c-11e1-89ab-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{01b8f3ca-922c-11e1-89ab-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{01b8f3d6-922c-11e1-89ab-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{01b8f3d6-922c-11e1-89ab-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{01b8f3d8-922c-11e1-89ab-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{01b8f3d8-922c-11e1-89ab-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{0561b5b8-f0d4-11e1-ad1c-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{0561b5b8-f0d4-11e1-ad1c-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{0561b5ba-f0d4-11e1-ad1c-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{0561b5ba-f0d4-11e1-ad1c-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{059fb3a3-f282-11e1-b73d-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{059fb3a3-f282-11e1-b73d-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{094abb4c-7e41-11e1-984b-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{094abb4c-7e41-11e1-984b-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5618a702-c5c9-11e1-87e8-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{5618a702-c5c9-11e1-87e8-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{5618a704-c5c9-11e1-87e8-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{5618a704-c5c9-11e1-87e8-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6458dbf8-4410-11e1-bdac-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{6458dbf8-4410-11e1-bdac-f46d042511bc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{972d3197-96d4-11e1-9199-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{972d3197-96d4-11e1-9199-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{972d319b-96d4-11e1-9199-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{972d319b-96d4-11e1-9199-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a9b9151f-6dc7-11e1-810d-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{a9b9151f-6dc7-11e1-810d-f46d042511bc}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a9b915a3-6dc7-11e1-810d-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{a9b915a3-6dc7-11e1-810d-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a1a1-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a1a1-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a1aa-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a1aa-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a1bb-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a1bb-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{f916a266-91cb-11e1-b8e9-f46d042511bc}\Shell - "" = AutoRun O33 - MountPoints2\{f916a266-91cb-11e1-b8e9-f46d042511bc}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 15:14:51 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.30 12:27:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\RM\Desktop\tdsskiller.exe [2013.01.29 23:10:17 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\mbar-1.01.0.1017 [2013.01.29 15:31:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\RM\Desktop\aswMBR.exe [2013.01.29 14:14:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RM\Desktop\OTL.exe [2013.01.29 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Is aktuell [2013.01.25 16:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.25 16:34:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.25 09:43:32 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Privat [2013.01.22 20:42:08 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Neuer Ordner [2013.01.17 18:44:04 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\stick [2013.01.14 19:15:21 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\Alte Firefox-Daten [2013.01.14 09:24:37 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Roaming\Malwarebytes [2013.01.14 09:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.14 09:24:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.14 09:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.14 09:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.14 09:20:53 | 000,000,000 | ---D | C] -- C:\Users\RM\Desktop\rkill [2013.01.13 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\RM\Local Settings [2013.01.10 19:15:16 | 000,000,000 | ---D | C] -- C:\Users\RM\AppData\Roaming\Skype [1 C:\Users\RM\Desktop\*.tmp files -> C:\Users\RM\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.31 10:37:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.31 09:49:27 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.31 09:49:27 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.31 09:42:06 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.01.31 09:42:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.31 09:41:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.31 09:41:30 | 3151,839,232 | -HS- | M] () -- C:\hiberfil.sys [2013.01.30 19:01:27 | 001,645,920 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.30 19:01:27 | 000,708,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.30 19:01:27 | 000,664,224 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.30 19:01:27 | 000,152,292 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.30 