|
Plagegeister aller Art und deren Bekämpfung: GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2013, 19:03 | #1 |
| GVU-Trojaner Hallo, das thema kann zwar jetzt schon einige male auf, aber ich habe auch eine frage. und zwar hatte ich auch diesen gvu-trojaner, konnte aber im abgesicherten modus die datei entfernen. ich habe es nach dieser anleitung versucht: hxxp://www.bundespolizei-virus.de/gvu-trojaner.php#virus-entfernen-per-cd unter: "So entfernen Sie den GVU Trojaner manuell (Computererfahrene Benutzer)" Ich bin allerdings nicht sehr erfahren jetzt funktioniert der pc wieder ganz normal, und mein antiviren-programm "microsoft security essentials" kann keinen virus oder trojaner mehr finden. meine frage ist jetzt, ob es das war, oder ob ich doch irgendwas machen muss? vielen dank für die hilfe |
05.02.2013, 19:38 | #2 |
/// Malware-holic | GVU-Trojaner hi
__________________was genau hattest du gemacht, sag nicht, systemwiederherstellung, ich kann allen nur raten, Finger weg von der SWH bei Schadsoftware. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
05.02.2013, 20:11 | #3 |
| GVU-Trojaner also ich habe im abgesicherten modus unter alle programme und dann im autostart-ordner rechtsklick auf diese trojaner-datei gemacht, und dann standen da unter eigenschaften die ziele bzw. pfade...die habe ich dann auf dem pc gesucht und einfach gelöscht. ich hoffe das war jetzt verständlich...leider weiß ich nicht mehr wie das genau hieß...tut mir leid...
__________________habe ich das richtig verstanden, dass ich den text der im dunkelgelben feld steht, in dieses OTL-programm kopieren soll und dann quickscan klicken? so lasse ich das zumindest gerade laufen, ich hoffe das ist richtig |
05.02.2013, 20:12 | #4 |
/// Malware-holic | GVU-Trojaner hi man löscht nicht einfach wild drauf los. ja genau, text in das otl eingabefeld reinkopieren und scannen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.02.2013, 20:27 | #5 |
| GVU-Trojaner ich bin eben der anleitung auf: "hxxp://www.bundespolizei-virus.de/gvu-trojaner.php" gefolgt, und war mir dann nicht sicher, ob das einfache löschen schon alles war...deswegen habe ich hier nochmal nachgefragt... also die OTL.Txt datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.02.2013 20:05:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicole\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,11% Memory free 7,99 Gb Paging File | 6,27 Gb Available in Paging File | 78,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,66 Gb Total Space | 108,28 Gb Free Space | 23,87% Space Free | Partition Type: NTFS Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nicole\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Windows\PLFSetI.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\PLFSetI.exe () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (AFS) -- C:\Windows\SysWow64\drivers\AFS.SYS (Oak Technology Inc.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE369 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.23 12:34:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 10:20:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.05.12 17:31:19 | 000,000,000 | ---D | M] [2010.04.30 06:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions [2012.12.11 19:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\2cqhvrqa.default\extensions [2012.11.29 22:12:26 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\2cqhvrqa.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.07.25 18:56:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\2cqhvrqa.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.07 20:20:11 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\2cqhvrqa.default\extensions\2020Player@2020Technologies.com [2012.12.11 19:58:17 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\2cqhvrqa.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.31 17:26:49 | 000,000,950 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\2cqhvrqa.default\searchplugins\icqplugin.xml [2012.09.15 17:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.15 17:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.04.23 12:34:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.23 12:34:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.23 12:34:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.23 12:34:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.23 12:34:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.23 12:34:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.23 12:34:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Nicole\Installationen\icq\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Nicole\Installationen\icq\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{173DC93C-7476-469B-91B4-B8737CCA3430}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C711D10-906A-42BE-8207-D60D5B90E962}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\06xT5qL.bat) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nobuactivation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nobuactivation.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 19:57:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe [2009.11.03 05:04:33 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.05 19:57:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe [2013.02.05 19:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.05 17:57:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 17:57:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 17:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 17:48:56 | 3219,632,128 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 07:47:36 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.04 07:47:36 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.04 07:47:36 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.04 07:47:36 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.04 07:47:36 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.31 17:44:04 | 000,061,038 | ---- | M] () -- C:\Users\Nicole\Desktop\a-102Merkblatt-Stand-Juli2012Tabelle.pdf [2013.01.31 17:38:09 | 000,029,289 | ---- | M] () -- C:\Users\Nicole\Desktop\a-100-Stand-Febr2010.pdf [2013.01.13 17:18:23 | 000,411,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.11 17:27:05 | 416,263,331 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.31 17:44:04 | 000,061,038 | ---- | C] () -- C:\Users\Nicole\Desktop\a-102Merkblatt-Stand-Juli2012Tabelle.pdf [2013.01.31 17:38:09 | 000,029,289 | ---- | C] () -- C:\Users\Nicole\Desktop\a-100-Stand-Febr2010.pdf [2012.12.14 19:38:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll [2012.02.19 20:46:08 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.07.24 19:06:45 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{32DE407C-34A6-4E12-BF38-0B6D4ACE754B} [2011.06.27 19:03:26 | 001,541,588 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.18 07:44:04 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{00E83E88-0F85-4890-8D48-9F259E2B6E16} [2011.06.10 05:29:21 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{C39FCCF9-A8EE-4BB4-9045-CAD9AC79B73F} [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.11 09:21:38 | 000,013,734 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\UserTile.png [2010.07.08 15:09:42 | 000,044,746 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\mdbu.bin [2010.05.10 10:02:20 | 000,000,235 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\devices.xml [2010.05.10 10:02:20 | 000,000,012 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\settings.xml [2010.03.05 09:48:23 | 000,003,984 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2012.07.28 20:35:07 | 000,002,048 | -HS- | M] () -- C:\Users\Nicole\AppData\Local\{fbae6aa5-152a-6a69-2dfa-4d5041a59632}\@ [2011.11.17 08:14:10 | 000,000,000 | -HSD | M] -- C:\Users\Nicole\AppData\Local\{fbae6aa5-152a-6a69-2dfa-4d5041a59632}\L [2011.11.17 08:14:10 | 000,000,000 | -HSD | M] -- C:\Users\Nicole\AppData\Local\{fbae6aa5-152a-6a69-2dfa-4d5041a59632}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.03.21 15:23:53 | 000,000,000 | -HSD | M] -- C:\Users\Nicole\AppData\Roaming\.# [2011.08.04 10:59:37 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Amazon [2012.06.29 14:20:42 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Aquamarin Haushaltsbuch [2010.10.11 12:21:33 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Chirurgie Simulation [2010.11.30 20:53:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\diginet [2010.10.31 15:01:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft [2010.10.31 15:01:35 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.21 15:23:30 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\GameConsole [2011.08.06 20:32:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\GARMIN [2012.12.14 05:58:13 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\HTC [2013.01.30 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\ICQ [2012.02.21 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MoveFab [2012.07.06 19:46:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\OpenOffice.org [2011.12.28 16:14:39 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Origin [2010.12.25 13:58:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PC Suite [2010.03.24 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PlayFirst [2010.12.25 14:08:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Samsung [2011.04.02 15:28:05 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SPORE [2012.02.05 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Template [2012.09.15 17:57:56 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software [2011.07.13 10:18:37 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\UDC Profiles [2010.03.01 19:51:29 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\ViquaSoft [2010.03.24 11:36:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Win7codecs ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.15 18:03:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.12.26 04:59:42 | 000,000,000 | ---D | M] -- C:\book [2012.11.16 11:53:32 | 000,000,000 | ---D | M] -- C:\c0aa4a85339e6ef043 [2012.11.16 09:52:32 | 000,000,000 | ---D | M] -- C:\c6de680d0c598221ab69d5dfe54361 [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.03.01 15:47:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.03.22 09:42:56 | 000,000,000 | -HSD | M] -- C:\found.000 [2013.02.05 19:19:55 | 000,000,000 | ---D | M] -- C:\Installationen [2009.11.03 04:53:20 | 000,000,000 | ---D | M] -- C:\Intel [2009.11.03 05:11:39 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.05.09 20:32:09 | 000,000,000 | -H-D | M] -- C:\MyWinLockerData [2013.01.20 22:16:15 | 000,000,000 | ---D | M] -- C:\Nicole [2011.08.11 20:06:18 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.07.31 17:42:26 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.14 05:55:33 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.05 17:28:17 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.03.01 15:47:42 | 000,000,000 | -HSD | M] -- C:\Programme [2010.03.01 15:47:42 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.05 20:07:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.14 05:46:26 | 000,000,000 | ---D | M] -- C:\Temp [2010.03.01 15:47:47 | 000,000,000 | R--D | M] -- C:\Users [2013.01.11 17:27:05 