| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Babylon Search Suchmaschine / PC lahmt / Malware?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.01.2013, 18:57
| #1 |
| |  Babylon Search Suchmaschine / PC lahmt / Malware? Hallo liebe Forumsgemeinde, meinen Rechner nutze ich als Laie hauptsächlich beruflich ( Office Anwendungen ) und zum surfen im Netz. Trotz immenser Defizite im Bereich Sicherheit / Programme und dessen Auswirkung, kam ich immer gut zurecht... solange es keine Probleme gab. Die nun aufgetretenen lassen mich schier verzweifeln. Seit einigen Stunden nun versuche ich schon mithilfe der Anleitung hier bei euch...die notwendigen Schritte zu unternehmen um eure Hilfe in Anspruch nehmen zu können. Das alles ist sehr sehr kompliziert und wenn es mir mit eurer Unterstützung gelingen sollte meinen Rechner wieder auf Vordermann zu bringen, habt Ihr einen Orden verdient. Ich habe mir wohl beim surfen einige Viren und oder Trojaner ( ich glaub das nennt man Malware ) eingefangen. Eine dubiose Suchmaschine Namens "Babylon search" hat sich bei mir eingenistet. Seitdem mein Internet Explorer immer abstürzt ( ob das damit was zu tun hat, weiß ich nicht ) nutze ich Google Chrome. Mit der Installation dieses Browsers installierte sich wohl auch diese Suchmaschine, die IMMER in einem separaten Tab vor dem Google Chrome erscheint. Da die Oberfläche ziemlich "billig" anmutet, schließe ich dieses Fenster immer um anschließend mittels Google Chrome und der von mir als Startseite festgelegten Seite "google" ins Netz zu gehen. Das klappte immer reibungslos... bis mir auffiel das eine Verbindung zum Internet erst in immer größer werdenden Abständen erfolgte. Eine erste Recherche mittels Systemauslastung über den Task Manager ergab auch einige Leistungsfressende Applikationen, die ich nicht brauchte. Darunter waren einige Programme eines Anbieters "Software4u". Die habe ich sofort deinstalliert. Dabei fiel mir auch dieses Babylon Search wieder auf und ich googelte danach. Jetzt bin ich hier bei euch und stelle fest...das ich wohl echte Probleme habe. Nachfolgend im Anhang findet Ihr die von der Forumsgemeinschaft als Voraussetzung zur Teilnahme vorgeschriebenen Daten. Vielen Dank |
|
30.01.2013, 12:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Babylon Search Suchmaschine / PC lahmt / Malware? Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
30.01.2013, 17:53
| #3 |
| | Babylon Search Suchmaschine / PC lahmt / Malware? ...
__________________Geändert von inspigate (30.01.2013 um 17:57 Uhr) Grund: jetzt auch noch doppelt. man oh man |
|
30.01.2013, 17:54
| #4 |
| | Babylon Search Suchmaschine / PC lahmt / Malware? Hallo, vielen Dank für Deine Antwort. Ihr habt hier im Forum eine "Checkliste", nach der ein neuer User vorgehen soll, wenn Er seine Probleme schildert. Zu meiner Schande muss ich gestehen, das ich nach erneutem Nachsehen selbst festgestellt habe, das diese "zipperei" und Anhängen der Logfiles nur nach ausdrücklichem auffordern des helfenden erwünscht ist. Es ist also alles in Ordnung mit eurer Anleitung, wenn man denn Lesen kann...:-) Ich wusste mit nur nicht wirklich zu helfen. Nachfolgend nun die integrierten Logiles gmer.txt Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-01-29 18:26:17
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\0000004c ST315005 rev.CC34 1397,27GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Herzchen\AppData\Local\Temp\kxlyyuod.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600016e700 3 bytes [C0, 83, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600016e704 3 bytes [01, C4, FA]
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[836] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[1168] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Windows\SysWOW64\schtasks.exe[1640] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2200] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[2972] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3724] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3848] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[3896] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3468] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000779b9455 7 bytes {MOV EDX, 0x97be28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000779b967d 7 bytes {MOV EDX, 0x97be68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000779b96ad 7 bytes {MOV EDX, 0x97bda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000779b96c5 7 bytes {MOV EDX, 0x97bd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000779b96dd 7 bytes {MOV EDX, 0x97bf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000779b970d 7 bytes {MOV EDX, 0x97bf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000779b9785 7 bytes {MOV EDX, 0x97bee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000779b979d 7 bytes {MOV EDX, 0x97bea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000779b97e5 7 bytes {MOV EDX, 0x97bc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000779b98d5 7 bytes {MOV EDX, 0x97bca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000779b9b15 7 bytes {MOV EDX, 0x97bc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000779baa25 7 bytes {MOV EDX, 0x97bde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000779baa9d 7 bytes {MOV EDX, 0x97bd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000779bac95 7 bytes {MOV EDX, 0x97bce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4336] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000779b9455 7 bytes {MOV EDX, 0x975a28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000779b967d 7 bytes {MOV EDX, 0x975a68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000779b96ad 7 bytes {MOV EDX, 0x9759a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000779b96c5 7 bytes {MOV EDX, 0x975928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000779b96dd 7 bytes {MOV EDX, 0x975b28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000779b970d 7 bytes {MOV EDX, 0x975b68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000779b9785 7 bytes {MOV EDX, 0x975ae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000779b979d 7 bytes {MOV EDX, 0x975aa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000779b97e5 7 bytes {MOV EDX, 0x975868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000779b98d5 7 bytes {MOV EDX, 0x9758a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000779b9b15 7 bytes {MOV EDX, 0x975828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000779baa25 7 bytes {MOV EDX, 0x9759e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000779baa9d 7 bytes {MOV EDX, 0x975968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000779bac95 7 bytes {MOV EDX, 0x9758e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2104] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 00000000779b9455 7 bytes {MOV EDX, 0x104ea28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 00000000779b967d 7 bytes {MOV EDX, 0x104ea68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000779b96ad 7 bytes {MOV EDX, 0x104e9a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000779b96c5 7 bytes {MOV EDX, 0x104e928; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000779b96dd 7 bytes {MOV EDX, 0x104eb28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 00000000779b970d 7 bytes {MOV EDX, 0x104eb68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000779b9785 7 bytes {MOV EDX, 0x104eae8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000779b979d 7 bytes {MOV EDX, 0x104eaa8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 00000000779b97e5 7 bytes {MOV EDX, 0x104e868; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000779b98d5 7 bytes {MOV EDX, 0x104e8a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000779b9b15 7 bytes {MOV EDX, 0x104e828; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000779baa25 7 bytes {MOV EDX, 0x104e9e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000779baa9d 7 bytes {MOV EDX, 0x104e968; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000779bac95 7 bytes {MOV EDX, 0x104e8e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4360] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Windows\SysWOW64\conime.exe[4384] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
.text C:\Users\Herzchen\Downloads\gmer_2.0.18454.exe[4168] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000077095fb7 5 bytes JMP 00000001755741c0
---- Threads - GMER 2.0 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2708:1916] 0000000075b5f36f
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2708:3472] 0000000072fa0cb3
---- Processes - GMER 2.0 ----
Library C:\Program (*** suspicious ***) @ C:\Windows\system32\svchost.exe [316] 00000000730d0000
Library C:\Program (*** suspicious ***) @ C:\Windows\system32\svchost.exe [460] 00000000730d0000
Library C:\Program (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1204] 00000000730d0000
Library C:\Program (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1504] 00000000730d0000
Library C:\Windows\system32\dnssd.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1972] 00000000745d0000
Library C:\Windows\system32\dnssd.dll (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [3724] 00000000745d0000
---- EOF - GMER 2.0 ----
Code:
ATTFilter OTL logfile created on: 29.01.2013 16:16:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Herzchen\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,28% Memory free 8,21 Gb Paging File | 6,74 Gb Available in Paging File | 82,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 164,75 Gb Total Space | 29,41 Gb Free Space | 17,85% Space Free | Partition Type: NTFS Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.29 16:16:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Herzchen\Downloads\OTL.exe PRC - [2013.01.18 09:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.06.11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2008.01.21 03:50:17 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.01.18 09:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll MOD - [2013.01.18 09:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll MOD - [2013.01.18 09:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll MOD - [2013.01.18 09:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll MOD - [2013.01.18 09:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll MOD - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe MOD - [2012.12.05 18:09:41 | 002,148,376 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll MOD - [2012.12.02 17:15:41 | 000,070,144 | ---- | M] () -- C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.10 12:26:53 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.10.10 12:25:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.29 12:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.15 04:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.11.15 23:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.07.01 08:44:00 | 000,214,032 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2008.01.21 03:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2007.09.29 13:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV - [2012.05.08 14:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=114350&tt=4812_3&babsrc=SP_ss&mntrId=f093fd0d000000000000002421dec62d IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=5B7F1D18-991C-40B8-9225-945CCD0263C5&apn_sauid=0C0D9A1C-5575-4788-921D-739668AE2AB9 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE463 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.07 15:14:33 | 000,000,000 | ---D | M] [2012.12.02 17:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: No name found = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: corel.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: corel.com ([www] * in Trusted sites) O15 - HKCU\..Trusted Domains: intervideo.