19:01:27 | 000,125,238 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.30 12:54:13 | 000,580,235 | ---- | M] () -- C:\Users\RM\Desktop\adwcleaner.exe [2013.01.30 12:27:21 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\RM\Desktop\tdsskiller.exe [2013.01.29 23:09:49 | 013,562,257 | ---- | M] () -- C:\Users\RM\Desktop\mbar-1.01.0.1017.zip [2013.01.29 15:33:05 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\RM\Desktop\aswMBR.exe [2013.01.29 15:31:12 | 000,365,568 | ---- | M] () -- C:\Users\RM\Desktop\gmer_2.0.18454.exe [2013.01.29 14:14:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RM\Desktop\OTL.exe [2013.01.27 20:58:37 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.27 20:58:37 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.15 08:35:06 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.14 12:35:37 | 000,002,257 | ---- | M] () -- C:\Users\RM\Desktop\Internetbrowser.lnk [2013.01.14 09:24:28 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.01 14:41:15 | 000,213,355 | ---- | M] () -- C:\Users\RM\Desktop\Dr.MauchGesundheitsfuehrer(ueberarbeitet).pdf [1 C:\Users\RM\Desktop\*.tmp files -> C:\Users\RM\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.30 12:54:13 | 000,580,235 | ---- | C] () -- C:\Users\RM\Desktop\adwcleaner.exe [2013.01.29 23:09:45 | 013,562,257 | ---- | C] () -- C:\Users\RM\Desktop\mbar-1.01.0.1017.zip [2013.01.29 15:31:12 | 000,365,568 | ---- | C] () -- C:\Users\RM\Desktop\gmer_2.0.18454.exe [2013.01.15 08:35:06 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.15 08:35:06 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.14 10:33:01 | 000,002,257 | ---- | C] () -- C:\Users\RM\Desktop\Internetbrowser.lnk [2013.01.14 09:24:28 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.01 14:41:15 | 000,213,355 | ---- | C] () -- C:\Users\RM\Desktop\Dr.MauchGesundheitsfuehrer(ueberarbeitet).pdf [2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.06.26 17:24:27 | 000,007,597 | ---- | C] () -- C:\Users\RM\AppData\Local\Resmon.ResmonCfg [2012.04.29 20:07:20 | 000,000,600 | ---- | C] () -- C:\Users\RM\PUTTY.RND [2012.03.19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.19 21:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.01.28 10:58:44 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.01.12 00:13:03 | 000,067,072 | ---- | C] () -- C:\Windows\SysWow64\packager.dll [2011.12.26 20:33:22 | 000,063,488 | ---- | C] () -- C:\Windows\SysWow64\EZTW32.DLL [2011.12.02 22:03:15 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.02 22:03:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.12.02 22:03:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.12.02 22:03:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.18 23:39:50 | 001,623,814 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2011.04.18 06:56:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.01.2013 10:51:11 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 53,63% Memory free
7,83 Gb Paging File | 5,53 Gb Available in Paging File | 70,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,52 Gb Total Space | 13,31 Gb Free Space | 17,86% Space Free | Partition Type: NTFS
Drive D: | 202,08 Gb Total Space | 194,20 Gb Free Space | 96,10% Space Free | Partition Type: NTFS
Computer Name: RM-PC | User Name: RM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A3A4C4-D535-44F7-AF03-D3842618B488}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{193A0B8A-D12B-479A-8516-A92C598EC39D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{27AC2CAD-AB1C-4332-A409-4F1CD9CCA81C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2AF1705F-AF85-48EA-AC62-6A9045722076}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{36474965-0726-4862-9160-169C42B907DC}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{4D3AEA01-5F74-4810-A946-EF51A0923968}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62077DC6-3595-4A8C-B71F-2E60387A709E}" = rport=445 | protocol=6 | dir=out | app=system |
"{623E5DAB-14AF-4195-BE86-1D7BE781513F}" = rport=138 | protocol=17 | dir=out | app=system |
"{65C493F4-B0B0-4958-B611-33F420E0A715}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6CD6F138-4B18-4D3B-9D9A-841C7AEE56C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71BB7BA7-BC49-487E-BD90-FA5F243A8801}" = lport=139 | protocol=6 | dir=in | app=system |
"{77C23848-550A-4CB9-B062-2182126FA7D0}" = lport=445 | protocol=6 | dir=in | app=system |
"{78C32B9B-803C-4DAE-B40F-BCCB21720EC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DC5FD13-3197-4EBB-B38B-1BBEB882E848}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A7CBA76-8F44-41B4-9736-F1B8F2EFED73}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8F10134F-DF96-4CB0-B9BD-6B062268E04A}" = lport=138 | protocol=17 | dir=in | app=system |