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.07.14 02:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.04.01 09:59:04 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.04.01 09:59:07 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.25 15:06:12 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.10.13 20:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2013.02.05 20:19:19 | 003,932,160 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat [2013.02.05 20:19:19 | 000,262,144 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat.LOG1 [2010.03.01 15:47:47 | 000,000,000 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat.LOG2 [2010.03.01 16:24:16 | 000,065,536 | -HS- | M] () -- C:\Users\Nicole\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.03.01 16:24:16 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.03.01 16:24:16 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.01.30 06:26:36 | 000,065,536 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{08e412d9-4b02-11e1-96ee-705ab60bdb17}.TM.blf [2012.01.30 06:26:36 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{08e412d9-4b02-11e1-96ee-705ab60bdb17}.TMContainer00000000000000000001.regtrans-ms [2012.01.30 06:26:36 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{08e412d9-4b02-11e1-96ee-705ab60bdb17}.TMContainer00000000000000000002.regtrans-ms [2011.12.01 03:14:50 | 000,065,536 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{3a33ecd8-1b95-11e1-9405-705ab60bdb17}.TM.blf [2011.12.01 03:14:50 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{3a33ecd8-1b95-11e1-9405-705ab60bdb17}.TMContainer00000000000000000001.regtrans-ms [2011.12.01 03:14:50 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{3a33ecd8-1b95-11e1-9405-705ab60bdb17}.TMContainer00000000000000000002.regtrans-ms [2010.03.02 18:49:36 | 000,065,536 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{5d281a94-2618-11df-8f69-705ab60bdb17}.TM.blf [2010.03.02 18:49:36 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{5d281a94-2618-11df-8f69-705ab60bdb17}.TMContainer00000000000000000001.regtrans-ms [2010.03.02 18:49:36 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{5d281a94-2618-11df-8f69-705ab60bdb17}.TMContainer00000000000000000002.regtrans-ms [2010.03.30 18:52:07 | 000,065,536 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{d3b41235-3c1d-11df-886d-705ab60bdb17}.TM.blf [2010.03.30 18:52:07 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{d3b41235-3c1d-11df-886d-705ab60bdb17}.TMContainer00000000000000000001.regtrans-ms [2010.03.30 18:52:07 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{d3b41235-3c1d-11df-886d-705ab60bdb17}.TMContainer00000000000000000002.regtrans-ms [2012.07.29 20:25:32 | 000,065,536 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{f2a4d767-d95e-11e1-8d90-705ab60bdb17}.TM.blf [2012.07.29 20:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{f2a4d767-d95e-11e1-8d90-705ab60bdb17}.TMContainer00000000000000000001.regtrans-ms [2012.07.29 20:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\Nicole\ntuser.dat{f2a4d767-d95e-11e1-8d90-705ab60bdb17}.TMContainer00000000000000000002.regtrans-ms [2010.03.01 15:47:48 | 000,000,020 | -HS- | M] () -- C:\Users\Nicole\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:E3C56885 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > und die Extras.Txt DateiOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 20:05:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nicole\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,11% Memory free 7,99 Gb Paging File | 6,27 Gb Available in Paging File | 78,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,66 Gb Total Space | 108,28 Gb Free Space | 23,87% Space Free | Partition Type: NTFS Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0674AEA8-B4A6-48A1-8BC0-44E57095F14A}" = lport=139 | protocol=6 | dir=in | app=system | "{0C49901E-9F9D-4C75-8004-D422A9923821}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{142C44F8-38D4-4714-A466-17578926F61F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{188459CE-AD14-4969-832C-6419F4C272DF}" = rport=139 | protocol=6 | dir=out | app=system | "{1A30C510-C2DD-4AC9-9E7D-15BDDC20C79B}" = lport=2869 | protocol=6 | dir=in | app=system | "{271D1128-8B1D-467D-9A78-43F212AC461B}" = lport=445 | protocol=6 | dir=in | app=system | "{3B05545A-C9E7-4100-A03E-87E53659EF0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{43875F7B-B324-40DC-B8FB-C70314142833}" = lport=137 | protocol=17 | dir=in | app=system | "{43A3FB68-C361-4946-8272-AA2B8C699E27}" = lport=10243 | protocol=6 | dir=in | app=system | "{4589E933-4CD4-45D6-89BE-F77530E4DE9D}" = rport=138 | protocol=17 | dir=out | app=system | "{6A2B68B8-B2E2-40B4-8365-126B0FDC89E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6C01B80E-2380-4AF0-8F3C-6AAF780F5D6D}" = rport=445 | protocol=6 | dir=out | app=system | "{7B83128B-6C10-494B-8F06-C844352AB39C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7B894039-623E-46C3-9596-3AAC919C2190}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{82F39DC5-7388-453D-B8AE-6F17748C63B9}" = lport=138 | protocol=17 | dir=in | app=system | "{883A57AA-DE4A-4F27-BFF0-402AD4B85695}" = rport=137 | protocol=17 | dir=out | app=system | "{8B6E029B-E63A-4E41-9C07-2859467CFB0F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{98DC3F10-BEAA-4D1E-BF73-012C46EE1C81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9951DE84-13F6-467C-BB27-F4B5663DC212}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B001F852-1BF4-4AF7-9D4E-33F075603CDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4A900C2-36A3-4AD8-B0AE-61D72EE7305B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C495B10A-9C39-4843-B4EE-969C953AED54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DA14FE1E-3D02-4AA6-BB5A-968D3E77DA65}" = rport=10243 | protocol=6 | dir=out | app=system | "{F382FA97-7630-4A1E-A1CD-401DCCC498AD}" = lport=2869 | protocol=6 | dir=in | app=system | "{FA04A138-BF26-4C98-8BE3-FC698467940C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01BEFDF8-6FF8-461A-90BB-7D6169E66570}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{0433BD19-2853-4205-A965-165F63FE8795}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{074ABCE5-9B01-4EFF-8F59-D70E42925902}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | "{128EA44F-F8F9-48A3-8876-036EA4D5CC58}" = protocol=17 | dir=in | app=c:\nicole\installationen\icq\icq7.2\icq.exe | "{1AF4B824-62BA-44D3-9D8D-D24F8592EB88}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1C3C58E9-603A-449F-ADC1-533D68B02F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{1F6E1510-4937-4385-B28A-0F229C813BC2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{22D881F1-C33B-42C5-A73E-B732542C2471}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3CB7B45B-D384-4069-8DDE-62E7D80F9405}" = protocol=6 | dir=in | app=c:\nicole\installationen\icq\icq7.2\icq.exe | "{3F2F853A-A62E-43BE-95DD-58944EC97EC8}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{460E8C28-F194-4CA4-B7E4-FEDB6E309FBE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | "{4750B48F-EE47-4450-A76B-50CD889BF748}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4BF9C7FA-CFE0-4A01-AC3C-20AD94F0D3AD}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{51A614C9-B037-4EE7-BFD4-6BBC6FE4074F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{526C88BE-321F-424A-BD15-7F2AF3B42FAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{54F90FE1-7844-4D5D-8A1D-83A32A510B38}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{5594254A-386A-44AC-8C33-E43B8AE362A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5A3DCF18-F86F-4B6D-8FBD-88B72A85D5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{61C71A02-C1BE-472E-BAFA-96DA74176C7E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{642D636B-B4A4-41AF-B86F-868EDCD8538D}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{6670D6D7-8CA0-4F4D-B33B-374AF8EBD484}" = protocol=17 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\math.exe | "{679FE6AA-00CB-418C-BA77-BC7471C3C790}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{68BF666E-9AA0-4721-8CCF-4CE13038448D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{68E4CB9B-FDCB-41F6-AA16-B85CAD825EAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6D49F0B6-29A7-4C6A-9821-0FBA5978060D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6F45C88D-81F6-4E3B-8CD7-AB9538CE0BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\wolframcdfplayer.exe | "{766FB8FE-BCE7-4DDC-ADB8-E1CD83402B89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7EB9986C-3760-4010-B734-21C0330C8B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | "{7F436C16-113E-4686-B468-23D6435DAE73}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | "{7F9BB082-FCB6-4114-BB1A-67D9192ED756}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{81803160-37B2-4F50-9F6D-DCB1C18FE6AE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{818B15FA-73D1-43C7-829C-BED2779D61B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{86C82883-427B-4822-893A-B24CA780622F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8DDDC9FE-E967-450C-9399-E9DA21151A4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96A2791F-2E65-453C-A304-B28645EAA0FC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9C477937-7D43-45A5-A64D-BD2B1C684676}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9EC8CA49-2416-44E9-AC95-0FE442D1DC17}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A5CE33FB-D425-4C54-864C-7D919B48CAD4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A605E576-003C-480A-A491-9839167F57B3}" = protocol=6 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\wolframcdfplayer.exe | "{A83632B5-9A7F-4511-A8F0-4173F015A660}" = protocol=6 | dir=in | app=c:\nicole\installationen\icq\icq7.2\aolload.exe | "{A8BCB59B-12EF-4EF5-B5AB-B7A93BDF8DEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A94E4326-4585-44AE-B250-7498888A291C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A95C4EAA-8CE5-4B9A-82B4-89E1B840AA7E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AA6A886C-8BBE-47F3-9F12-A3F1FB366E63}" = protocol=17 | dir=in | app=c:\nicole\installationen\icq\icq7.2\icq.exe | "{AB4CDCE0-ECE8-430F-A72C-778B45C6D2A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B610ED1E-84BF-4129-8777-69CF21FA5295}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{BB221FA9-7C03-4F0E-99FC-3D59FE5280F8}" = protocol=6 | dir=in | app=c:\nicole\installationen\icq\icq7.2\aolload.exe | "{BF9B2140-8545-42B1-991E-584B47BACCDA}" = protocol=6 | dir=in | app=c:\nicole\installationen\icq\icq7.2\icq.exe | "{CD7521A0-BAE5-4F98-887D-B55028C4F32F}" = protocol=6 | dir=out | app=system | "{D1C1A6CA-7BFB-44A0-9520-F08C383A4B3B}" = protocol=6 | dir=in | app=c:\nicole\installationen\icq\icq7.2\aolload.exe | "{D67A24F6-1783-4014-A0F8-A669AA34FEE2}" = protocol=6 | dir=in | app=c:\program files (x86)\wolfram research\wolfram cdf player\8.0\math.exe | "{D77F4E07-4CCC-4472-AB50-51D04F473DC6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DB4E71B5-8234-4A67-A5CC-FBFB47146B10}" = protocol=6 | dir=in | app=c:\nicole\installationen\icq\icq7.2\icq.exe | "{DC28ED50-C641-4F30-AE3A-966321AF5240}" = protocol=17 | dir=in | app=c:\nicole\installationen\icq\icq7.2\aolload.exe | "{DC7967F4-A080-428A-9352-91C86A5B328C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DDC043F9-95DB-4124-8D64-48A6C2BDEFC4}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{E213685E-D5D9-4E50-B2C3-181EDD52C2D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E59F6C6C-C3AC-49A2-8762-6676F14A6945}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{E7139767-0B01-408A-AD4A-E78D0F688DA2}" = protocol=17 | dir=in | app=c:\nicole\installationen\icq\icq7.2\aolload.exe | "{F6203F68-981B-4A29-8D7D-BB8474C21EB1}" = protocol=17 | dir=in | app=c:\nicole\installationen\icq\icq7.2\icq.exe | "{F8F1AFF9-C886-40DF-AAEE-B5BD2979E6CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FB638EDE-996C-4C34-9FE7-D49CAF0ED84F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FBA519EB-8DA2-4C6A-AF77-7250992EB513}" = protocol=17 | dir=in | app=c:\nicole\installationen\icq\icq7.2\aolload.exe | "{FF69C53C-0EA8-4787-9457-4A49DFF3FE0C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "TCP Query User{14847295-044B-4466-AC0C-5127A5FACA77}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | "TCP Query User{211BD4D5-7EF1-467F-AA66-9CE37ED6927B}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{5E52D780-8728-4B68-8828-7EB820FC1684}C:\nicole\spiele\anno1701\anno1701.exe" = protocol=6 | dir=in | app=c:\nicole\spiele\anno1701\anno1701.exe | "TCP Query User{74FD1532-CC8D-4418-9ED3-2A17332FE317}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{81FFD9C4-F559-4301-8F9C-07CE523B2535}C:\nicole\spiele\anno1701\anno1701.exe" = protocol=6 | dir=in | app=c:\nicole\spiele\anno1701\anno1701.exe | "UDP Query User{590F2B66-E466-4B84-9C9C-4815BEEF13DC}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | "UDP Query User{6763A893-772D-4E5B-9F37-6B03137122EB}C:\nicole\spiele\anno1701\anno1701.exe" = protocol=17 | dir=in | app=c:\nicole\spiele\anno1701\anno1701.exe | "UDP Query User{92DC2824-7984-4D95-9829-DC4D06C93BE3}C:\nicole\spiele\anno1701\anno1701.exe" = protocol=17 | dir=in | app=c:\nicole\spiele\anno1701\anno1701.exe | "UDP Query User{B66361EF-CAD3-414A-B742-212C9D6F49E1}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{BB66EA4D-F2CD-4815-8ACB-35DB955450C2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{3F82D964-902D-6022-EB00-55D93408A5D4}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{C7D0D68F-F94E-F87F-C6B2-6F5DF09E84F3}" = ATI AVIVO64 Codecs "{CF6EF6B0-129F-4CF2-D9F8-C3BDC60C9C01}" = ATI Catalyst Install Manager "{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412) "BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.00 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{042BA2F8-4377-300B-DEE8-D7EFF7978F80}" = CCC Help Hungarian "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{0ABC7271-8A78-EC86-5803-6CF73129C3B1}" = Catalyst Control Center Localization All "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{11751407-BCEF-E9A2-398B-6CCB837F4C35}" = CCC Help Norwegian "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{11DB0B8E-16FA-5230-7001-1CB6E31D1353}" = CCC Help Czech "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{195EECE9-39EE-C961-0D1A-353233A8E392}" = CCC Help Italian "{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A0C6BE1-83D9-EAA3-82BB-F4A99CF51555}" = Catalyst Control Center Core Implementation "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31F8B784-64AC-D91D-51E5-17BDF25B53FD}" = Catalyst Control Center Graphics Previews Vista "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{324F0B7C-B113-8DC3-645F-7EBD982F132E}" = Catalyst Control Center InstallProxy "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F154BFD-A522-9145-3D02-5F1EA74C931C}" = CCC Help Japanese "{3FD91634-FC60-65F1-4895-122D7E910486}" = CCC Help French "{400F0DE6-CFF9-69EE-BDE9-DCBE3CD3A453}" = CCC Help German "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{54DDF14D-6A3C-83A9-C67D-D5D737E743B1}" = CCC Help Turkish "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{599B5DB7-8D0F-8627-BFBE-B994C1EBD924}" = CCC Help English "{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{61358075-211A-0E83-26F1-8C1A3DB1074B}" = CCC Help Swedish "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{6E93F14C-625B-F3BF-45E7-C679E38E5B81}" = CCC Help Dutch "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78CEA452-7C5D-DC05-53EC-01AA2F77E611}" = ccc-core-static "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7F8E087F-3600-F776-54FF-1E769EF72E0E}" = CCC Help Thai "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{930DFC5B-87A9-7D71-1DA1-E806461F3A54}" = CCC Help Danish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™ "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4 "{9B6BFF70-751F-B1A3-6FCF-2C5446A79973}" = Catalyst Control Center Graphics Light "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc "{B458CFDA-7040-AA04-3C57-094BDF3F28AD}" = Catalyst Control Center Graphics Full Existing "{B7E01095-8BAA-456E-8AED-504C3CCADBA0}" = Nero 11 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BAB0627B-C4F4-2F91-62FE-EF8A5EE437ED}" = CCC Help Greek "{BD695A12-48A2-5594-9FB5-98B3FC44FA00}" = CCC Help Russian "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C068C515-5F7B-807E-E2B2-6F8660FC4D28}" = CCC Help Finnish "{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch "{C3BBA5F6-83A0-4B12-A70E-6F391D659BA2}_is1" = Chirurgie-Simulator Version 1.0 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C68D259B-9BF1-738F-D632-E874ED783EF3}" = CCC Help Korean "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E15AE125-45D7-B0BB-0C50-0E152EBEC59D}" = CCC Help Spanish "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude "{EA6D7A23-54B6-448B-3236-7690739CA8F8}" = CCC Help Polish "{EAC051FE-DA6B-4DE7-31BC-FF7C6CF8CD50}" = Catalyst Control Center Graphics Full New "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F6E7E425-319E-A332-7903-6D9B71C33E69}" = CCC Help Chinese Traditional "{F8A237AF-94FA-8D2A-C301-6FB0B4E8C0CF}" = CCC Help Portuguese "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA950C5C-19F4-BFF8-9F2F-566C83C70A17}" = CCC Help Chinese Standard "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter und der Halbblut-Prinz™ "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "DVDFab 8 Qt_is1" = DVDFab 8.1.3.6 (01/12/2011) Qt "Farm Frenzy 2" = Farm Frenzy 2 "Free Studio_is1" = Free Studio version 4.9.13 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "Indeo® software" = Indeo® software "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Lemmings Revolution" = Lemmings Revolution "LManager" = Launch Manager "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533) "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Origin" = Origin "Pixum ePrint" = Pixum ePrint 1.2 "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "Universal Document Converter_is1" = Universal Document Converter (Demo) "Waldmeister Sause_is1" = Waldmeister Sause "WinLems_is1" = WinLems 1.24 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DrKawashima" = Dr Kawashima ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.02.2013 01:43:34 | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 53446 Error - 02.02.2013 01:43:34 | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 53446 Error - 02.02.2013 17:46:11 | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 02.02.2013 17:46:12 | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9151829 Error - 02.02.2013 17:46:12 | Computer Name = Nicole-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9151829 Error - 02.02.2013 23:12:38 | Computer Name = Nicole-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.02.2013 21:36:18 | Computer Name = Nicole-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 04.02.2013 22:51:15 | Computer Name = Nicole-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 05.02.2013 04:51:13 | Computer Name = Nicole-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 05.02.2013 15:04:59 | Computer Name = Nicole-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 958 Startzeit: 01ce03d2a5fa1e69 Endzeit: 0 Anwendungspfad: C:\Users\Nicole\Desktop\OTL.exe Berichts-ID: [ Media Center Events ] Error - 29.07.2012 04:24:41 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 10:24:36 - Broadband.enc konnte nicht abgerufen werden (Fehler: BITS 0x80070424) Error - 22.09.2012 06:34:36 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 12:34:36 - Fehler beim Herstellen der Internetverbindung. 12:34:36 - Serververbindung konnte nicht hergestellt werden.. Error - 22.09.2012 06:34:51 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 12:34:42 - Fehler beim Herstellen der Internetverbindung. 12:34:42 - Serververbindung konnte nicht hergestellt werden.. Error - 22.09.2012 07:34:55 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 13:34:55 - Fehler beim Herstellen der Internetverbindung. 13:34:55 - Serververbindung konnte nicht hergestellt werden.. Error - 22.09.2012 07:35:01 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 13:35:00 - Fehler beim Herstellen der Internetverbindung. 13:35:00 - Serververbindung konnte nicht hergestellt werden.. Error - 22.09.2012 08:35:06 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 14:35:06 - Fehler beim Herstellen der Internetverbindung. 14:35:06 - Serververbindung konnte nicht hergestellt werden.. Error - 22.09.2012 08:35:12 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 14:35:11 - Fehler beim Herstellen der Internetverbindung. 14:35:11 - Serververbindung konnte nicht hergestellt werden.. Error - 22.09.2012 09:35:17 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 15:35:17 - Fehler beim Herstellen der Internetverbindung. 15:35:17 - Serververbindung konnte nicht hergestellt werden.. Error - 22.09.2012 09:35:23 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 15:35:22 - Fehler beim Herstellen der Internetverbindung. 15:35:22 - Serververbindung konnte nicht hergestellt werden.. Error - 08.10.2012 11:27:00 | Computer Name = Nicole-PC | Source = MCUpdate | ID = 0 Description = 17:26:55 - Fehler beim Herstellen der Internetverbindung. 17:26:55 - Serververbindung konnte nicht hergestellt werden.. [ OSession Events ] Error - 13.10.2011 14:15:04 | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 194 seconds with 0 seconds of active time. This session ended with a crash. Error - 09.01.2013 15:17:45 | Computer Name = Nicole-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15140 seconds with 8760 seconds of active time. This session ended with a crash. [ System Events ] Error - 05.02.2013 12:47:04 | Computer Name = Nicole-PC | Source = DCOM | ID = 10005 Description = Error - 05.02.2013 12:47:04 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:47:05 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:47:05 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:47:05 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:47:05 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:47:05 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:47:05 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:47:05 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 05.02.2013 12:49:30 | Computer Name = Nicole-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFS < End of report > |
05.02.2013, 20:42 | #6 |
/// Malware-holic | GVU-Trojaner otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found :files :Commands [emptytemp]