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: intervideo.com ([www] * in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EE8DB3E-B5B8-4A74-8C1B-93E4F9AF9230}: NameServer = 192.168.0.1,8.8.8.8 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.21 14:00:11 | 000,000,000 | ---D | M] - D:\Autoplay -- [ NTFS ] O32 - AutoRun File - [2010.04.02 13:03:16 | 003,048,072 | ---- | M] () - D:\autorun.exe -- [ NTFS ] O32 - AutoRun File - [2010.03.29 17:24:43 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.29 15:41:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2013.01.29 15:02:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2013.01.29 14:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.29 16:14:22 | 000,000,000 | ---- | M] () -- C:\Users\Herzchen\defogger_reenable [2013.01.29 16:05:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.29 15:43:21 | 001,684,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.29 15:43:21 | 000,718,376 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.29 15:43:21 | 000,671,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.29 15:43:21 | 000,164,672 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.29 15:43:21 | 000,134,744 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.29 15:37:41 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.29 15:37:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 15:37:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.29 15:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.29 15:07:56 | 001,571,838 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.29 15:06:29 | 002,988,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.29 14:39:42 | 002,128,937 | ---- | M] () -- C:\Users\Herzchen\Desktop\Foto 2.JPG [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.29 16:14:22 | 000,000,000 | ---- | C] () -- C:\Users\Herzchen\defogger_reenable [2012.10.26 19:20:36 | 001,571,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.03 23:41:55 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.09.03 23:41:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2012.08.29 15:34:36 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat [2012.08.29 15:00:38 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.18 20:48:39 | 000,005,120 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.31 15:25:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011.12.24 15:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011.12.24 15:45:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011.12.24 15:45:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011.12.19 15:04:08 | 000,000,732 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 17:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.02 17:13:54 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\Babylon [2012.10.07 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\DVDVideoSoft [2012.10.07 17:19:30 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.04 04:07:23 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\OpenCandy [2012.10.26 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\Software4u [2011.12.19 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\Telefónica [2012.07.04 04:08:26 | 000,000,000 | ---D | M] -- C:\Users\Herzchen\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.01.2013 16:16:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Herzchen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,28% Memory free
8,21 Gb Paging File | 6,74 Gb Available in Paging File | 82,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164,75 Gb Total Space | 29,41 Gb Free Space | 17,85% Space Free | Partition Type: NTFS
Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS
Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 87 5E 01 2E 2A FE CD 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0925116D-B0C7-4B20-A9C8-8670CDB77106}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{0EACFC2C-B60D-4753-A25F-2D2F026AD3D6}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0EDFBC48-3313-42FB-804C-1B7A336F447E}" = rport=445 | protocol=6 | dir=out | app=system |
"{137D3F6E-EC67-4EB0-90F1-964DD33AEC3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C264855-E63F-4AA4-B8DE-9227AB894E48}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1FC6DE7F-8182-4A6B-B343-1C5D5E084F32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DD6081A-7E53-46CA-983B-486901C1A99E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3FEE8A70-1584-4EB6-9668-25FD05CDEE31}" = rport=139 | protocol=6 | dir=out | app=system |
"{423A9AF7-36EB-43F8-9D14-6C42BFACE4BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{43B2BDB7-3C4A-4612-A2BF-4FE5F296058B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CA3F155-DA3F-42B2-BA3D-B8A693325C0A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50415946-626E-40BF-B32C-5D2DC26C7EDB}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{55E811BF-73CD-4B4A-9A5A-FAE2A2316ED7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C770C96-014F-435D-A247-D5A6F9D5E991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C8B389C-0B46-4159-A922-00784D180E52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E62B7ED-CB93-4F41-8C9E-738B99479257}" = lport=10243 | protocol=6 | dir=in | app=system |
"{802DD5D0-EA30-421D-9C68-767F9658866F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{83D69F3B-E991-4B4A-897E-CE9DC873976E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84F41BBC-21AC-4717-ADD9-40C4D68BCA28}" = lport=139 | protocol=6 | dir=in | app=system |
"{8804F9EF-E67E-4CED-8E48-B25F1B709513}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EB8C011-EA6B-4FAE-9CCA-FA433224AF8E}" = rport=138 | protocol=17 | dir=out | app=system |
"{948429EB-B723-450A-A142-50FB7A341AD1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{98AE2A01-BE8D-4313-8381-EDD5FF5F0797}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4E00D8D-D527-4FCC-B499-B5E3D8842CA9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B5E20F9A-ED04-4E85-BDD4-8A8D76BA4576}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BB235248-AFDD-4567-986B-D3EAF5A285C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C06A1926-4B61-4635-A1EA-CB2855A392BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7050CB2-3DD3-41D3-88B9-B8A145B6951E}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{DEE26011-C430-437D-87EE-C0D37E395E1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E030A802-7BED-4FE1-ACA8-FAB17DED6E7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6B7AB9A-2950-45AB-AF08-1C6390E9937C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E998853A-0E33-40DD-B709-EA061B9BD08B}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9FA3DEA-31B0-412B-AA69-61B3756A7DA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC9A3D88-91A9-44A1-B119-2058E588CF7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033D10F6-4958-420C-A0B9-5479BB94DA27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{061A8114-B7D6-4678-8071-7E765BBFFF49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17CE8588-BCD3-42C6-BF3D-91A8423DB40E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1AFFBBC8-A0B8-4C83-9138-63BEEFE7D36E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{205D4B1D-F47B-4681-AAD2-B896DAD8FEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{22038800-5519-4E5A-B79A-095A370ED6E9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{2E315945-7481-43F0-9872-EB9994C5B1AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39B17692-4F2D-4DF5-A6F2-31FD3BAF8B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3A4E7557-A1A7-4A7C-B2B7-E3782B6BAA92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C83B862-22D4-4187-BCC3-E5D483BB226C}" = protocol=6 | dir=out | app=system |
"{3FE5DD4B-C231-420A-BFD3-8E6C51F75670}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe |
"{471455FE-0C47-40C6-A6BA-36603615459E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{479296B4-F7A3-47C0-9AF5-B65F4D33D0C9}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{4E429141-2238-4EEC-90A5-16C03A46D24E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E209E49-9083-4A10-AF30-E7C5A41B1A8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C107856-E508-4A5E-963D-6B8ABC85605B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{819AFA8F-FB1A-436B-9506-CC8190DDB8ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FABBD77-F958-4F58-A454-BCEFAE4BDA3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{93A1AB46-3B9F-4916-A45F-5735B28E23FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96273C52-5658-4C57-88EB-90C3139BE5B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9759F2F8-A927-4E53-837A-088683EBB805}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{97EAF46D-98C3-4DC0-8151-D2D104E0F624}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98651290-AEF4-4620-B25D-BD749C1F8169}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe |
"{A1135F23-AD9F-4A63-A730-593EB3DA9EB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A1AF1DE9-2804-422D-A608-425641EB7DC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A60F5688-1149-4017-9AE8-4E93632EBD5F}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{AA41F950-320F-466B-8FA8-AC3ED91F4F34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AABC3BB6-308F-425E-90A3-F6704B6C1289}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD35A598-7620-4048-B740-503261F8F19B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADCFD34E-6A85-41AB-9587-3B8B101E5C43}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B28CF1DC-6745-4B7F-B6C6-F8593A0DEB37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6E1B303-55C4-4F5B-BCA3-74BD4EE129AE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C1134623-5C74-454F-AF80-456F682158E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CAF07322-8E40-41BA-BC1B-66769762E1D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB081CD7-44A3-47E1-9639-46D13C261343}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{EC3A5215-D5BF-416F-81D3-18F0E3FF64F4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{EDD9376A-02F1-4267-B243-9D8C79963C8F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F53AB695-A3CF-40ED-A827-C7E35BAB64AC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F627A7F7-FCBE-4A0A-BC14-98613FD33B4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F8C74914-625E-4CC1-AA10-FD0B5C3AFA83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9C7EFA6-2ED5-42BD-B4CD-768684E28971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2AB4E444-EED8-478C-BBB0-4ADB356371AA}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"TCP Query User{821B9BCD-396B-4DFD-B986-3440A79F9012}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{9208993D-0038-45A2-A8A7-6C82F1CB9D0F}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"TCP Query User{C0FFD717-5898-49D8-BBA4-3403FCA4A36D}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"TCP Query User{C74C0A1E-EE4F-452A-96AB-002659DB2BE3}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{D36256E0-38E6-4A1A-A2EB-1A9A7ABC6CFD}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe |
"UDP Query User{0EB99A89-CBE7-4E91-9703-D82D0025C68B}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{636AF192-5D84-40F7-9744-81114E5F2936}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"UDP Query User{728AFEEE-E6BB-46B5-A87F-49F8E486FFA4}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"UDP Query User{B93DE7AF-FACA-4E8D-94ED-7DEB3E7150E9}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe |
"UDP Query User{C8D6FE59-CB9D-4957-A1D8-74DD87DA1D97}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"UDP Query User{D6145BAC-A789-4131-A27B-AF6BB39F8BD5}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"VLC media player" = VLC media player 2.1.0-git
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.eu" = PokerStars.eu
"PROHYBRIDR" = 2007 Microsoft Office system
"TuneUp Utilities 2012" = TuneUp Utilities 2012
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.01.2013 00:33:39 | Computer Name = Basislager | Source = Bonjour Service | ID = 100
Description =
Error - 29.01.2013 00:33:39 | Computer Name = Basislager | Source = Bonjour Service | ID = 100
Description =
Error - 29.01.2013 00:33:39 | Computer Name = Basislager | Source = Bonjour Service | ID = 100
Description =
Error - 29.01.2013 09:39:37 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 09:39:51 | Computer Name = Basislager | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung chrome.exe, Version 24.0.1312.56, Zeitstempel
0x50f8e9e4, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733e1,
Ausnahmecode 0xc0000374, Fehleroffset 0x000ababb, Prozess-ID 0xc1c, Anwendungsstartzeit
01cdfe261a225971.