"{912E66DA-5320-44F1-85AB-191FC3AFC356}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACD0B406-5C5E-43C3-84BB-7D8091714E14}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B4DA49AF-BCF5-47A4-9ABB-EFC05CB19C6B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CABCA414-0E26-4B16-B1B4-85254EA73721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF3C2DC4-9BF8-410A-AF87-7F3FBDEB2997}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{D8640F52-02EE-4243-99E4-776A7F78EF38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC68C7A7-6DC5-4A52-8770-4C30D854D77D}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD6F6446-2187-4F20-B4E8-DC649E4D2DE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E28487F7-BC3D-4051-A6C2-4AB6C501851C}" = rport=137 | protocol=17 | dir=out | app=system |
"{EED2B4F5-1A33-4550-BD46-852B15BE7EA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFDB426A-F9CA-402A-84C8-11BC6DFF31F4}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0397E381-FA52-48A9-BDC2-21EE4245B9FD}" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"{04C10ED8-FDB5-44BD-800D-92C7DD9984EA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{06074D2A-5158-4471-8479-ED477EA4D080}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15390B71-8B92-4531-982F-1E8E50551C8B}" = protocol=6 | dir=out | app=system |
"{17547657-6B86-4406-B40E-A627D17735D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D414148-18EC-42A8-9A21-AF0190706D1D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21AE3589-0D66-4CDB-9F0C-B62454DC7CBB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{236A3B81-8252-43B6-AA59-4884055F6B83}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2805D3AF-A713-4BC0-9CFF-CC2E7E97DB27}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2C1635E6-F82D-4F7D-B65B-ECA44539C723}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{355C2DD5-FCA6-41BF-96BA-A8DB72164E36}" = protocol=6 | dir=in | app=c:\users\rm\appdata\roaming\dropbox\bin\dropbox.exe |
"{39A6534D-0EC0-4B82-9E95-2C0CEA1DACB2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C0EAD3F-B46B-42DB-B3F8-D6E61C7670DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{44A71846-A6AC-4D3A-8B54-FCFDAA31C643}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4AFA5D74-4AF3-4E30-A935-B0A22EF2110E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F9753B3-ED17-4AB4-A276-620747193D8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53937A7F-D5D1-4940-8EE9-9CFC6AE2BB9D}" = protocol=17 | dir=in | app=c:\users\rm\appdata\roaming\dropbox\bin\dropbox.exe |
"{55669809-0665-4617-89E6-9FD8EB90E97C}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{57B397C3-F28C-4F26-8266-0EB12A989006}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5845912F-3935-4BC5-AB6F-FFB5408830F5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{61721674-CD00-439D-82A8-F03109D3DB8E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6240CC34-D9E5-4C4B-9899-1FF1E1C48339}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{636DDF34-7E72-47A0-ACA0-CA9F00C856FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6C3418A2-9C10-4F12-B9C4-C3B10C88E932}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82FF8CF1-1300-46A4-BC19-27A599870711}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{877177A9-7479-4764-95FF-2C9E2EB95467}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88FD23AA-2BDE-4DF9-8E83-E84E56CE3F78}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8A0303D6-17CB-4D72-907C-AA8C13172CFA}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{942CFB45-04A7-4EA5-BDCC-06A661F4FB17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C19C7BD-7181-4FE4-9590-60650A41737F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A69626F2-B999-43FD-9635-94287B551B04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6967408-1452-475D-948B-E1EDDF1D0388}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA850C36-363D-401D-A2C0-EB961B19B81D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B19B8A51-4417-40FF-A666-CF46742E0018}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B45231CB-DF91-4CA1-B1E3-12743B236541}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9D49B48-8F18-4C55-B21D-45C436D8487F}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{BACE5DF8-6775-4D0E-BE92-77AE836ADC08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C65EE8EB-6D14-4F76-86DF-DA4908E4B07A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEA5FCCC-A822-40BB-B4AB-EE6848FC99DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D39EFB5B-3ECC-4192-8D3A-3A39CACB0CCC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F15BD83D-6DCD-4B71-8223-BD245A7900BA}" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"{F63F869B-ECC7-4A51-BBDF-8DFFA23D709B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{FD5DABCB-325E-41AF-9ABB-67A3B34ABFDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{12203E37-1961-4BC4-9F0C-8BA4FFCC29D6}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{154B98D6-F124-40D0-A843-3A87D2382025}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{193B6079-DD5A-44A5-80C3-136568B22ABE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{23D61310-2780-43E7-8DB5-8F2CE067B0DC}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
"TCP Query User{2BBF0BBC-6474-4404-90C8-8D1EFE3454F8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{3BA5E084-44D9-4D65-81D0-7F3F8E982F19}C:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe |
"TCP Query User{52B88726-61B8-4BA9-8024-7116601602D0}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{646B8E91-1DAC-4E72-9C28-C83096FBF535}C:\program files (x86)\nimbuzz\nimbuzz.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nimbuzz\nimbuzz.exe |
"TCP Query User{69C77E88-6C9D-4802-80E1-944C655853D0}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{8A524C66-5EB0-492B-B5F2-1E4E21A63F2D}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
"TCP Query User{8AA05044-3D7A-4AA2-A831-C064C14D385F}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{91C53FB9-06A9-46E5-89F7-EC40F8E8F09F}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"TCP Query User{949B491D-0EE4-4E96-B9E0-92C4E8BB93ED}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{DFB9EDB9-5086-4228-A8FD-997C296BDA4F}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{F39E1DAB-B41D-45B5-B131-9B7BA4880C78}C:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe" = protocol=6 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe |
"UDP Query User{078179D4-7D55-436C-A53F-5FF53C7F1627}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{144DD26E-6243-4982-8838-0235B2FA2A7C}C:\program files (x86)\nimbuzz\nimbuzz.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nimbuzz\nimbuzz.exe |
"UDP Query User{40373981-24C3-43D4-B6A9-DB7A9D7224C4}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{56F785AD-FA4C-4E7C-80BD-3CFE1D2BF6AC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{59578A1A-11AA-472E-A41E-7CE8D56054E2}C:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex50.600\u1203.exe |
"UDP Query User{6E72BE20-DC5D-4676-87AC-8D344A4066E3}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"UDP Query User{7A110688-FA36-4DC4-876F-A17E168A5220}C:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\local\temp\rar$ex06.304\u1203.exe |
"UDP Query User{7E9F986C-4FF0-4D28-89EA-098CF0C3B583}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{81A9B80C-5B54-4DF8-99A8-22108BFA9CF7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{85E3A0CF-0411-4A18-A534-3B5737063F13}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{BE1D029A-AB08-4599-9FBA-0D1EC03D09AF}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
"UDP Query User{BE8FDBCF-BF76-4619-AB80-C160AA29D27B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{C13957CC-02A6-4237-8FF9-0EC81C516204}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C989CC7F-ED0E-4300-B3D7-32955EF37631}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{F0BAF490-E670-4F27-8172-0FE051AFB8C5}C:\users\rm\appdata\roaming\fuyno\okred.exe" = protocol=17 | dir=in | app=c:\users\rm\appdata\roaming\fuyno\okred.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E206106-BD80-4D56-8F74-FE43AA1C7160}" = Nitro PDF Reader 2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-3 (x64)
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74280B5D-A0AF-46c5-9C85-D9EA078262F1}" = HP LaserJet Professional M1530 MFP Series
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{807B5468-0F57-4844-B9A6-E5E5E888F419}" = pdfforge Toolbar v4.8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{865E1902-B6FE-4AF0-B61D-A82EBC53569E}" = hppSendFaxM1530
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9112FEA9-0F64-453C-BEA5-9A782F87EDAA}" = hppTLBXFXM1530
"{915B91B8-4001-4DCA-805C-177B29215643}" = PHP 5.3.10
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1D53426-D6F3-4886-A72B-E1A8C82259E9}" = hppM1530LaserJetService
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}" = HPLaserJetHelp_LearnCenter
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}" = HP LJ M1530 MFP Series HP Scan
"{C462F75B-9A35-4A84-AE52-E8C9112AAE87}" = hppFaxUtilityM1530
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FD575F8B-6141-455A-8AE5-F2D2E08520FC}" = hppFaxDrvM1530
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Jewel Quest 3" = Jewel Quest 3
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Nimbuzz" = Nimbuzz 2.3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"PC Wizard 2012_is1" = PC Wizard 2012.2.0
"PDF Editor 3" = PDF Editor 3
"Plants vs Zombies" = Plants vs Zombies
"Revo Uninstaller" = Revo Uninstaller 1.93
"STvcard gold_is1" = STvcard 3.0.0 gold
"Visitenkarten in 2 Minuten" = Visitenkarten in 2 Minuten
"VLC media player" = VLC media player 1.1.11
"World of Goo" = World of Goo
"XMedia Recode" = XMedia Recode 3.0.5.6
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-358859069-3282203192-411896712-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.01.2013 10:49:28 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 10:57:03 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 10:57:26 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:42:13 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:42:14 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:52:26 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:52:26 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 11:57:28 | Computer Name = RM-PC | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. Fehler: 1392 (0x570) : Die Datei oder das Verzeichnis ist beschädigt und
nicht lesbar. .