__________________ --> GVU-Trojaner |
05.02.2013, 20:55 | #7 |
| GVU-Trojaner All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Nicole ->Temp folder emptied: 511550 bytes ->Temporary Internet Files folder emptied: 279937497 bytes ->Java cache emptied: 17880504 bytes ->FireFox cache emptied: 169377578 bytes ->Flash cache emptied: 47408707 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1533519 bytes %systemroot%\System32 .tmp files removed: 5 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5363214 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045735 bytes RecycleBin emptied: 23830625197 bytes Total Files Cleaned = 23.259,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02052013_204403 Files\Folders moved on Reboot... C:\Users\Nicole\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Nicole\AppData\Local\Mozilla\Firefox\Profiles\2cqhvrqa.default\Cache\A\6E\F8152d01 not found! C:\Users\Nicole\AppData\Local\Mozilla\Firefox\Profiles\2cqhvrqa.default\urlclassifier3.sqlite moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
05.02.2013, 20:56 | #8 |
/// Malware-holic | GVU-Trojaner Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.02.2013, 21:01 | #9 |
| GVU-Trojaner 20:58:41.0633 3752 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:58:41.0823 3752 ============================================================ 20:58:41.0823 3752 Current date / time: 2013/02/05 20:58:41.0823 20:58:41.0823 3752 SystemInfo: 20:58:41.0823 3752 20:58:41.0823 3752 OS Version: 6.1.7600 ServicePack: 0.0 20:58:41.0823 3752 Product type: Workstation 20:58:41.0823 3752 ComputerName: NICOLE-PC 20:58:41.0823 3752 UserName: Nicole 20:58:41.0823 3752 Windows directory: C:\Windows 20:58:41.0823 3752 System windows directory: C:\Windows 20:58:41.0823 3752 Running under WOW64 20:58:41.0823 3752 Processor architecture: Intel x64 20:58:41.0823 3752 Number of processors: 2 20:58:41.0823 3752 Page size: 0x1000 20:58:41.0823 3752 Boot type: Normal boot 20:58:41.0823 3752 ============================================================ 20:58:43.0645 3752 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:58:43.0655 3752 ============================================================ 20:58:43.0655 3752 \Device\Harddisk0\DR0: 20:58:43.0655 3752 MBR partitions: 20:58:43.0655 3752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD 20:58:43.0655 3752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904 20:58:43.0655 3752 ============================================================ 20:58:43.0675 3752 C: <-> \Device\Harddisk0\DR0\Partition2 20:58:43.0675 3752 ============================================================ 20:58:43.0675 3752 Initialize success 20:58:43.0675 3752 ============================================================ 20:59:22.0638 4040 ============================================================ 20:59:22.0638 4040 Scan started 20:59:22.0638 4040 Mode: Manual; SigCheck; TDLFS; 20:59:22.0638 4040 ============================================================ 20:59:23.0668 4040 ================ Scan system memory ======================== 20:59:23.0668 4040 System memory - ok 20:59:23.0668 4040 ================ Scan services ============================= 20:59:23.0840 4040 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 20:59:23.0980 4040 1394ohci - ok 20:59:24.0058 4040 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys 20:59:24.0089 4040 ACPI - ok 20:59:24.0136 4040 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys 20:59:24.0245 4040 AcpiPmi - ok 20:59:24.0401 4040 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:59:24.0417 4040 AdobeFlashPlayerUpdateSvc - ok 20:59:24.0495 4040 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:59:24.0526 4040 adp94xx - ok 20:59:24.0557 4040 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:59:24.0588 4040 adpahci - ok 20:59:24.0620 4040 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:59:24.0635 4040 adpu320 - ok 20:59:24.0682 4040 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:59:24.0869 4040 AeLookupSvc - ok 20:59:24.0947 4040 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys 20:59:25.0041 4040 AFD - ok 20:59:25.0072 4040 AFS - ok 20:59:25.0103 4040 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys 20:59:25.0119 4040 agp440 - ok 20:59:25.0150 4040 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:59:25.0197 4040 ALG - ok 20:59:25.0275 4040 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys 20:59:25.0290 4040 aliide - ok 20:59:25.0368 4040 [ 16D2883EA6296333435DF0C8B7D164B8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:59:25.0446 4040 AMD External Events Utility - ok 20:59:25.0493 4040 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys 20:59:25.0509 4040 amdide - ok 20:59:25.0587 4040 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:59:25.0649 4040 AmdK8 - ok 20:59:25.0680 4040 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:59:25.0743 4040 AmdPPM - ok 20:59:25.0821 4040 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:59:25.0852 4040 amdsata - ok 20:59:25.0899 4040 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:59:25.0924 4040 amdsbs - ok 20:59:25.0974 4040 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:59:25.0984 4040 amdxata - ok 20:59:26.0054 4040 [ 2D71D1EED26923802C1C1B26E603FE0C ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys 20:59:26.0104 4040 AnyDVD - ok 20:59:26.0144 4040 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys 20:59:26.0194 4040 AppID - ok 20:59:26.0224 4040 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:59:26.0314 4040 AppIDSvc - ok 20:59:26.0344 4040 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll 20:59:26.0414 4040 Appinfo - ok 20:59:26.0574 4040 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:59:26.0594 4040 Apple Mobile Device - ok 20:59:26.0634 4040 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 20:59:26.0644 4040 arc - ok 20:59:26.0664 4040 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:59:26.0674 4040 arcsas - ok 20:59:26.0714 4040 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:59:26.0774 4040 AsyncMac - ok 20:59:26.0804 4040 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys 20:59:26.0814 4040 atapi - ok 20:59:26.0874 4040 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys 20:59:27.0004 4040 athr - ok 20:59:27.0194 4040 [ C9F90FEE4FDC829382B9130A92FB744C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:59:27.0434 4040 atikmdag - ok 20:59:27.0514 4040 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:59:27.0564 4040 AudioEndpointBuilder - ok 20:59:27.0574 4040 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:59:27.0614 4040 AudioSrv - ok 20:59:27.0694 4040 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:59:27.0794 4040 AxInstSV - ok 20:59:27.0844 4040 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:59:27.0884 4040 b06bdrv - ok 20:59:27.0934 4040 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:59:27.0984 4040 b57nd60a - ok 20:59:28.0094 4040 [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 20:59:28.0224 4040 BCM43XX - ok 20:59:28.0264 4040 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:59:28.0304 4040 BDESVC - ok 20:59:28.0344 4040 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:59:28.0435 4040 Beep - ok 20:59:28.0505 4040 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll 20:59:28.0615 4040 BFE - ok 20:59:28.0665 4040 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll 20:59:28.0785 4040 BITS - ok 20:59:28.0825 4040 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:59:28.0865 4040 blbdrive - ok 20:59:28.0955 4040 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:59:28.0985 4040 Bonjour Service - ok 20:59:29.0045 4040 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:59:29.0125 4040 bowser - ok 20:59:29.0165 4040 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:59:29.0215 4040 BrFiltLo - ok 20:59:29.0275 4040 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:59:29.0305 4040 BrFiltUp - ok 20:59:29.0355 4040 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll 20:59:29.0375 4040 Browser - ok 20:59:29.0405 4040 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:59:29.0445 4040 Brserid - ok 20:59:29.0465 4040 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:59:29.0515 4040 BrSerWdm - ok 20:59:29.0585 4040 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:59:29.0655 4040 BrUsbMdm - ok 20:59:29.0655 4040 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:59:29.0725 4040 BrUsbSer - ok 20:59:29.0755 4040 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:59:29.0795 4040 BTHMODEM - ok 20:59:29.0825 4040 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:59:29.0885 4040 bthserv - ok 20:59:29.0925 4040 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:59:29.0995 4040 cdfs - ok 20:59:30.0035 4040 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:59:30.0085 4040 cdrom - ok 20:59:30.0135 4040 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll 20:59:30.0175 4040 CertPropSvc - ok 20:59:30.0205 4040 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:59:30.0255 4040 circlass - ok 20:59:30.0295 4040 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:59:30.0315 4040 CLFS - ok 20:59:30.0375 4040 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:59:30.0395 4040 clr_optimization_v2.0.50727_32 - ok 20:59:30.0425 4040 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:59:30.0445 4040 clr_optimization_v2.0.50727_64 - ok 20:59:30.0585 4040 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:59:30.0605 4040 clr_optimization_v4.0.30319_32 - ok 20:59:30.0625 4040 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:59:30.0635 4040 clr_optimization_v4.0.30319_64 - ok 20:59:30.0675 4040 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:59:30.0715 4040 CmBatt - ok 20:59:30.0755 4040 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys 20:59:30.0765 4040 cmdide - ok 20:59:30.0815 4040 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys 20:59:30.0871 4040 CNG - ok 20:59:30.0902 4040 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:59:30.0918 4040 Compbatt - ok 20:59:30.0933 4040 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 20:59:30.0980 4040 CompositeBus - ok 20:59:31.0011 4040 COMSysApp - ok 20:59:31.0043 4040 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:59:31.0058 4040 crcdisk - ok 20:59:31.0105 4040 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:59:31.0167 4040 CryptSvc - ok 20:59:31.0230 4040 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys 20:59:31.0245 4040 CVirtA - ok 20:59:31.0308 4040 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:59:31.0370 4040 DcomLaunch - ok 20:59:31.0401 4040 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:59:31.0495 4040 defragsvc - ok 20:59:31.0557 4040 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:59:31.0604 4040 DfsC - ok 20:59:31.0635 4040 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll 20:59:31.0760 4040 Dhcp - ok 20:59:31.0791 4040 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:59:31.0854 4040 discache - ok 20:59:31.0901 4040 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:59:31.0932 4040 Disk - ok 20:59:31.0994 4040 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\SysWOW64\Drivers\DKbFltr.sys 20:59:32.0010 4040 