Error - 29.01.2013 09:45:54 | Computer Name = Basislager | Source = VSS | ID = 8194
Description =
Error - 29.01.2013 10:06:44 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 10:07:19 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 29.01.2013 10:10:30 | Computer Name = Basislager | Source = ESENT | ID = 215
Description = WinMail (3556) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 29.01.2013 10:10:31 | Computer Name = Basislager | Source = ESENT | ID = 215
Description = WinMail (3828) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 29.01.2013 10:38:51 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 30.12.2012 06:27:07 | Computer Name = Basislager | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 171837
seconds with 420 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.09.2012 15:40:13 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 12.09.2012 15:40:19 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 12.09.2012 15:40:26 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 12.09.2012 15:40:31 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 12.09.2012 15:40:35 | Computer Name = Herzchen-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 13.09.2012 07:28:15 | Computer Name = Herzchen-PC | Source = HTTP | ID = 15016
Description =
Error - 13.09.2012 07:28:57 | Computer Name = Herzchen-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 14.09.2012 06:12:38 | Computer Name = Herzchen-PC | Source = HTTP | ID = 15016
Description =
Error - 14.09.2012 06:13:15 | Computer Name = Herzchen-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.09.2012 03:34:40 | Computer Name = Herzchen-PC | Source = HTTP | ID = 15016
Description =
[ TuneUp Events ]
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
31.01.2013, 10:51
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Babylon Search Suchmaschine / PC lahmt / Malware? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.01.2013, 15:29
| #6 |
| | Babylon Search Suchmaschine / PC lahmt / Malware? Hallo, nein. weitere Logs habe ich nicht. Ich hab auch abgesehen von den in eurer Checkliste geforderten Programmen nix weiter auf meinem Rechner. Auch kein Anti Virus Scanner oder so. Eine Art Überprüfung oder Scan habe ich zum ersten Mal gemacht. |
|
31.01.2013, 15:33
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Babylon Search Suchmaschine / PC lahmt / Malware? 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 16:49
| #8 |
| | Babylon Search Suchmaschine / PC lahmt / Malware? Hallo, nachfolgend nun die Logs... aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 16:20:27
-----------------------------
16:20:27.335 OS Version: Windows x64 6.0.6002 Service Pack 2
16:20:27.336 Number of processors: 4 586 0x170A
16:20:27.336 ComputerName: BASISLAGER UserName: Herzchen
16:20:28.163 Initialize success
16:21:31.249 AVAST engine defs: 13013100
16:21:47.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004c
16:21:47.055 Disk 0 Vendor: ST315005 CC34 Size: 1430799MB BusType: 8
16:21:47.066 Disk 0 MBR read successfully
16:21:47.069 Disk 0 MBR scan
16:21:47.074 Disk 0 Windows VISTA default MBR code
16:21:47.085 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
16:21:47.097 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 168701 MB offset 24578048
16:21:47.115 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1249796 MB offset 370077696
16:21:47.150 Disk 0 scanning C:\Windows\system32\drivers
16:21:56.531 Service scanning
16:22:14.689 Modules scanning
16:22:14.700 Disk 0 trace - called modules:
16:22:14.717 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
16:22:14.723 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005aac790]
16:22:14.732 3 CLASSPNP.SYS[fffffa60007cfc33] -> nt!IofCallDriver -> [0xfffffa8003c5aaf0]
16:22:14.739 5 acpi.sys[fffffa60008fffde] -> nt!IofCallDriver -> \Device\0000004c[0xfffffa8004068060]
16:22:16.062 AVAST engine scan C:\Windows
16:22:17.749 AVAST engine scan C:\Windows\system32
16:25:52.167 AVAST engine scan C:\Windows\system32\drivers
16:26:07.103 AVAST engine scan C:\Users\Herzchen
16:31:38.967 Disk 0 MBR has been saved successfully to "C:\Users\Herzchen\Documents\MBR.dat"
16:31:38.979 The log file has been saved successfully to "C:\Users\Herzchen\Documents\aswMBR.txt"
16:37:03.289 AVAST engine scan C:\ProgramData
16:38:26.889 Scan finished successfully
16:43:04.194 Disk 0 MBR has been saved successfully to "C:\Users\Herzchen\Documents\MBR.dat"
16:43:04.213 The log file has been saved successfully to "C:\Users\Herzchen\Documents\aswMBR.txt"
16:43:42.046 Disk 0 MBR has been saved successfully to "C:\Users\Herzchen\Documents\MBR.dat"
16:43:42.053 The log file has been saved successfully to "C:\Users\Herzchen\Documents\aswMBR.txt"
TDSSKiller Code:
ATTFilter 16:44:08.0188 4564 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:44:08.0346 4564 ============================================================
16:44:08.0346 4564 Current date / time: 2013/01/31 16:44:08.0346
16:44:08.0346 4564 SystemInfo:
16:44:08.0346 4564
16:44:08.0346 4564 OS Version: 6.0.6002 ServicePack: 2.0
16:44:08.0346 4564 Product type: Workstation
16:44:08.0346 4564 ComputerName: BASISLAGER
16:44:08.0346 4564 UserName: Herzchen
16:44:08.0346 4564 Windows directory: C:\Windows
16:44:08.0346 4564 System windows directory: C:\Windows
16:44:08.0346 4564 Running under WOW64
16:44:08.0346 4564 Processor architecture: Intel x64
16:44:08.0346 4564 Number of processors: 4
16:44:08.0346 4564 Page size: 0x1000
16:44:08.0346 4564 Boot type: Normal boot
16:44:08.0346 4564 ============================================================
16:44:08.0957 4564 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:44:08.0973 4564 ============================================================
16:44:08.0973 4564 \Device\Harddisk0\DR0:
16:44:08.0973 4564 MBR partitions:
16:44:08.0973 4564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x1497E800
16:44:08.0973 4564 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x160EF000, BlocksNum 0x98902328
16:44:08.0973 4564 ============================================================
16:44:08.0997 4564 C: <-> \Device\Harddisk0\DR0\Partition1
16:44:09.0072 4564 D: <-> \Device\Harddisk0\DR0\Partition2
16:44:09.0072 4564 ============================================================
16:44:09.0072 4564 Initialize success
16:44:09.0072 4564 ============================================================
16:44:56.0476 4588 ============================================================
16:44:56.0476 4588 Scan started
16:44:56.0476 4588 Mode: Manual; SigCheck; TDLFS;
16:44:56.0476 4588 ============================================================
16:44:57.0080 4588 ================ Scan system memory ========================
16:44:57.0080 4588 System memory - ok
16:44:57.0080 4588 ================ Scan services =============================
16:44:57.0391 4588 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:44:57.0501 4588 ACPI - ok
16:44:57.0546 4588 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
16:44:57.0571 4588 adfs - ok
16:44:57.0688 4588 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
16:44:57.0700 4588 Adobe Version Cue CS4 - ok
16:44:57.0722 4588 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:44:57.0732 4588 AdobeARMservice - ok
16:44:57.0771 4588 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:44:57.0792 4588 adp94xx - ok
16:44:57.0832 4588 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:44:57.0850 4588 adpahci - ok
16:44:57.0865 4588 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:44:57.0885 4588 adpu160m - ok
16:44:57.0904 4588 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:44:57.0917 4588 adpu320 - ok
16:44:57.0946 4588 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:44:58.0114 4588 AeLookupSvc - ok
16:44:58.0160 4588 [ 0CC146C4ADDEA45791B18B1E2659F4A9 ] AFD C:\Windows\system32\drivers\afd.sys
16:44:58.0193 4588 AFD - ok
16:44:58.0268 4588 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:44:58.0279 4588 agp440 - ok
16:44:58.0305 4588 [ 9AD31FA5C184CAFFF018573D58ED763A ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
16:44:58.0326 4588 ahcix64s - ok
16:44:58.0346 4588 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:44:58.0359 4588 aic78xx - ok
16:44:58.0375 4588 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
16:44:58.0461 4588 ALG - ok
16:44:58.0492 4588 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
16:44:58.0503 4588 aliide - ok
16:44:58.0515 4588 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
16:44:58.0525 4588 amdide - ok
16:44:58.0557 4588 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:44:58.0592 4588 AmdK8 - ok
16:44:58.0624 4588 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
16:44:58.0651 4588 Appinfo - ok
16:44:58.0708 4588 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:44:58.0719 4588 Apple Mobile Device - ok
16:44:58.0738 4588 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
16:44:58.0751 4588 arc - ok
16:44:58.0767 4588 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:44:58.0780 4588 arcsas - ok
16:44:58.0895 4588 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:44:58.0906 4588 aspnet_state - ok
16:44:58.0924 4588 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:44:58.0959 4588 AsyncMac - ok
16:44:58.0993 4588 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
16:44:59.0004 4588 atapi - ok
16:44:59.0038 4588 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:44:59.0069 4588 AudioEndpointBuilder - ok
16:44:59.0093 4588 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:44:59.0126 4588 AudioSrv - ok
16:44:59.0157 4588 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
16:44:59.0207 4588 BFE - ok
16:44:59.0239 4588 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
16:44:59.0296 4588 BITS - ok
16:44:59.0328 4588 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:44:59.0363 4588 blbdrive - ok
16:44:59.0388 4588 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:44:59.0415 4588 bowser - ok
16:44:59.0444 4588 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:44:59.0470 4588 BrFiltLo - ok
16:44:59.0485 4588 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:44:59.0514 4588 BrFiltUp - ok
16:44:59.0534 4588 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
16:44:59.0570 4588 Browser - ok
16:44:59.0718 4588 [ EBBA16A88F517BFB1B7681ABF006C8B0 ] Browser Manager C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
16:44:59.0800 4588 Browser Manager - ok
16:44:59.0836 4588 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
16:44:59.0964 4588 Brserid - ok
16:44:59.0983 4588 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:45:00.0035 4588 BrSerWdm - ok
16:45:00.0056 4588 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:45:00.0108 4588 BrUsbMdm - ok
16:45:00.0130 4588 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:45:00.0181 4588 BrUsbSer - ok
16:45:00.0198 4588 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:45:00.0250 4588 BTHMODEM - ok
16:45:00.0286 4588 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:45:00.0320 4588 cdfs - ok
16:45:00.0349 4588 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:45:00.0373 4588 cdrom - ok
16:45:00.0436 4588 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
16:45:00.0463 4588 CertPropSvc - ok
16:45:00.0481 4588 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
16:45:00.0516 4588 circlass - ok
16:45:00.0552 4588 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
16:45:00.0572 4588 CLFS - ok
16:45:00.0645 4588 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:45:00.0656 4588 clr_optimization_v2.0.50727_32 - ok
16:45:00.0682 4588 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:45:00.0694 4588 clr_optimization_v2.0.50727_64 - ok