Error - 29.01.2013 16:38:45 | Computer Name = RM-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 29.01.2013 16:55:42 | Computer Name = RM-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0x4c4 Startzeit der fehlerhaften Anwendung: 0x01cdfe60c8f52aab Pfad der
fehlerhaften Anwendung: C:\Users\RM\Desktop\aswMBR.exe Pfad des fehlerhaften Moduls:
C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 3de64d1e-6a56-11e2-96c1-14dae919e4d1
Error - 29.01.2013 19:34:05 | Computer Name = RM-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
[ System Events ]
Error - 30.01.2013 19:13:13 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 31.01.2013 04:42:58 | Computer Name = RM-PC | Source = PNRPSvc | ID = 102
Description =
Error - 31.01.2013 04:42:58 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 31.01.2013 04:42:58 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 31.01.2013 04:43:07 | Computer Name = RM-PC | Source = PNRPSvc | ID = 102
Description =
Error - 31.01.2013 04:43:07 | Computer Name = RM-PC | Source = PNRPSvc | ID = 102
Description =
Error - 31.01.2013 04:43:07 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 31.01.2013 04:43:07 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 31.01.2013 04:43:07 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 31.01.2013 04:43:07 | Computer Name = RM-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
|
|
31.01.2013, 11:35
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Ransom und PUM.UserWLoad Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 13:11
| #27 |
| | Trojaner: Ransom und PUM.UserWLoad Anbei erst mal das Ergebnis von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.31.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 RM :: RM-PC [Administrator] 31.01.2013 12:49:04 mbam-log-2013-01-31 (12-49-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 273970 Laufzeit: 3 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=e4923c26ecbfdb4fb28c62eda62c4548
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-31 03:52:02
# local_time=2013-01-31 04:52:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 187743 225067212 180523 0
# compatibility_mode=5893 16776574 66 85 19033077 111277372 0 0
# scanned=167780
# found=0
# cleaned=0
# scan_time=13065
|
|
14.02.2013, 11:46
| #28 |
| | Trojaner: Ransom und PUM.UserWLoad Das ganze hat sich damit wohl erledigt. Bei mir scheint alles sauber zu sein. Ich möchte mich hiermit herzlichst bei Euch bedanken für all Eure Mühen. Das unterstürze ich sehr gerne mit einer kleinen Spende, so wie es sich gehört. Weiterhin wünsche ich Euch viel Erfolg. Herzliche Grüße |
|
14.02.2013, 12:13
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Ransom und PUM.UserWLoad Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2013, 12:22
| #30 |
| | Trojaner: Ransom und PUM.UserWLoad Werde es mir zu Herzen nehmen und mich besser schützen. Bisher habe ich keine Funde mehr. Gibts denn einen speziellen Schutz gegen die ganze Malware und Trojaner? Mein Avira (free version) hat mich ja leider nicht schützen können. Und die zwei Trojaner, um die es hier ging, hat er nicht mal bei komplettem Suchlauf gefunden. |
|
| Themen zu Trojaner: Ransom und PUM.UserWLoad |
| administrator, anti-malware, autostart, beheben, bösartige, dateien, eingefangen, explorer, gefangen, gen, log-datei, löschen, malwarebytes, microsoft, minute, problem, rechner, registrierung, service, software, speicher, temp, troja, trojaner, version, würde |
Textbox. 
Linear-Darstellung