DKbFltr - ok 20:59:32.0057 4040 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys 20:59:32.0072 4040 DNE - ok 20:59:32.0135 4040 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:59:32.0181 4040 Dnscache - ok 20:59:32.0233 4040 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll 20:59:32.0323 4040 dot3svc - ok 20:59:32.0343 4040 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll 20:59:32.0403 4040 DPS - ok 20:59:32.0453 4040 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:59:32.0503 4040 drmkaud - ok 20:59:32.0573 4040 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:59:32.0613 4040 DXGKrnl - ok 20:59:32.0643 4040 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:59:32.0703 4040 EapHost - ok 20:59:32.0813 4040 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:59:32.0963 4040 ebdrv - ok 20:59:33.0003 4040 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe 20:59:33.0053 4040 EFS - ok 20:59:33.0143 4040 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:59:33.0203 4040 ehRecvr - ok 20:59:33.0243 4040 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:59:33.0283 4040 ehSched - ok 20:59:33.0343 4040 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 20:59:33.0363 4040 ElbyCDIO - ok 20:59:33.0403 4040 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:59:33.0433 4040 elxstor - ok 20:59:33.0493 4040 [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 20:59:33.0543 4040 ePowerSvc - ok 20:59:33.0543 4040 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys 20:59:33.0603 4040 ErrDev - ok 20:59:33.0663 4040 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:59:33.0713 4040 EventSystem - ok 20:59:33.0723 4040 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:59:33.0773 4040 exfat - ok 20:59:33.0803 4040 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:59:33.0883 4040 fastfat - ok 20:59:33.0943 4040 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe 20:59:33.0993 4040 Fax - ok 20:59:34.0023 4040 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:59:34.0033 4040 fdc - ok 20:59:34.0063 4040 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:59:34.0123 4040 fdPHost - ok 20:59:34.0153 4040 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:59:34.0213 4040 FDResPub - ok 20:59:34.0253 4040 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:59:34.0263 4040 FileInfo - ok 20:59:34.0293 4040 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:59:34.0375 4040 Filetrace - ok 20:59:34.0391 4040 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:59:34.0422 4040 flpydisk - ok 20:59:34.0454 4040 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:59:34.0470 4040 FltMgr - ok 20:59:34.0548 4040 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll 20:59:34.0657 4040 FontCache - ok 20:59:34.0719 4040 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:59:34.0735 4040 FontCache3.0.0.0 - ok 20:59:34.0766 4040 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:59:34.0782 4040 FsDepends - ok 20:59:34.0813 4040 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:59:34.0828 4040 Fs_Rec - ok 20:59:34.0860 4040 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:59:34.0891 4040 fvevol - ok 20:59:34.0922 4040 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:59:34.0938 4040 gagp30kx - ok 20:59:34.0969 4040 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:59:35.0000 4040 GEARAspiWDM - ok 20:59:35.0031 4040 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll 20:59:35.0094 4040 gpsvc - ok 20:59:35.0203 4040 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 20:59:35.0265 4040 Greg_Service - ok 20:59:35.0359 4040 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:59:35.0374 4040 gupdate - ok 20:59:35.0421 4040 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:59:35.0452 4040 gupdatem - ok 20:59:35.0484 4040 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:59:35.0499 4040 gusvc - ok 20:59:35.0515 4040 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:59:35.0562 4040 hcw85cir - ok 20:59:35.0593 4040 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:59:35.0640 4040 HdAudAddService - ok 20:59:35.0655 4040 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:59:35.0702 4040 HDAudBus - ok 20:59:35.0733 4040 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:59:35.0764 4040 HidBatt - ok 20:59:35.0811 4040 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:59:35.0874 4040 HidBth - ok 20:59:35.0889 4040 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:59:35.0952 4040 HidIr - ok 20:59:35.0983 4040 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:59:36.0045 4040 hidserv - ok 20:59:36.0092 4040 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:59:36.0123 4040 HidUsb - ok 20:59:36.0139 4040 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:59:36.0217 4040 hkmsvc - ok 20:59:36.0248 4040 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:59:36.0295 4040 HomeGroupListener - ok 20:59:36.0326 4040 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:59:36.0388 4040 HomeGroupProvider - ok 20:59:36.0451 4040 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys 20:59:36.0466 4040 HpSAMD - ok 20:59:36.0544 4040 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys 20:59:36.0622 4040 HTCAND64 - ok 20:59:36.0669 4040 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys 20:59:36.0685 4040 htcnprot - ok 20:59:36.0716 4040 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:59:36.0794 4040 HTTP - ok 20:59:36.0825 4040 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:59:36.0841 4040 hwpolicy - ok 20:59:36.0872 4040 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:59:36.0888 4040 i8042prt - ok 20:59:36.0966 4040 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 20:59:36.0997 4040 IAANTMON - ok 20:59:37.0028 4040 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 20:59:37.0044 4040 iaStor - ok 20:59:37.0106 4040 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:59:37.0137 4040 iaStorV - ok 20:59:37.0246 4040 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:59:37.0262 4040 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:59:37.0262 4040 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:59:37.0324 4040 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:59:37.0387 4040 idsvc - ok 20:59:37.0543 4040 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:59:37.0761 4040 igfx - ok 20:59:37.0777 4040 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:59:37.0792 4040 iirsp - ok 20:59:37.0824 4040 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll 20:59:37.0917 4040 IKEEXT - ok 20:59:38.0011 4040 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:59:38.0058 4040 IntcAzAudAddService - ok 20:59:38.0073 4040 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys 20:59:38.0089 4040 intelide - ok 20:59:38.0136 4040 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:59:38.0182 4040 intelppm - ok 20:59:38.0214 4040 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:59:38.0276 4040 IPBusEnum - ok 20:59:38.0323 4040 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:59:38.0354 4040 IpFilterDriver - ok 20:59:38.0385 4040 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:59:38.0463 4040 iphlpsvc - ok 20:59:38.0494 4040 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys 20:59:38.0541 4040 IPMIDRV - ok 20:59:38.0572 4040 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:59:38.0635 4040 IPNAT - ok 20:59:38.0697 4040 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:59:38.0744 4040 iPod Service - ok 20:59:38.0791 4040 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:59:38.0822 4040 IRENUM - ok 20:59:38.0853 4040 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys 20:59:38.0869 4040 isapnp - ok 20:59:38.0884 4040 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:59:38.0900 4040 iScsiPrt - ok 20:59:38.0931 4040 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:59:38.0947 4040 kbdclass - ok 20:59:38.0978 4040 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:59:39.0025 4040 kbdhid - ok 20:59:39.0072 4040 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe 20:59:39.0103 4040 KeyIso - ok 20:59:39.0165 4040 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:59:39.0181 4040 KSecDD - ok 20:59:39.0196 4040 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:59:39.0212 4040 KSecPkg - ok 20:59:39.0243 4040 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:59:39.0321 4040 ksthunk - ok 20:59:39.0368 4040 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:59:39.0462 4040 KtmRm - ok 20:59:39.0524 4040 [ 2377EC4CC3E356655B996F39B43486B6 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 20:59:39.0555 4040 L1C - ok 20:59:39.0586 4040 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:59:39.0618 4040 LanmanServer - ok 20:59:39.0664 4040 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:59:39.0742 4040 LanmanWorkstation - ok 20:59:39.0805 4040 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:59:39.0867 4040 lltdio - ok 20:59:39.0898 4040 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:59:39.0930 4040 lltdsvc - ok 20:59:39.0961 4040 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:59:39.0992 4040 lmhosts - ok 20:59:40.0039 4040 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:59:40.0054 4040 LSI_FC - ok 20:59:40.0101 4040 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:59:40.0101 4040 LSI_SAS - ok 20:59:40.0117 4040 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:59:40.0132 4040 LSI_SAS2 - ok 20:59:40.0148 4040 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:59:40.0164 4040 LSI_SCSI - ok 20:59:40.0195 4040 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:59:40.0257 4040 luafv - ok 20:59:40.0304 4040 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:59:40.0351 4040 Mcx2Svc - ok 20:59:40.0382 4040 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:59:40.0398 4040 megasas - ok 20:59:40.0413 4040 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:59:40.0444 4040 MegaSR - ok 20:59:40.0460 4040 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:59:40.0522 4040 MMCSS - ok 20:59:40.0554 4040 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:59:40.0585 4040 Modem - ok 20:59:40.0616 4040 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:59:40.0663 4040 monitor - ok 20:59:40.0710 4040 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:59:40.0725 4040 mouclass - ok 20:59:40.0741 4040 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:59:40.0788 4040 mouhid - ok 20:59:40.0819 4040 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:59:40.0834 4040 mountmgr - ok 20:59:40.0912 4040 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 20:59:40.0959 4040 MpFilter - ok 20:59:40.0975 4040 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys 20:59:41.0006 4040 mpio - ok 20:59:41.0037 4040 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:59:41.0084 4040 mpsdrv - ok 20:59:41.0146 4040 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:59:41.0256 4040 MpsSvc - ok 20:59:41.0287 4040 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:59:41.0334 4040 MRxDAV - ok 20:59:41.0389 4040 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:59:41.0419 4040 mrxsmb - ok 20:59:41.0459 4040 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:59:41.0489 