16:45:00.0750 4588 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:45:00.0762 4588 clr_optimization_v4.0.30319_32 - ok
16:45:00.0809 4588 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:45:00.0821 4588 clr_optimization_v4.0.30319_64 - ok
16:45:00.0837 4588 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:45:00.0847 4588 cmdide - ok
16:45:00.0860 4588 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:45:00.0871 4588 Compbatt - ok
16:45:00.0878 4588 COMSysApp - ok
16:45:00.0946 4588 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:45:00.0957 4588 crcdisk - ok
16:45:00.0980 4588 [ 18918613E63F387CDE4D95CA7D49DCF7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:45:01.0008 4588 CryptSvc - ok
16:45:01.0069 4588 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:45:01.0111 4588 DcomLaunch - ok
16:45:01.0144 4588 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:45:01.0169 4588 DfsC - ok
16:45:01.0247 4588 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
16:45:01.0376 4588 DFSR - ok
16:45:01.0409 4588 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:45:01.0439 4588 Dhcp - ok
16:45:01.0469 4588 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
16:45:01.0482 4588 disk - ok
16:45:01.0516 4588 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:45:01.0545 4588 Dnscache - ok
16:45:01.0565 4588 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
16:45:01.0594 4588 dot3svc - ok
16:45:01.0626 4588 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
16:45:01.0663 4588 DPS - ok
16:45:01.0705 4588 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:45:01.0731 4588 drmkaud - ok
16:45:01.0762 4588 [ E828CDCA431D1F98D33501DFC390079A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:45:01.0807 4588 DXGKrnl - ok
16:45:01.0838 4588 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
16:45:01.0874 4588 E1G60 - ok
16:45:01.0893 4588 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
16:45:01.0920 4588 EapHost - ok
16:45:01.0961 4588 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
16:45:01.0977 4588 Ecache - ok
16:45:02.0039 4588 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:45:02.0067 4588 ehRecvr - ok
16:45:02.0128 4588 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
16:45:02.0145 4588 ehSched - ok
16:45:02.0170 4588 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
16:45:02.0247 4588 ehstart - ok
16:45:02.0272 4588 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:45:02.0292 4588 elxstor - ok
16:45:02.0333 4588 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:45:02.0378 4588 EMDMgmt - ok
16:45:02.0409 4588 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:45:02.0448 4588 ErrDev - ok
16:45:02.0470 4588 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
16:45:02.0503 4588 EventSystem - ok
16:45:02.0519 4588 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
16:45:02.0546 4588 exfat - ok
16:45:02.0571 4588 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:45:02.0599 4588 fastfat - ok
16:45:02.0624 4588 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:45:02.0659 4588 fdc - ok
16:45:02.0671 4588 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
16:45:02.0707 4588 fdPHost - ok
16:45:02.0721 4588 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
16:45:02.0774 4588 FDResPub - ok
16:45:02.0782 4588 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:45:02.0793 4588 FileInfo - ok
16:45:02.0813 4588 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:45:02.0844 4588 Filetrace - ok
16:45:02.0890 4588 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:45:02.0913 4588 FLEXnet Licensing Service - ok
16:45:03.0004 4588 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:45:03.0035 4588 FLEXnet Licensing Service 64 - ok
16:45:03.0069 4588 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:45:03.0100 4588 flpydisk - ok
16:45:03.0119 4588 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:45:03.0134 4588 FltMgr - ok
16:45:03.0168 4588 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:45:03.0177 4588 FontCache3.0.0.0 - ok
16:45:03.0194 4588 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:45:03.0219 4588 Fs_Rec - ok
16:45:03.0236 4588 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:45:03.0249 4588 gagp30kx - ok
16:45:03.0285 4588 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:45:03.0294 4588 GEARAspiWDM - ok
16:45:03.0327 4588 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
16:45:03.0368 4588 gpsvc - ok
16:45:03.0428 4588 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:03.0438 4588 gupdate - ok
16:45:03.0455 4588 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:45:03.0464 4588 gupdatem - ok
16:45:03.0501 4588 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:45:03.0532 4588 HdAudAddService - ok
16:45:03.0567 4588 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:45:03.0613 4588 HDAudBus - ok
16:45:03.0635 4588 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:45:03.0688 4588 HidBth - ok
16:45:03.0705 4588 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:45:03.0758 4588 HidIr - ok
16:45:03.0787 4588 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
16:45:03.0815 4588 hidserv - ok
16:45:03.0832 4588 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:45:03.0858 4588 HidUsb - ok
16:45:03.0880 4588 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
16:45:03.0917 4588 hkmsvc - ok
16:45:03.0947 4588 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:45:03.0958 4588 HpCISSs - ok
16:45:03.0996 4588 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:45:04.0033 4588 HTTP - ok
16:45:04.0069 4588 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:45:04.0080 4588 i2omp - ok
16:45:04.0114 4588 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:45:04.0141 4588 i8042prt - ok
16:45:04.0156 4588 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:45:04.0171 4588 iaStorV - ok
16:45:04.0228 4588 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:45:04.0260 4588 idsvc - ok
16:45:04.0299 4588 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:45:04.0310 4588 iirsp - ok
16:45:04.0332 4588 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
16:45:04.0367 4588 IKEEXT - ok
16:45:04.0383 4588 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
16:45:04.0393 4588 intelide - ok
16:45:04.0406 4588 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:45:04.0442 4588 intelppm - ok
16:45:04.0463 4588 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:45:04.0502 4588 IPBusEnum - ok
16:45:04.0540 4588 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:45:04.0567 4588 IpFilterDriver - ok
16:45:04.0595 4588 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:45:04.0617 4588 iphlpsvc - ok
16:45:04.0621 4588 IpInIp - ok
16:45:04.0634 4588 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:45:04.0671 4588 IPMIDRV - ok
16:45:04.0690 4588 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:45:04.0729 4588 IPNAT - ok
16:45:04.0776 4588 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:45:04.0808 4588 iPod Service - ok
16:45:04.0840 4588 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:45:04.0875 4588 IRENUM - ok
16:45:04.0887 4588 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:45:04.0898 4588 isapnp - ok
16:45:04.0931 4588 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:45:04.0947 4588 iScsiPrt - ok
16:45:04.0971 4588 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:45:04.0981 4588 iteatapi - ok
16:45:05.0001 4588 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:45:05.0011 4588 iteraid - ok
16:45:05.0040 4588 [ 98E7D6164EBA27EF25835F95910E622C ] JRAID C:\Windows\system32\drivers\jraid.sys
16:45:05.0065 4588 JRAID - ok
16:45:05.0081 4588 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:45:05.0092 4588 kbdclass - ok
16:45:05.0107 4588 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:45:05.0133 4588 kbdhid - ok
16:45:05.0150 4588 [ 40348DCEC0712ED42231C5F90A69A690 ] KeyIso C:\Windows\system32\lsass.exe
16:45:05.0178 4588 KeyIso - ok
16:45:05.0202 4588 [ 476E2C1DCEA45895994BEF11C2A98715 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:45:05.0225 4588 KSecDD - ok
16:45:05.0255 4588 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:45:05.0290 4588 ksthunk - ok
16:45:05.0326 4588 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
16:45:05.0370 4588 KtmRm - ok
16:45:05.0413 4588 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:45:05.0437 4588 LanmanServer - ok
16:45:05.0496 4588 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:45:05.0518 4588 LanmanWorkstation - ok
16:45:05.0538 4588 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:45:05.0574 4588 lltdio - ok
16:45:05.0601 4588 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:45:05.0640 4588 lltdsvc - ok
16:45:05.0659 4588 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:45:05.0695 4588 lmhosts - ok
16:45:05.0712 4588 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:45:05.0724 4588 LSI_FC - ok
16:45:05.0750 4588 [ 5BF5C2F7C5C0D44E584E9CF324FF1047 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:45:05.0779 4588 LSI_SAS - ok
16:45:05.0784 4588 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:45:05.0796 4588 LSI_SCSI - ok
16:45:05.0815 4588 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
16:45:05.0851 4588 luafv - ok
16:45:05.0867 4588 massfilter - ok
16:45:05.0873 4588 massfilter_hs - ok
16:45:05.0887 4588 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:45:05.0902 4588 Mcx2Svc - ok
16:45:05.0913 4588 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
16:45:05.0924 4588 megasas - ok
16:45:05.0941 4588 [ 42AE08E8A97F6A81D59276FCCDFE6B50 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:45:05.0975 4588 MegaSR - ok
16:45:06.0016 4588 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
16:45:06.0052 4588 MMCSS - ok
16:45:06.0069 4588 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
16:45:06.0104 4588 Modem - ok
16:45:06.0125 4588 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:45:06.0160 4588 monitor - ok
16:45:06.0175 4588 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:45:06.0186 4588 mouclass - ok
16:45:06.0191 4588 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:45:06.0226 4588 mouhid - ok
16:45:06.0240 4588 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:45:06.0252 4588 MountMgr - ok
16:45:06.0271 4588 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
16:45:06.0284 4588 mpio - ok
16:45:06.0305 4588 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:45:06.0332 4588 mpsdrv - ok
16:45:06.0376 4588 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
16:45:06.0415 4588 MpsSvc - ok
16:45:06.0427 4588 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:45:06.0438 4588 Mraid35x - ok
16:45:06.0454 4588 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:45:06.0471 4588 MRxDAV - ok
16:45:06.0505 4588 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:45:06.0534 4588 mrxsmb - ok
16:45:06.0557 4588 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:45:06.0575 4588 mrxsmb10 - ok
16:45:06.0601 4588 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:45:06.0616 4588 mrxsmb20 - ok
16:45:06.0634 4588 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
16:45:06.0645 4588 msahci - ok
16:45:06.0663 4588 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:45:06.0676 4588 msdsm - ok
16:45:06.0690 4588 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
16:45:06.0728 4588 MSDTC - ok
16:45:06.0748 4588 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:45:06.0783 4588 Msfs - ok
16:45:06.0801 4588 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:45:06.0810 4588 msisadrv - ok
16:45:06.0839 4588 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:45:06.0872 4588 MSiSCSI - ok
16:45:06.0876 4588 msiserver - ok
16:45:06.0906 4588 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:45:06.0937 4588 MSKSSRV - ok
16:45:06.0944 4588 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:45:06.0975 4588 MSPCLOCK - ok
16:45:06.0984 4588 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:45:07.0015 4588 MSPQM - ok
16:45:07.0051 4588 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:45:07.0067 4588 MsRPC - ok
16:45:07.0091 4588 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:45:07.0101 4588 mssmbios - ok
16:45:07.0114 4588 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:45:07.0145 4588 MSTEE - ok
16:45:07.0165 4588 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
16:45:07.0180 4588 Mup - ok
16:45:07.0203 4588 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
16:45:07.0238 4588 napagent - ok
16:45:07.0349 4588 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:45:07.0366 4588 NativeWifiP - ok
16:45:07.0412 4588 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:45:07.0442 4588 NDIS - ok
16:45:07.0475 4588 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:45:07.0501 4588 NdisTapi - ok
16:45:07.0517 4588 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:45:07.0552 4588 Ndisuio - ok
16:45:07.0566 4588 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:45:07.0594 4588 NdisWan - ok
16:45:07.0612 4588 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:45:07.0639 4588 NDProxy - ok
16:45:07.0655 4588 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:45:07.0690 4588 NetBIOS - ok
16:45:07.0708 4588 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:45:07.0737 4588 netbt - ok
16:45:07.0754 4588 [ 40348DCEC0712ED42231C5F90A69A690 ] Netlogon C:\Windows\system32\lsass.exe
16:45:07.0767 4588 Netlogon - ok
16:45:07.0810 4588 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
16:45:07.0852 4588 Netman - ok
16:45:07.0887 4588 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:07.0898 4588 NetMsmqActivator - ok
16:45:07.0903 4588 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:07.0913 4588 NetPipeActivator - ok
16:45:07.0931 4588 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
16:45:07.0971 4588 netprofm - ok
16:45:07.0976 4588 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:07.0987 4588 NetTcpActivator - ok
16:45:07.0991 4588 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:45:08.0002 4588 NetTcpPortSharing - ok
16:45:08.0014 4588 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:45:08.0025 4588 nfrd960 - ok
16:45:08.0043 4588 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
16:45:08.0081 4588 NlaSvc - ok
16:45:08.0099 4588 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:45:08.0125 4588 Npfs - ok
16:45:08.0142 4588 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
16:45:08.0178 4588 nsi - ok
16:45:08.0186 4588 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:45:08.0221 4588 nsiproxy - ok
16:45:08.0276 4588 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:45:08.0340 4588 Ntfs - ok
16:45:08.0386 4588 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
16:45:08.0421 4588 Null - ok
16:45:08.0486 4588 [ 99ED33F7FE39026A477893D92AEA5EF0 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
16:45:08.0548 4588 NVENETFD - ok
16:45:08.0800 4588 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:45:09.0284 4588 nvlddmkm - ok
16:45:09.0307 4588 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:45:09.0320 4588 nvraid - ok
16:45:09.0343 4588 [ 90731D8A25964715B850A5B8C3DBFD22 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
16:45:09.0355 4588 nvrd64 - ok
16:45:09.0371 4588 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:45:09.0382 4588 nvstor - ok
16:45:09.0402 4588 [ 14E8409CCE4BFC7591F8697A8748DC5B ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
16:45:09.0411 4588 nvstor64 - ok
16:45:09.0460 4588 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:45:09.0492 4588 nvsvc - ok
16:45:09.0574 4588 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:45:09.0631 4588 nvUpdatusService - ok
16:45:09.0680 4588 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:45:09.0693 4588 nv_agp - ok
16:45:09.0699 4588 NwlnkFlt - ok
16:45:09.0707 4588 NwlnkFwd - ok
16:45:09.0786 4588 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:45:09.0805 4588 odserv - ok
16:45:09.0852 4588 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:45:09.0878 4588 ohci1394 - ok
16:45:09.0904 4588 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:45:09.0916 4588 ose - ok
16:45:09.0987 4588 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:45:10.0030 4588 p2pimsvc - ok
16:45:10.0042 4588 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
16:45:10.0068 4588 p2psvc - ok
16:45:10.0094 4588 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
16:45:10.0148 4588 Parport - ok
16:45:10.0173 4588 [ F9B5EDA4C17A2BE7663F064DBF0FE254 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:45:10.0186 4588 partmgr - ok
16:45:10.0207 4588 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
16:45:10.0236 4588 PcaSvc - ok
16:45:10.0258 4588 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
16:45:10.0273 4588 pci - ok
16:45:10.0286 4588 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
16:45:10.0296 4588 pciide - ok
16:45:10.0317 4588 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:45:10.0331 4588 pcmcia - ok
16:45:10.0357 4588 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:45:10.0425 4588 PEAUTH - ok
16:45:10.0480 4588 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:45:10.0516 4588 PerfHost - ok
16:45:10.0584 4588 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
16:45:10.0652 4588 pla - ok
16:45:10.0679 4588 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:45:10.0711 4588 PlugPlay - ok
16:45:10.0724 4588 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:45:10.0751 4588 PNRPAutoReg - ok
16:45:10.0763 4588 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:45:10.0790 4588 PNRPsvc - ok
16:45:10.0859 4588 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:45:10.0895 4588 PolicyAgent - ok
16:45:10.0913 4588 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:45:10.0940 4588 PptpMiniport - ok
16:45:10.0960 4588 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
16:45:10.0994 4588 Processor - ok
16:45:11.0020 4588 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
16:45:11.0046 4588 ProfSvc - ok
16:45:11.0060 4588 [ 40348DCEC0712ED42231C5F90A69A690 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:45:11.0072 4588 ProtectedStorage - ok
16:45:11.0082 4588 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:45:11.0106 4588 PSched - ok
16:45:11.0136 4588 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
16:45:11.0146 4588 PSI_SVC_2 - ok
16:45:11.0184 4588 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:45:11.0229 4588 ql2300 - ok
16:45:11.0260 4588 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:45:11.0271 4588 ql40xx - ok
16:45:11.0307 4588 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
16:45:11.0325 4588 QWAVE - ok
16:45:11.0335 4588 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:45:11.0348 4588 QWAVEdrv - ok
16:45:11.0355 4588 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:45:11.0385 4588 RasAcd - ok
16:45:11.0395 4588 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
16:45:11.0432 4588 RasAuto - ok
16:45:11.0450 4588 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:45:11.0478 4588 Rasl2tp - ok
16:45:11.0500 4588 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
16:45:11.0531 4588 RasMan - ok
16:45:11.0549 4588 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:45:11.0575 4588 RasPppoe - ok
16:45:11.0607 4588 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:45:11.0621 4588 RasSstp - ok
16:45:11.0637 4588 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:45:11.0667 4588 rdbss - ok
16:45:11.0684 4588 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:45:11.0720 4588 RDPCDD - ok
16:45:11.0743 4588 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:45:11.0782 4588 rdpdr - ok
16:45:11.0787 4588 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:45:11.0818 4588 RDPENCDD - ok
16:45:11.0849 4588 [ B1D741C87CEA8D7282146366CC9C3F81 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:45:11.0875 4588 RDPWD - ok
16:45:11.0899 4588 [ 84C83C7577407C4FF6AB1379EE944610 ] regi C:\Windows\system32\drivers\regi.sys
16:45:11.0909 4588 regi - ok
16:45:11.0934 4588 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:45:11.0966 4588 RemoteAccess - ok
16:45:11.0985 4588 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:45:12.0012 4588 RemoteRegistry - ok
16:45:12.0028 4588 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
16:45:12.0067 4588 RpcLocator - ok
16:45:12.0086 4588 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
16:45:12.0125 4588 RpcSs - ok
16:45:12.0141 4588 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:45:12.0182 4588 rspndr - ok
16:45:12.0199 4588 [ 40348DCEC0712ED42231C5F90A69A690 ] SamSs C:\Windows\system32\lsass.exe
16:45:12.0213 4588 SamSs - ok
16:45:12.0223 4588 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:45:12.0235 4588 sbp2port - ok
16:45:12.0270 4588 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:45:12.0299 4588 SCardSvr - ok
16:45:12.0338 4588 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
16:45:12.0378 4588 Schedule - ok
16:45:12.0420 4588 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:45:12.0445 4588 SCPolicySvc - ok
16:45:12.0471 4588 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:45:12.0495 4588 SDRSVC - ok
16:45:12.0514 4588 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:45:12.0568 4588 secdrv - ok
16:45:12.0576 4588 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
16:45:12.0612 4588 seclogon - ok
16:45:12.0621 4588 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
16:45:12.0658 4588 SENS - ok
16:45:12.0672 4588 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:45:12.0726 4588 Serenum - ok
16:45:12.0744 4588 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
16:45:12.0792 4588 Serial - ok
16:45:12.0801 4588 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:45:12.0832 4588 sermouse - ok
16:45:12.0862 4588 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
16:45:12.0894 4588 SessionEnv - ok
16:45:12.0912 4588 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:45:12.0943 4588 sffdisk - ok
16:45:12.0954 4588 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:45:12.0986 4588 sffp_mmc - ok
16:45:12.0999 4588 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:45:13.0030 4588 sffp_sd - ok
16:45:13.0040 4588 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:45:13.0086 4588 sfloppy - ok
16:45:13.0105 4588 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:45:13.0142 4588 SharedAccess - ok
16:45:13.0195 4588 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:45:13.0223 4588 ShellHWDetection - ok
16:45:13.0235 4588 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:45:13.0246 4588 SiSRaid2 - ok
16:45:13.0258 4588 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:45:13.0268 4588 SiSRaid4 - ok
16:45:13.0341 4588 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
16:45:13.0443 4588 slsvc - ok
16:45:13.0496 4588 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:45:13.0524 4588 SLUINotify - ok
16:45:13.0563 4588 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:45:13.0590 4588 Smb - ok
16:45:13.0620 4588 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:45:13.0634 4588 SNMPTRAP - ok
16:45:13.0664 4588 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