4040 mrxsmb10 - ok 20:59:41.0509 4040 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:59:41.0539 4040 mrxsmb20 - ok 20:59:41.0569 4040 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys 20:59:41.0589 4040 msahci - ok 20:59:41.0609 4040 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys 20:59:41.0619 4040 msdsm - ok 20:59:41.0659 4040 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:59:41.0699 4040 MSDTC - ok 20:59:41.0739 4040 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:59:41.0779 4040 Msfs - ok 20:59:41.0789 4040 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:59:41.0849 4040 mshidkmdf - ok 20:59:41.0879 4040 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys 20:59:41.0899 4040 msisadrv - ok 20:59:41.0949 4040 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:59:41.0999 4040 MSiSCSI - ok 20:59:41.0999 4040 msiserver - ok 20:59:42.0049 4040 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:59:42.0109 4040 MSKSSRV - ok 20:59:42.0219 4040 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 20:59:42.0249 4040 MsMpSvc - ok 20:59:42.0279 4040 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:59:42.0369 4040 MSPCLOCK - ok 20:59:42.0389 4040 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:59:42.0449 4040 MSPQM - ok 20:59:42.0479 4040 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:59:42.0499 4040 MsRPC - ok 20:59:42.0519 4040 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:59:42.0529 4040 mssmbios - ok 20:59:42.0559 4040 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:59:42.0619 4040 MSTEE - ok 20:59:42.0649 4040 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:59:42.0679 4040 MTConfig - ok 20:59:42.0729 4040 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:59:42.0739 4040 Mup - ok 20:59:42.0789 4040 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 20:59:42.0799 4040 mwlPSDFilter - ok 20:59:42.0809 4040 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 20:59:42.0819 4040 mwlPSDNServ - ok 20:59:42.0839 4040 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 20:59:42.0849 4040 mwlPSDVDisk - ok 20:59:42.0899 4040 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe 20:59:42.0929 4040 MWLService - ok 20:59:42.0959 4040 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll 20:59:43.0039 4040 napagent - ok 20:59:43.0099 4040 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:59:43.0149 4040 NativeWifiP - ok 20:59:43.0319 4040 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe 20:59:43.0359 4040 NAUpdate - ok 20:59:43.0436 4040 [ 7B2D90BBBBED11C8DFBA441D34AE901E ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys 20:59:43.0452 4040 NBVol - ok 20:59:43.0467 4040 [ 4FE7B5757279D82C4D171E9F7FD52A75 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys 20:59:43.0483 4040 NBVolUp - ok 20:59:43.0545 4040 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys 20:59:43.0608 4040 NDIS - ok 20:59:43.0639 4040 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:59:43.0701 4040 NdisCap - ok 20:59:43.0732 4040 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:59:43.0795 4040 NdisTapi - ok 20:59:43.0857 4040 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:59:43.0904 4040 Ndisuio - ok 20:59:43.0951 4040 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:59:44.0013 4040 NdisWan - ok 20:59:44.0044 4040 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:59:44.0122 4040 NDProxy - ok 20:59:44.0154 4040 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:59:44.0216 4040 NetBIOS - ok 20:59:44.0247 4040 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:59:44.0294 4040 NetBT - ok 20:59:44.0310 4040 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe 20:59:44.0325 4040 Netlogon - ok 20:59:44.0372 4040 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:59:44.0434 4040 Netman - ok 20:59:44.0466 4040 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:59:44.0544 4040 netprofm - ok 20:59:44.0590 4040 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:59:44.0606 4040 NetTcpPortSharing - ok 20:59:44.0653 4040 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:59:44.0668 4040 nfrd960 - ok 20:59:44.0746 4040 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 20:59:44.0762 4040 NisDrv - ok 20:59:44.0840 4040 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 20:59:44.0887 4040 NisSrv - ok 20:59:44.0934 4040 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:59:45.0015 4040 NlaSvc - ok 20:59:45.0045 4040 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:59:45.0125 4040 Npfs - ok 20:59:45.0155 4040 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:59:45.0235 4040 nsi - ok 20:59:45.0265 4040 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:59:45.0345 4040 nsiproxy - ok 20:59:45.0415 4040 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:59:45.0505 4040 Ntfs - ok 20:59:45.0565 4040 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 20:59:45.0585 4040 NTIBackupSvc - ok 20:59:45.0605 4040 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 20:59:45.0615 4040 NTIDrvr - ok 20:59:45.0655 4040 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 20:59:45.0675 4040 NTISchedulerSvc - ok 20:59:45.0715 4040 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:59:45.0775 4040 Null - ok 20:59:45.0825 4040 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:59:45.0845 4040 nvraid - ok 20:59:45.0885 4040 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:59:45.0895 4040 nvstor - ok 20:59:45.0935 4040 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys 20:59:45.0945 4040 nv_agp - ok 20:59:46.0015 4040 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:59:46.0045 4040 odserv - ok 20:59:46.0055 4040 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 20:59:46.0075 4040 ohci1394 - ok 20:59:46.0135 4040 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:59:46.0165 4040 ose - ok 20:59:46.0195 4040 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:59:46.0235 4040 p2pimsvc - ok 20:59:46.0265 4040 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:59:46.0285 4040 p2psvc - ok 20:59:46.0305 4040 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:59:46.0325 4040 Parport - ok 20:59:46.0375 4040 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:59:46.0385 4040 partmgr - ok 20:59:46.0455 4040 [ 5F731DD45D3B176C071E4CCEEB87B06B ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 20:59:46.0565 4040 PassThru Service ( UnsignedFile.Multi.Generic ) - warning 20:59:46.0565 4040 PassThru Service - detected UnsignedFile.Multi.Generic (1) 20:59:46.0595 4040 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:59:46.0645 4040 PcaSvc - ok 20:59:46.0715 4040 [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 20:59:46.0765 4040 pccsmcfd - ok 20:59:46.0805 4040 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys 20:59:46.0835 4040 pci - ok 20:59:46.0855 4040 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys 20:59:46.0865 4040 pciide - ok 20:59:46.0885 4040 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:59:46.0905 4040 pcmcia - ok 20:59:46.0925 4040 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:59:46.0935 4040 pcw - ok 20:59:46.0965 4040 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:59:47.0065 4040 PEAUTH - ok 20:59:47.0155 4040 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:59:47.0205 4040 PerfHost - ok 20:59:47.0285 4040 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll 20:59:47.0435 4040 pla - ok 20:59:47.0505 4040 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:59:47.0565 4040 PlugPlay - ok 20:59:47.0595 4040 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:59:47.0635 4040 PNRPAutoReg - ok 20:59:47.0695 4040 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:59:47.0715 4040 PNRPsvc - ok 20:59:47.0745 4040 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:59:47.0815 4040 PolicyAgent - ok 20:59:47.0855 4040 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:59:47.0915 4040 Power - ok 20:59:47.0975 4040 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:59:48.0025 4040 PptpMiniport - ok 20:59:48.0055 4040 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:59:48.0105 4040 Processor - ok 20:59:48.0165 4040 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll 20:59:48.0205 4040 ProfSvc - ok 20:59:48.0245 4040 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:59:48.0265 4040 ProtectedStorage - ok 20:59:48.0295 4040 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:59:48.0335 4040 Psched - ok 20:59:48.0385 4040 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:59:48.0465 4040 ql2300 - ok 20:59:48.0485 4040 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:59:48.0495 4040 ql40xx - ok 20:59:48.0525 4040 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:59:48.0546 4040 QWAVE - ok 20:59:48.0566 4040 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:59:48.0586 4040 QWAVEdrv - ok 20:59:48.0656 4040 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 20:59:48.0686 4040 RapiMgr - ok 20:59:48.0706 4040 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:59:48.0776 4040 RasAcd - ok 20:59:48.0816 4040 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:59:48.0896 4040 RasAgileVpn - ok 20:59:48.0936 4040 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:59:48.0986 4040 RasAuto - ok 20:59:49.0006 4040 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:59:49.0076 4040 Rasl2tp - ok 20:59:49.0116 4040 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll 20:59:49.0196 4040 RasMan - ok 20:59:49.0216 4040 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:59:49.0266 4040 RasPppoe - ok 20:59:49.0306 4040 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:59:49.0376 4040 RasSstp - ok 20:59:49.0416 4040 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:59:49.0486 4040 rdbss - ok 20:59:49.0516 4040 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:59:49.0536 4040 rdpbus - ok 20:59:49.0546 4040 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:59:49.0586 4040 RDPCDD - ok 20:59:49.0626 4040 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:59:49.0666 4040 RDPENCDD - ok 20:59:49.0676 4040 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:59:49.0716 4040 RDPREFMP - ok 20:59:49.0756 4040 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:59:49.0796 4040 RDPWD - ok 20:59:49.0846 4040 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:59:49.0866 4040 rdyboost - ok 20:59:49.0896 4040 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:59:49.0956 4040 RemoteAccess - ok 20:59:49.0996 4040 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:59:50.0063 4040 RemoteRegistry - ok 20:59:50.0094 4040 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:59:50.0125 4040 RpcEptMapper - ok 20:59:50.0156 4040 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:59:50.0187 4040 RpcLocator - ok 20:59:50.0219 4040 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll 20:59:50.0265 4040 RpcSs - ok 20:59:50.0312 4040 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:59:50.0359 4040 rspndr - ok 20:59:50.0406 4040 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 20:59:50.0437 4040 RSUSBSTOR - ok 20:59:50.0499 4040 [ 4F55BC63DCA859A6DEDC1106E0062135 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys 20:59:50.0531 4040 S3XXx64 - ok 20:59:50.0531 4040 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe 20:59:50.0546 4040 SamSs - ok 20:59:50.0577 4040 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys 20:59:50.0593 4040 sbp2port - ok 20:59:50.0624 4040 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:59:50.0702 4040 SCardSvr - ok 20:59:50.0733 4040 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:59:50.0811 4040 scfilter - ok 20:59:50.0874 4040 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll 20:59:50.0952 4040 Schedule - ok 20:59:50.0983 4040 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:59:51.0014 4040 SCPolicySvc - ok 20:59:51.0044 4040 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:59:51.0084 4040 SDRSVC - ok 20:59:51.0124 4040 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:59:51.0194 4040 secdrv - ok 20:59:51.0224 4040 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll 20:59:51.0294 4040 seclogon - ok 20:59:51.0324 4040 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:59:51.0384 4040 SENS - ok 20:59:51.0404 4040 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:59:51.0444 4040 SensrSvc - ok 20:59:51.0474 4040 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:59:51.0504 4040 Serenum - ok 20:59:51.0534 4040 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:59:51.0584 4040 Serial - ok 20:59:51.0624 4040 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:59:51.0664 4040 sermouse - ok 20:59:51.0744 4040 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 20:59:51.0784 4040 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 20:59:51.0784 4040 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 20:59:51.0844 4040 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll 20:59:51.0894 4040 SessionEnv - ok 20:59:51.0924 4040 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:59:51.0964 4040 sffdisk - ok 20:59:51.0984 4040 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:59:52.0014 4040 sffp_mmc - ok 20:59:52.0044 4040 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:59:52.0064 4040 sffp_sd - ok 20:59:52.0094 4040 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:59:52.0144 4040 sfloppy - ok 20:59:52.0204 4040 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:59:52.0294 4040 SharedAccess - ok 20:59:52.0334 4040 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:59:52.0384 4040 ShellHWDetection - ok 20:59:52.0414 4040 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:59:52.0424 4040 SiSRaid2 - ok 20:59:52.0454 4040 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:59:52.0474 4040 SiSRaid4 - ok 20:59:52.0574 4040 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:59:52.0594 4040 SkypeUpdate - ok 20:59:52.0624 4040 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:59:52.0694 4040 Smb - ok 20:59:52.0764 4040 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:59:52.0794 4040 SNMPTRAP - ok 20:59:52.0834 4040 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:59:52.0854 4040 spldr - ok 20:59:52.0904 4040 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe 20:59:52.0964 4040 Spooler - ok 20:59:53.0104 4040 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe 20:59:53.0274 4040 sppsvc - ok 20:59:53.0294 4040 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:59:53.0364 4040 sppuinotify - ok 20:59:53.0414 4040 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:59:53.0484 4040 srv - ok 20:59:53.0504 4040 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:59:53.0524 4040 srv2 - ok 20:59:53.0574 4040 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:59:53.0614 4040 srvnet - ok 20:59:53.0664 4040 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:59:53.0744 4040 SSDPSRV - ok 20:59:53.0784 4040 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:59:53.0844 4040 SstpSvc - ok 20:59:53.0894 4040 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:59:53.0904 4040 stexstor - ok 20:59:53.0944 4040 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll 20:59:53.0984 4040 stisvc - ok 20:59:54.0004 4040 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:59:54.0014 4040 swenum - ok 20:59:54.0034 4040 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:59:54.0084 4040 swprv - ok 20:59:54.0114 4040 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 20:59:54.0134 4040 SynTP - ok 20:59:54.0174 4040 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll 20:59:54.0304 4040 SysMain - ok 20:59:54.0334 4040 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:59:54.0384 4040 TabletInputService - ok 20:59:54.0414 4040 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll 20:59:54.0454 4040 TapiSrv - ok 20:59:54.0464 4040 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:59:54.0514 4040 TBS - ok 20:59:54.0604 4040 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:59:54.0654 4040 Tcpip - ok 20:59:54.0724 4040 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:59:54.0764 4040 TCPIP6 - ok 20:59:54.0784 4040 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:59:54.0824 4040 tcpipreg - ok 20:59:54.0844 4040 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:59:54.0864 4040 TDPIPE - ok 20:59:54.0904 4040 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:59:54.0924 4040 TDTCP - ok 20:59:54.0944 4040 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:59:55.0014 4040 tdx - ok 20:59:55.0044 4040 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:59:55.0054 4040 TermDD - ok 20:59:55.0104 4040 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll 20:59:55.0174 4040 TermService - ok 20:59:55.0204 4040 TFsExDisk - ok 20:59:55.0214 4040 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:59:55.0254 4040 Themes - ok 20:59:55.0294 4040 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:59:55.0344 4040 THREADORDER - ok 20:59:55.0364 4040 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:59:55.0434 4040 TrkWks - ok 20:59:55.0484 4040 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:59:55.0534 4040 TrustedInstaller - ok 20:59:55.0564 4040 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:59:55.0634 4040 tssecsrv - ok 20:59:55.0784 4040 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe 20:59:55.0884 4040 TuneUp.UtilitiesSvc - ok 20:59:55.0944 4040 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys 20:59:55.0954 4040 TuneUpUtilitiesDrv - ok 20:59:55.0984 4040 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:59:56.0044 4040 tunnel - ok 20:59:56.0064 4040 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:59:56.0084 4040 uagp35 - ok 20:59:56.0094 4040 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 20:59:56.0104 4040 UBHelper - ok 20:59:56.0124 4040 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:59:56.0184 4040 udfs - ok 20:59:56.0234 4040 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:59:56.0244 4040 UI0Detect - ok 20:59:56.0264 4040 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys 20:59:56.0274 4040 uliagpkx - ok 20:59:56.0324 4040 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:59:56.0374 4040 umbus - ok 20:59:56.0404 4040 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:59:56.0444 4040 UmPass - ok 20:59:56.0534 4040 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 20:59:56.0564 4040 Updater Service - ok 20:59:56.0594 4040 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:59:56.0664 4040 upnphost - ok 20:59:56.0734 4040 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:59:56.0784 4040 USBAAPL64 - ok 20:59:56.0824 4040 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:59:56.0874 4040 usbccgp - ok 20:59:56.0914 4040 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 20:59:56.0964 4040 usbcir - ok 20:59:57.0014 4040 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:59:57.0024 4040 usbehci - ok 20:59:57.0044 4040 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:59:57.0084 4040 usbhub - ok 20:59:57.0124 4040 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:59:57.0174 4040 usbohci - ok 20:59:57.0234 4040 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:59:57.0284 4040 usbprint - ok 20:59:57.0324 4040 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:59:57.0344 4040 usbscan - ok 20:59:57.0364 4040 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:59:57.0414 4040 USBSTOR - ok 20:59:57.0454 4040 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:59:57.0504 4040 usbuhci - ok 20:59:57.0575 4040 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 20:59:57.0645 4040 usbvideo - ok 20:59:57.0675 4040 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:59:57.0745 4040 UxSms - ok 20:59:57.0825 4040 [ 5BF180F7F7C2F68ED6D5777840270BCE ] UxTuneUp C:\Windows\System32\uxtuneup.dll 20:59:57.0835 4040 UxTuneUp - ok 20:59:57.0855 4040 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe 20:59:57.0865 4040 VaultSvc - ok 20:59:57.0905 4040 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys 20:59:57.0935 4040 vdrvroot - ok 20:59:57.0985 4040 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe 20:59:58.0005 4040 vds - ok 20:59:58.0025 4040 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:59:58.0035 4040 vga - ok 20:59:58.0055 4040 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:59:58.0125 4040 VgaSave - ok 20:59:58.0165 4040 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys 20:59:58.0175 4040 vhdmp - ok 20:59:58.0195 4040 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys 20:59:58.0215 4040 viaide - ok 20:59:58.0225 4040 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys 20:59:58.0245 4040 volmgr - ok 20:59:58.0265 4040 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:59:58.0285 4040 volmgrx - ok 20:59:58.0335 4040 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:59:58.0355 4040 volsnap - ok 20:59:58.0385 4040 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:59:58.0405 4040 vsmraid - ok 20:59:58.0465 4040 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe 20:59:58.0595 4040 VSS - ok 20:59:58.0625 4040 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:59:58.0655 4040 vwifibus - ok 20:59:58.0675 4040 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:59:58.0715 4040 vwififlt - ok 20:59:58.0755 4040 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 20:59:58.0795 4040 vwifimp - ok 20:59:58.0825 4040 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:59:58.0875 4040 W32Time - ok 20:59:58.0905 4040 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:59:58.0945 4040 WacomPen - ok 20:59:58.0995 4040 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:59:59.0075 4040 WANARP - ok 20:59:59.0105 4040 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:59:59.0145 4040 Wanarpv6 - ok 20:59:59.0205 4040 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe 20:59:59.0295 4040 wbengine - ok 20:59:59.0315 4040 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:59:59.0345 4040 WbioSrvc - ok 20:59:59.0415 4040 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 20:59:59.0445 4040 WcesComm - ok 20:59:59.0495 4040 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:59:59.0555 4040 wcncsvc - ok 20:59:59.0605 4040 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:59:59.0615 4040 WcsPlugInService - ok 20:59:59.0645 4040 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:59:59.0665 