16:45:13.0676 4588 spldr - ok
16:45:13.0705 4588 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
16:45:13.0732 4588 Spooler - ok
16:45:13.0761 4588 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
16:45:13.0787 4588 srv - ok
16:45:13.0842 4588 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:45:13.0871 4588 srv2 - ok
16:45:13.0889 4588 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:45:13.0904 4588 srvnet - ok
16:45:13.0928 4588 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:45:13.0966 4588 SSDPSRV - ok
16:45:14.0003 4588 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:45:14.0019 4588 SstpSvc - ok
16:45:14.0083 4588 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:45:14.0101 4588 Stereo Service - ok
16:45:14.0163 4588 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
16:45:14.0190 4588 stisvc - ok
16:45:14.0235 4588 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:45:14.0246 4588 swenum - ok
16:45:14.0283 4588 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
16:45:14.0319 4588 swprv - ok
16:45:14.0336 4588 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:45:14.0348 4588 Symc8xx - ok
16:45:14.0356 4588 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:45:14.0367 4588 Sym_hi - ok
16:45:14.0382 4588 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:45:14.0393 4588 Sym_u3 - ok
16:45:14.0438 4588 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
16:45:14.0483 4588 SysMain - ok
16:45:14.0504 4588 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:45:14.0522 4588 TabletInputService - ok
16:45:14.0562 4588 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:45:14.0594 4588 TapiSrv - ok
16:45:14.0607 4588 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
16:45:14.0644 4588 TBS - ok
16:45:14.0692 4588 [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:45:14.0757 4588 Tcpip - ok
16:45:14.0804 4588 [ 973658A2EA9C06B2976884B9046DFC6C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:45:14.0847 4588 Tcpip6 - ok
16:45:14.0883 4588 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:45:14.0911 4588 tcpipreg - ok
16:45:14.0928 4588 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:45:14.0964 4588 TDPIPE - ok
16:45:14.0984 4588 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:45:15.0019 4588 TDTCP - ok
16:45:15.0061 4588 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:45:15.0088 4588 tdx - ok
16:45:15.0110 4588 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:45:15.0124 4588 TermDD - ok
16:45:15.0153 4588 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
16:45:15.0190 4588 TermService - ok
16:45:15.0221 4588 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
16:45:15.0238 4588 Themes - ok
16:45:15.0253 4588 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
16:45:15.0289 4588 THREADORDER - ok
16:45:15.0305 4588 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
16:45:15.0350 4588 TrkWks - ok
16:45:15.0410 4588 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:45:15.0436 4588 TrustedInstaller - ok
16:45:15.0454 4588 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:45:15.0489 4588 tssecsrv - ok
16:45:15.0566 4588 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
16:45:15.0646 4588 TuneUp.UtilitiesSvc - ok
16:45:15.0683 4588 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
16:45:15.0692 4588 TuneUpUtilitiesDrv - ok
16:45:15.0705 4588 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:45:15.0719 4588 tunmp - ok
16:45:15.0759 4588 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:45:15.0773 4588 tunnel - ok
16:45:15.0783 4588 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:45:15.0795 4588 uagp35 - ok
16:45:15.0814 4588 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:45:15.0844 4588 udfs - ok
16:45:15.0867 4588 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:45:15.0904 4588 UI0Detect - ok
16:45:15.0922 4588 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:45:15.0935 4588 uliagpkx - ok
16:45:15.0956 4588 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:45:15.0972 4588 uliahci - ok
16:45:15.0992 4588 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:45:16.0005 4588 UlSata - ok
16:45:16.0022 4588 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:45:16.0035 4588 ulsata2 - ok
16:45:16.0057 4588 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:45:16.0092 4588 umbus - ok
16:45:16.0107 4588 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
16:45:16.0150 4588 upnphost - ok
16:45:16.0174 4588 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:45:16.0199 4588 USBAAPL64 - ok
16:45:16.0223 4588 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:45:16.0251 4588 usbccgp - ok
16:45:16.0264 4588 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:45:16.0318 4588 usbcir - ok
16:45:16.0361 4588 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:45:16.0388 4588 usbehci - ok
16:45:16.0423 4588 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:45:16.0453 4588 usbhub - ok
16:45:16.0465 4588 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:45:16.0491 4588 usbohci - ok
16:45:16.0511 4588 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:45:16.0565 4588 usbprint - ok
16:45:16.0590 4588 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:45:16.0618 4588 USBSTOR - ok
16:45:16.0634 4588 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:45:16.0661 4588 usbuhci - ok
16:45:16.0680 4588 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
16:45:16.0708 4588 UxSms - ok
16:45:16.0738 4588 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
16:45:16.0774 4588 vds - ok
16:45:16.0808 4588 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:45:16.0843 4588 vga - ok
16:45:16.0857 4588 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:45:16.0892 4588 VgaSave - ok
16:45:16.0910 4588 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
16:45:16.0919 4588 viaide - ok
16:45:16.0935 4588 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:45:16.0947 4588 volmgr - ok
16:45:16.0964 4588 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:45:16.0984 4588 volmgrx - ok
16:45:17.0042 4588 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:45:17.0057 4588 volsnap - ok
16:45:17.0073 4588 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:45:17.0084 4588 vsmraid - ok
16:45:17.0151 4588 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
16:45:17.0271 4588 VSS - ok
16:45:17.0338 4588 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
16:45:17.0373 4588 W32Time - ok
16:45:17.0389 4588 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:45:17.0443 4588 WacomPen - ok
16:45:17.0456 4588 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:45:17.0483 4588 Wanarp - ok
16:45:17.0488 4588 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:45:17.0514 4588 Wanarpv6 - ok
16:45:17.0533 4588 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:45:17.0560 4588 wcncsvc - ok
16:45:17.0593 4588 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:45:17.0620 4588 WcsPlugInService - ok
16:45:17.0647 4588 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
16:45:17.0658 4588 Wd - ok
16:45:17.0688 4588 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:45:17.0721 4588 Wdf01000 - ok
16:45:17.0743 4588 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:45:17.0780 4588 WdiServiceHost - ok
16:45:17.0785 4588 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:45:17.0821 4588 WdiSystemHost - ok
16:45:17.0837 4588 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
16:45:17.0856 4588 WebClient - ok
16:45:17.0891 4588 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:45:17.0919 4588 Wecsvc - ok
16:45:17.0942 4588 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:45:17.0970 4588 wercplsupport - ok
16:45:17.0989 4588 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
16:45:18.0018 4588 WerSvc - ok
16:45:18.0039 4588 WinDefend - ok
16:45:18.0049 4588 WinHttpAutoProxySvc - ok
16:45:18.0091 4588 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:45:18.0120 4588 Winmgmt - ok
16:45:18.0188 4588 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
16:45:18.0264 4588 WinRM - ok
16:45:18.0326 4588 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:45:18.0368 4588 Wlansvc - ok
16:45:18.0390 4588 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:45:18.0416 4588 WmiAcpi - ok
16:45:18.0434 4588 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:45:18.0463 4588 wmiApSrv - ok
16:45:18.0476 4588 WMPNetworkSvc - ok
16:45:18.0487 4588 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:45:18.0515 4588 WPCSvc - ok
16:45:18.0540 4588 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:45:18.0565 4588 WPDBusEnum - ok
16:45:18.0592 4588 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:45:18.0616 4588 WpdUsb - ok
16:45:18.0742 4588 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:45:18.0774 4588 WPFFontCache_v0400 - ok
16:45:18.0808 4588 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:45:18.0839 4588 ws2ifsl - ok
16:45:18.0853 4588 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
16:45:18.0869 4588 wscsvc - ok
16:45:18.0873 4588 WSearch - ok
16:45:18.0943 4588 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:45:19.0042 4588 wuauserv - ok
16:45:19.0086 4588 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:45:19.0122 4588 WUDFRd - ok
16:45:19.0134 4588 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:45:19.0172 4588 wudfsvc - ok
16:45:19.0199 4588 ZTEusbmdm6k - ok
16:45:19.0207 4588 ZTEusbnmea - ok
16:45:19.0214 4588 ZTEusbser6k - ok
16:45:19.0219 4588 ================ Scan global ===============================
16:45:19.0247 4588 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
16:45:19.0277 4588 [ E5E5E593D4850B0AA24CF58B552147F3 ] C:\Windows\system32\winsrv.dll
16:45:19.0291 4588 [ E5E5E593D4850B0AA24CF58B552147F3 ] C:\Windows\system32\winsrv.dll
16:45:19.0326 4588 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
16:45:19.0331 4588 [Global] - ok
16:45:19.0332 4588 ================ Scan MBR ==================================
16:45:19.0356 4588 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:45:19.0476 4588 \Device\Harddisk0\DR0 - ok
16:45:19.0477 4588 ================ Scan VBR ==================================
16:45:19.0480 4588 [ A5DD2CE361F123247B19CCA1A2278F18 ] \Device\Harddisk0\DR0\Partition1
16:45:19.0481 4588 \Device\Harddisk0\DR0\Partition1 - ok
16:45:19.0496 4588 [ 0D20E2B48EC0234362B04F27802E17D4 ] \Device\Harddisk0\DR0\Partition2
16:45:19.0498 4588 \Device\Harddisk0\DR0\Partition2 - ok
16:45:19.0498 4588 ============================================================
16:45:19.0498 4588 Scan finished
16:45:19.0498 4588 ============================================================
16:45:19.0513 4772 Detected object count: 0
16:45:19.0513 4772 Actual detected object count: 0
|
|
31.01.2013, 16:50
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Babylon Search Suchmaschine / PC lahmt / Malware? Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2013, 17:49
| #10 |
| | Babylon Search Suchmaschine / PC lahmt / Malware? alles erledigt. Ich Poste nachfolgend die beiden Logs ( einmal nach dem ersten Scan und nach dem zweiten ). mbar-log1 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.01.18.09
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Herzchen :: BASISLAGER [administrator]
31.01.2013 17:15:27
mbar-log-2013-01-31 (17-15-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 11030
Time elapsed: 10 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
c:\Users\Herzchen\Downloads\video_downloader (1).exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Herzchen\Downloads\video_downloader (2).exe (PUP.BundleInstaller.VG) -> Delete on reboot.
c:\Users\Herzchen\Downloads\video_downloader.exe (PUP.BundleInstaller.VG) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.01.31.08
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 7.0.6002.18005
Herzchen :: BASISLAGER [administrator]
31.01.2013 17:42:47
mbar-log-2013-01-31 (17-42-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 11038
Time elapsed: 13 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
01.02.2013, 10:48
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Babylon Search Suchmaschine / PC lahmt / Malware? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2013, 19:37
| #12 |
| | Babylon Search Suchmaschine / PC lahmt / Malware? nachdem sich gestern abend die geschwindigkeit meines Rechners plötzlich wieder dem üblichen Speed anpasste... war ich schon erstaunt und dachte, das nun die Probleme bewältigt wurden. Leider nicht. Heute zieht sich plötzlich wieder alles wie Käse... Es dauert ewig, bis alles hochgefahren ist. Wenn ich via chrome ins netz gehen will, dauert es ewigkeiten, bis sich die Seiten aufbauen... bevor ich den rechner gestern runterfuhr, habe ich eine Seite besucht, die nur via internet explorer nutzbare inhalte anzeigt ( ein bekanntes videoportal mit streaming filmen ). ich nutze den IE sehr ungern, wollte aber eine HD Neuerscheinung sofort gnießen... der Task Manager zeigt eine CPU Auslastung von 25%... Auf einmal tauchten da Prozesse auf, die ich nicht kenne oder die nicht geöffnet sind ( 7 x Chrome, z.B. ). Die beendete ich auch alle. Dann fiel mir ein Prozess explorer.exe auf, der viel Leistung fraß. als ich auch diese beendete, war aufeinmal der Bildschirm leer. Bis auf mein wallpaper alles weg. Ordner, Taskleiste, alles weg. Ich habe den Rechner dann mittels Task Manager neu gestartet. trotzdem ist dieser Dienst explorer.exe noch aktiv. Das kann doch nur der IE sein oder? ach, ich hatte die letzte Antwort nicht gesehen. Ist ja eine neue Seite aufgegangen. Das werde ich jetzt versuchen. so... ADwCleaner: Code:
ATTFilter OTL Extras logfile created on: 01.02.2013 19:46:49 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Herzchen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,36% Memory free
8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 164,75 Gb Total Space | 18,18 Gb Free Space | 11,03% Space Free | Partition Type: NTFS
Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS
Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 87 5E 01 2E 2A FE CD 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0925116D-B0C7-4B20-A9C8-8670CDB77106}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{0EACFC2C-B60D-4753-A25F-2D2F026AD3D6}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0EDFBC48-3313-42FB-804C-1B7A336F447E}" = rport=445 | protocol=6 | dir=out | app=system |
"{137D3F6E-EC67-4EB0-90F1-964DD33AEC3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C264855-E63F-4AA4-B8DE-9227AB894E48}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1FC6DE7F-8182-4A6B-B343-1C5D5E084F32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DD6081A-7E53-46CA-983B-486901C1A99E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3FEE8A70-1584-4EB6-9668-25FD05CDEE31}" = rport=139 | protocol=6 | dir=out | app=system |
"{423A9AF7-36EB-43F8-9D14-6C42BFACE4BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{43B2BDB7-3C4A-4612-A2BF-4FE5F296058B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CA3F155-DA3F-42B2-BA3D-B8A693325C0A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50415946-626E-40BF-B32C-5D2DC26C7EDB}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{55E811BF-73CD-4B4A-9A5A-FAE2A2316ED7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C770C96-014F-435D-A247-D5A6F9D5E991}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C8B389C-0B46-4159-A922-00784D180E52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E62B7ED-CB93-4F41-8C9E-738B99479257}" = lport=10243 | protocol=6 | dir=in | app=system |
"{802DD5D0-EA30-421D-9C68-767F9658866F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{83D69F3B-E991-4B4A-897E-CE9DC873976E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84F41BBC-21AC-4717-ADD9-40C4D68BCA28}" = lport=139 | protocol=6 | dir=in | app=system |
"{8804F9EF-E67E-4CED-8E48-B25F1B709513}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EB8C011-EA6B-4FAE-9CCA-FA433224AF8E}" = rport=138 | protocol=17 | dir=out | app=system |
"{948429EB-B723-450A-A142-50FB7A341AD1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{98AE2A01-BE8D-4313-8381-EDD5FF5F0797}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4E00D8D-D527-4FCC-B499-B5E3D8842CA9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B5E20F9A-ED04-4E85-BDD4-8A8D76BA4576}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BB235248-AFDD-4567-986B-D3EAF5A285C1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C06A1926-4B61-4635-A1EA-CB2855A392BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{D7050CB2-3DD3-41D3-88B9-B8A145B6951E}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{DEE26011-C430-437D-87EE-C0D37E395E1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E030A802-7BED-4FE1-ACA8-FAB17DED6E7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6B7AB9A-2950-45AB-AF08-1C6390E9937C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E998853A-0E33-40DD-B709-EA061B9BD08B}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9FA3DEA-31B0-412B-AA69-61B3756A7DA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FC9A3D88-91A9-44A1-B119-2058E588CF7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033D10F6-4958-420C-A0B9-5479BB94DA27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{061A8114-B7D6-4678-8071-7E765BBFFF49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17CE8588-BCD3-42C6-BF3D-91A8423DB40E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1AFFBBC8-A0B8-4C83-9138-63BEEFE7D36E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{205D4B1D-F47B-4681-AAD2-B896DAD8FEC8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{22038800-5519-4E5A-B79A-095A370ED6E9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{2E315945-7481-43F0-9872-EB9994C5B1AE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{39B17692-4F2D-4DF5-A6F2-31FD3BAF8B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{3A4E7557-A1A7-4A7C-B2B7-E3782B6BAA92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C83B862-22D4-4187-BCC3-E5D483BB226C}" = protocol=6 | dir=out | app=system |
"{3FE5DD4B-C231-420A-BFD3-8E6C51F75670}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe |
"{471455FE-0C47-40C6-A6BA-36603615459E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{479296B4-F7A3-47C0-9AF5-B65F4D33D0C9}" = protocol=6 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{4E429141-2238-4EEC-90A5-16C03A46D24E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6E209E49-9083-4A10-AF30-E7C5A41B1A8E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C107856-E508-4A5E-963D-6B8ABC85605B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{819AFA8F-FB1A-436B-9506-CC8190DDB8ED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FABBD77-F958-4F58-A454-BCEFAE4BDA3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{93A1AB46-3B9F-4916-A45F-5735B28E23FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{96273C52-5658-4C57-88EB-90C3139BE5B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9759F2F8-A927-4E53-837A-088683EBB805}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{97EAF46D-98C3-4DC0-8151-D2D104E0F624}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98651290-AEF4-4620-B25D-BD749C1F8169}" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\gu.exe |
"{A1135F23-AD9F-4A63-A730-593EB3DA9EB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A1AF1DE9-2804-422D-A608-425641EB7DC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A60F5688-1149-4017-9AE8-4E93632EBD5F}" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{AA41F950-320F-466B-8FA8-AC3ED91F4F34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AABC3BB6-308F-425E-90A3-F6704B6C1289}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD35A598-7620-4048-B740-503261F8F19B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADCFD34E-6A85-41AB-9587-3B8B101E5C43}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B28CF1DC-6745-4B7F-B6C6-F8593A0DEB37}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B6E1B303-55C4-4F5B-BCA3-74BD4EE129AE}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C1134623-5C74-454F-AF80-456F682158E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CAF07322-8E40-41BA-BC1B-66769762E1D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB081CD7-44A3-47E1-9639-46D13C261343}" = protocol=17 | dir=in | app=d:\idevice manager\software4u.idevicemanager.exe |
"{EC3A5215-D5BF-416F-81D3-18F0E3FF64F4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{EDD9376A-02F1-4267-B243-9D8C79963C8F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F53AB695-A3CF-40ED-A827-C7E35BAB64AC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F627A7F7-FCBE-4A0A-BC14-98613FD33B4A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F8C74914-625E-4CC1-AA10-FD0B5C3AFA83}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9C7EFA6-2ED5-42BD-B4CD-768684E28971}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2AB4E444-EED8-478C-BBB0-4ADB356371AA}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"TCP Query User{821B9BCD-396B-4DFD-B986-3440A79F9012}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{9208993D-0038-45A2-A8A7-6C82F1CB9D0F}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"TCP Query User{C0FFD717-5898-49D8-BBA4-3403FCA4A36D}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"TCP Query User{C74C0A1E-EE4F-452A-96AB-002659DB2BE3}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{D36256E0-38E6-4A1A-A2EB-1A9A7ABC6CFD}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe |
"UDP Query User{0EB99A89-CBE7-4E91-9703-D82D0025C68B}D:\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{636AF192-5D84-40F7-9744-81114E5F2936}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"UDP Query User{728AFEEE-E6BB-46B5-A87F-49F8E486FFA4}C:\program files (x86)\corel\dvd9\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\dvd9\windvd.exe |
"UDP Query User{B93DE7AF-FACA-4E8D-94ED-7DEB3E7150E9}C:\program files (x86)\corel\windvd11\windvd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\windvd11\windvd.exe |
"UDP Query User{C8D6FE59-CB9D-4957-A1D8-74DD87DA1D97}D:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=d:\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |
"UDP Query User{D6145BAC-A789-4131-A27B-AF6BB39F8BD5}C:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\splinter cell pandora tomorrow\pandora.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"VLC media player" = VLC media player 2.1.0-git
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.eu" = PokerStars.eu
"PROHYBRIDR" = 2007 Microsoft Office system
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Videoload Manager" = Videoload Manager 2.0.2220
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1126968076-1765972169-4211579686-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2013 12:23:32 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 31.01.2013 09:49:44 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 31.01.2013 10:23:48 | Computer Name = Basislager | Source = ESENT | ID = 455
Description = Catalog Database (1140) Catalog Database: Fehler -1811 beim Öffnen
von Protokolldatei C:\Windows\system32\CatRoot2\edb00202.log.