4040 Wd - ok 20:59:59.0715 4040 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:59:59.0745 4040 Wdf01000 - ok 20:59:59.0755 4040 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:59:59.0805 4040 WdiServiceHost - ok 20:59:59.0815 4040 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:59:59.0835 4040 WdiSystemHost - ok 20:59:59.0875 4040 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll 20:59:59.0905 4040 WebClient - ok 20:59:59.0935 4040 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:59:59.0975 4040 Wecsvc - ok 20:59:59.0985 4040 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:00:00.0025 4040 wercplsupport - ok 21:00:00.0055 4040 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:00:00.0115 4040 WerSvc - ok 21:00:00.0165 4040 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:00:00.0225 4040 WfpLwf - ok 21:00:00.0235 4040 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:00:00.0245 4040 WIMMount - ok 21:00:00.0265 4040 WinDefend - ok 21:00:00.0275 4040 WinHttpAutoProxySvc - ok 21:00:00.0335 4040 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:00:00.0385 4040 Winmgmt - ok 21:00:00.0445 4040 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll 21:00:00.0605 4040 WinRM - ok 21:00:00.0665 4040 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:00:00.0715 4040 WinUsb - ok 21:00:00.0775 4040 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:00:00.0835 4040 Wlansvc - ok 21:00:01.0015 4040 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:00:01.0125 4040 wlidsvc - ok 21:00:01.0165 4040 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 21:00:01.0205 4040 WmiAcpi - ok 21:00:01.0245 4040 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:00:01.0295 4040 wmiApSrv - ok 21:00:01.0345 4040 WMPNetworkSvc - ok 21:00:01.0385 4040 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:00:01.0405 4040 WPCSvc - ok 21:00:01.0445 4040 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:00:01.0475 4040 WPDBusEnum - ok 21:00:01.0525 4040 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:00:01.0595 4040 ws2ifsl - ok 21:00:01.0645 4040 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll 21:00:01.0685 4040 wscsvc - ok 21:00:01.0685 4040 WSearch - ok 21:00:01.0785 4040 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:00:01.0885 4040 wuauserv - ok 21:00:01.0935 4040 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:00:01.0955 4040 WudfPf - ok 21:00:01.0995 4040 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:00:02.0035 4040 WUDFRd - ok 21:00:02.0055 4040 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:00:02.0095 4040 wudfsvc - ok 21:00:02.0135 4040 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 21:00:02.0195 4040 WwanSvc - ok 21:00:02.0225 4040 ================ Scan global =============================== 21:00:02.0255 4040 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:00:02.0305 4040 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll 21:00:02.0345 4040 [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll 21:00:02.0375 4040 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:00:02.0425 4040 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:00:02.0425 4040 [Global] - ok 21:00:02.0425 4040 ================ Scan MBR ================================== 21:00:02.0445 4040 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:00:02.0826 4040 \Device\Harddisk0\DR0 - ok 21:00:02.0826 4040 ================ Scan VBR ================================== 21:00:02.0836 4040 [ 731F0DE700CD8F4005A3AEC2FE5C663D ] \Device\Harddisk0\DR0\Partition1 21:00:02.0836 4040 \Device\Harddisk0\DR0\Partition1 - ok 21:00:02.0876 4040 [ FF2376E0E2292A33DD3B0CBD09A19FEC ] \Device\Harddisk0\DR0\Partition2 21:00:02.0876 4040 \Device\Harddisk0\DR0\Partition2 - ok 21:00:02.0876 4040 ============================================================ 21:00:02.0876 4040 Scan finished 21:00:02.0876 4040 ============================================================ 21:00:02.0886 5112 Detected object count: 3 21:00:02.0886 5112 Actual detected object count: 3 21:00:38.0712 5112 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:00:38.0712 5112 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:00:38.0712 5112 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:00:38.0712 5112 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:00:38.0712 5112 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 21:00:38.0712 5112 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip |
05.02.2013, 21:32 | #10 |
/// Malware-holic | GVU-Trojaner hi Combofix: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.02.2013, 22:07 | #11 |
| GVU-Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 13-02-03.03 - Nicole 05.02.2013 21:36:08.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4094.2677 [GMT 1:00] ausgeführt von:: c:\users\Nicole\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files (x86)\Common Files\Acer GameZone online.ico c:\program files (x86)\SecureW2 c:\program files (x86)\SecureW2\Uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk c:\users\Nicole\AppData\Roaming\.# c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-05 bis 2013-02-05 )))))))))))))))))))))))))))))) . . 2013-02-05 20:48 . 2013-02-05 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-05 19:44 . 2013-02-05 19:44 -------- d-----w- C:\_OTL 2013-02-04 22:32 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BA4273F-F56D-42D3-8B75-B554530CF13C}\mpengine.dll 2013-02-03 15:40 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-08 21:54 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-08 21:54 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-08 21:54 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-08 21:54 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-08 21:54 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll 2013-01-08 21:54 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll 2013-01-08 21:54 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-08 21:54 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-08 21:54 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll 2013-01-08 21:54 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-08 21:52 . 2012-11-30 05:43 424960 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-08 21:51 . 2012-11-23 03:45 3147264 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-30 10:53 . 2010-04-01 08:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-13 14:32 . 2010-06-03 19:21 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-08 22:43 . 2012-04-25 14:06 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-08 22:43 . 2011-07-14 18:17 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-16 16:52 . 2012-12-21 18:44 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-21 18:44 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-21 18:44 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-21 18:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 17:42 . 2010-10-11 11:24 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-12-07 17:42 . 2010-10-11 11:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-11-30 04:56 . 2013-01-08 21:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-29 08:08 . 2012-11-29 08:09 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB491B2A-3BB0-4E51-980C-6BF356550C6E}\gapaengine.dll 2012-11-09 05:34 . 2012-12-12 04:26 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:49 . 2012-12-12 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-04-14 04:37 252832 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] "AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-12-25 102400] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] . c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="c:\progra~3\06xT5qL.bat" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R0 AFS;AFS; [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2011-09-07 70016] R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-08 166912] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-08 11856] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 25753508 *Deregistered* - 25753508 . Inhalt des "geplante Tasks" Ordners . 2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 22:43] . 2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 08:59] . 2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-01 08:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}] 2011-04-14 04:37 296352 ----a-w- c:\program files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360310l755l0344z1m5t5942c346 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360310l755l0344z1m5t5942c346 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Nicole\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\2cqhvrqa.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Indeo® software - c:\windows\IsUn0407.exe AddRemove-Lemmings Revolution - c:\windows\IsUn0407.exe AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-901514085-3943887970-2569426593-1000\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:fd,8c,51,04,15,8b,7d,3a,c3,26,aa,46,b6,f2,d5,69,04,0c,55,ff,b0, f8,35,e0,af,d2,2c,e4,c4,fc,d4,6f,f4,d1,03,f3,9e,a7,e6,3f,ca,f7,7a,31,b5,eb,\ "rkeysecu"=hex:62,7f,cf,59,f7,5c,a4,d6,d2,16,cf,88,62,b4,4b,51 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-05 22:06:14 ComboFix-quarantined-files.txt 2013-02-05 21:06 . Vor Suchlauf: 14 Verzeichnis(se), 136.283.295.744 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 135.898.562.560 Bytes frei . - - End Of File - - D7D7D60367E3337334619EDA62576DEE |
05.02.2013, 22:28 | #12 |
/// Malware-holic | GVU-Trojaner hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.02.2013, 23:42 | #13 |
| GVU-Trojaner Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Nicole :: NICOLE-PC [Administrator] Schutz: Aktiviert 05.02.2013 22:34:09 mbam-log-2013-02-05 (22-34-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 466546 Laufzeit: 1 Stunde(n), 4 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Nicole\Installationen\clonDVD\CloneDVD 2.9.1.9 beta\kg & patch\snd-Universal Patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Nicole\Installationen\clonDVD\CloneDVD2\snd-Universal Patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nicole\Downloads\Neuer Ordner\SoftonicDownloader_fuer_earthview-wallpaper.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nicole\Downloads\Neuer Ordner\SoftonicDownloader_fuer_pdfcreator.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ist jetzt alles weg? |
06.02.2013, 12:11 | #14 |
/// Malware-holic | GVU-Trojaner C:\Nicole\Installationen\clonDVD\CloneDVD 2.9.1.9 beta\kg & patch\snd-Universal Patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Nicole\Installationen\clonDVD\CloneDVD2\snd-Universal Patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. da es sich hierbei um keygens handelt, und die Verwendung nach den Gesetzen hier nicht legal ist, können wir dir nur beim neu aufsetzen helfen. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.02.2013, 13:11 | #15 |
| GVU-Trojaner ohoh...ok, dann werde ich das mal versuchen...ich glaube aber so eine windows-cd habe ich nicht. das ist ein aspire 5732ZG...ist dieser gvu-virus denn weg? also mein antivirenprogramm hat glaub ich gerade wieder einen trojaner gefunden: Trojan:Win32/Sirefef!cfg |