Error - 31.01.2013 10:23:48 | Computer Name = Basislager | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =
Error - 31.01.2013 10:24:22 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 31.01.2013 12:23:31 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 31.01.2013 12:26:19 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2013 06:11:55 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2013 12:29:10 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2013 14:26:36 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2013 14:44:24 | Computer Name = Basislager | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 30.12.2012 06:27:07 | Computer Name = Basislager | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 171837
seconds with 420 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.02.2013 09:40:58 | Computer Name = Basislager | Source = nvstor64 | ID = 262149
Description = Ein Paritätsfehler wurde auf \Device\RaidPort0 gefunden.
Error - 01.02.2013 12:28:14 | Computer Name = Basislager | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 01.02.2013 12:29:49 | Computer Name = Basislager | Source = Service Control Manager | ID = 7038
Description =
Error - 01.02.2013 12:29:49 | Computer Name = Basislager | Source = Service Control Manager | ID = 7000
Description =
Error - 01.02.2013 14:25:34 | Computer Name = Basislager | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 01.02.2013 14:27:15 | Computer Name = Basislager | Source = Service Control Manager | ID = 7038
Description =
Error - 01.02.2013 14:27:15 | Computer Name = Basislager | Source = Service Control Manager | ID = 7000
Description =
Error - 01.02.2013 14:43:24 | Computer Name = Basislager | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 01.02.2013 14:45:00 | Computer Name = Basislager | Source = Service Control Manager | ID = 7038
Description =
Error - 01.02.2013 14:45:00 | Computer Name = Basislager | Source = Service Control Manager | ID = 7000
Description =
[ TuneUp Events ]
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 03.11.2012 04:54:17 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 08.11.2012 09:46:02 | Computer Name = Basislager | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Auch, wenn das was von "Babylon Suchmaschine gelöscht" steht in diesem Log, ist sie noch da. Das habe ich festgestellt, als ich nach erfolgtem Scan die Seite mit diesem Forum laden wollte um mir die nächsten Schritte anzusehen. Wieder kam die Seite mit der Suchmaschine in einem Tab vor der Reiterkarte mit der Chrome Google Startseite... OTL: Code:
ATTFilter OTL logfile created on: 01.02.2013 19:46:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Herzchen\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,36% Memory free 8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 164,75 Gb Total Space | 18,18 Gb Free Space | 11,03% Space Free | Partition Type: NTFS Drive D: | 1220,50 Gb Total Space | 1193,60 Gb Free Space | 97,80% Space Free | Partition Type: NTFS Computer Name: BASISLAGER | User Name: Herzchen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\Herzchen\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) PRC - D:\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (AMD Technologies Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE463 IE - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) [2012.12.02 17:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/?q={searchTerms}&affID=114350&tt=4812_3&babsrc=SP_ss&mntrId=f093fd0d000000000000002421dec62d CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?affID=114350&tt=4812_3&babsrc=HP_ss&mntrId=f093fd0d000000000000002421dec62d CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Herzchen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found. O3 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Herzchen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: corel.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: corel.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1126968076-1765972169-4211579686-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EE8DB3E-B5B8-4A74-8C1B-93E4F9AF9230}: NameServer = 192.168.0.1,8.8.8.8 O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261123~1.78\{c16c1~1\mngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Herzchen\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.21 14:00:11 | 000,000,000 | ---D | M] - D:\Autoplay -- [ NTFS ] O32 - AutoRun File - [2010.04.02 13:03:16 | 003,048,072 | ---- | M] () - D:\autorun.exe -- [ NTFS ] O32 - AutoRun File - [2010.03.29 17:24:43 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.01 00:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\mpDRM [2013.02.01 00:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\mpDRM [2013.02.01 00:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\fluxDVD [2013.02.01 00:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\fluxDVD [2013.02.01 00:19:49 | 000,000,000 | ---D | C] -- C:\Users\Herzchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videoload Manager [2013.02.01 00:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoload Manager [2013.02.01 00:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Videoload Manager [2013.01.31 17:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.31 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\Herzchen\Desktop\mbar-1.01.0.1017 [2013.01.31 16:33:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Herzchen\Desktop\tdsskiller.exe [2013.01.31 16:18:40 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Herzchen\Desktop\aswMBR.exe [2013.01.30 17:25:56 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.01.30 17:25:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.01.30 17:25:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013.01.30 17:25:47 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.01.30 17:25:47 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.01.30 17:25:47 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.01.30 17:25:47 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.01.30 17:25:47 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.01.30 17:25:47 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2013.01.30 17:25:42 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.01.30 17:25:42 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.01.30 17:25:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.01.30 17:25:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.01.29 22:53:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.01.29 21:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.29 21:46:55 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.29 21:46:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.29 21:46:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.29 21:46:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.29 21:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.29 18:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.01.29 18:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2013.01.29 15:02:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2013.01.29 15:02:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2013.01.29 14:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.01 19:49:02 | 001,684,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.01 19:49:02 | 000,718,376 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.01 19:49:02 | 000,671,466 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.01 19:49:02 | 000,164,672 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.01 19:49:02 | 000,134,744 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.01 19:42:59 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.01 19:42:49 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.01 19:42:48 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.01 19:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.01 19:41:32 | 000,000,628 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.02.01 19:40:13 | 000,580,235 | ---- | M] () -- C:\Users\Herzchen\Desktop\adwcleaner.exe [2013.02.01 19:05:30 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.31 17:02:51 | 013,562,257 | ---- | M] () -- C:\Users\Herzchen\Desktop\mbar-1.01.0.1017.zip [2013.01.31 16:43:42 | 000,000,512 | ---- | M] () -- C:\Users\Herzchen\Documents\MBR.dat [2013.01.31 16:33:17 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Herzchen\Desktop\tdsskiller.exe [2013.01.31 16:19:49 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Herzchen\Desktop\aswMBR.exe [2013.01.30 17:36:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.30 17:36:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.29 21:45:59 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.29 21:45:56 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.29 21:45:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.29 21:45:55 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.29 21:45:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.29 18:33:56 | 000,001,567 | ---- | M] () -- C:\Users\Herzchen\Documents\gmer.7z [2013.01.29 16:14:22 | 000,000,000 | ---- | M] () -- C:\Users\Herzchen\defogger_reenable [2013.01.29 15:07:56 | 001,571,838 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.29 15:06:29 | 002,988,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.29 14:39:42 | 002,128,937 | ---- | M] () -- C:\Users\Herzchen\Desktop\Foto 2.JPG [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.01 19:41:24 | 000,000,628 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.02.01 19:40:42 | 000,580,235 | ---- | C] () -- C:\Users\Herzchen\Desktop\adwcleaner.exe [2013.01.31 17:02:59 | 013,562,257 | ---- | C] () -- C:\Users\Herzchen\Desktop\mbar-1.01.0.1017.zip [2013.01.31 16:31:38 | 000,000,512 | ---- | C] () -- C:\Users\Herzchen\Documents\MBR.dat [2013.01.29 18:33:56 | 000,001,567 | ---- | C] () -- C:\Users\Herzchen\Documents\gmer.7z [2013.01.29 16:14:22 | 000,000,000 | ---- | C] () -- C:\Users\Herzchen\defogger_reenable [2012.10.26 19:20:36 | 001,571,838 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.03 23:41:55 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.09.03 23:41:55 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2012.08.29 15:34:36 | 000,000,995 | ---- | C] () -- C:\Windows\eReg.dat [2012.08.29 15:00:38 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.18 20:48:39 | 000,005,120 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.31 15:25:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011.12.24 15:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011.12.24 15:45:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011.12.24 15:45:24 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011.12.19 15:04:08 | 000,000,732 | ---- | C] () -- C:\Users\Herzchen\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2011.01.21 17:50:13 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
02.02.2013, 15:32
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Babylon Search Suchmaschine / PC lahmt / Malware?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2013, 21:14
| #14 |
| | Babylon Search Suchmaschine / PC lahmt / Malware? Videoload. Downloaden mit der momentanen Hackelei auf meinem Rechner dauert Ewigkeiten. Also muss ich streamen und das geht nicht mit Google Chrome, daher hab ich den IE genutzt. Vielleicht sollte ich mir für die Zukunft als Ersatzbrowser den Firefox besorgen, denn damit gehts auch... |
|
03.02.2013, 01:48
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Babylon Search Suchmaschine / PC lahmt / Malware? Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen. So kann man sehen ob sich da ein Hardwareproblem abzeichnet oder der Fehler eher in der Konfig in Windows und/oder im Dateisystem ist. Lad dir mal sowas wie Knoppix oder Xubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon. Teste dann mal ausgiebig die Internetverbindung unter Linux und berichte ob die Verbindung und das System dort normal schnell oder auch langsam ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Babylon Search Suchmaschine / PC lahmt / Malware? |
| anwendungen, babylon search, explorer, google, installation, internet, internet explorer, lahm, lahmt, malware, office, probleme, programme, rechner, seite, sicherheit, software, startseite, suchmaschine, surfen, systemauslastung, tab, trojaner, verbindung, viren |
Linear-Darstellung
