| |
| |||||||
Log-Analyse und Auswertung: zip. Anhang geöffnet TR/Matsnu.EB.101Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.02.2013, 21:48
| #1 |
 |  zip. Anhang geöffnet TR/Matsnu.EB.101 Hallo zusammen. Zuerst einmal,schön das es euch gibt :-) Weiss nämlich nicht mehr weiter. Nun hat es uns auch erwischt :-(. Wir haben gestern eine Mahnung per Email bekommen,das wir noch einen offenen Betrag zu begleichen haben.Die Rechnung war als zip. Datei im Anhang-Dummerweise wurde dieser Anhang geöffnet :-( kurze zeit später verschob mein Virenprogramm,Avira Antivir Free,den Trojaner TR/Matsnu.EB.101 aus: Quelle:C:\Users\Giz\AppData\Local\Temp\Temp1_06.02.2013 Bestelldaten Ihrer Mahnung.zip\Lieferschein Ihrer Bestellung 06.02.2013.zip und eine 2.Datei ADWARE/Yontoo.E.1 aus: Quelle:C:\Users\Giz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74XZETTC\yontoosetup[1].ex in die Quarantäne. Seit dem habe ich ständige Systemabstürze mit einem blauem Desktop und Fehlermeldungen. Die Checkliste der verschiedenen Scans habe ich soweit durchgeführt: defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:07 on 10/02/2013 (Giz) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL Extras logfile created on: 2/10/2013 8:37:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giz\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 67.87% Memory free 3.50 Gb Paging File | 2.01 Gb Available in Paging File | 57.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 47.59 Gb Free Space | 47.59% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 33.16 Gb Free Space | 26.99% Space Free | Partition Type: NTFS Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML.BU4WFSV3H6M4JN7DPOWR2R76ZA] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{8038CD96-F38A-42A8-A370-4E42AF1E366A}" = rport=41952 | protocol=6 | dir=out | name=tversity | "{845F9CEE-4551-4AE9-8FE4-D014A8329EDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FDEACF16-C4BB-4D55-A49C-DEF5FD6163D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{013B7906-1556-42A2-9789-AC8F6FB43829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40171638-2984-40DF-AF7C-11C690596551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4E140000-4765-49F7-8D58-149272800738}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{6F070512-CC6F-4A8E-AFF2-D3D5321E3953}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6F1176AD-B032-4807-B786-6C8A34EE3EB8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{79535E6A-67D8-4C6F-8CEB-9CC7D0DDA663}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{7AF5B2B2-2327-4ABA-88E4-370BD5BAEF11}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{7C756BE0-D1FB-479C-B19E-7C6190FBA177}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9273E720-55AD-498F-A3AD-C81F302465A8}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe | "{99E1D3F2-7150-4894-A146-792135081D3A}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{A41C7F57-E1BC-4D63-9B00-6F8514C99032}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe | "{CB4C30CC-7049-4B53-8977-2B76D0EAA1BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{CF2D152F-40F5-45DC-BC58-32585F6FBB18}" = dir=in | app=c:\program files\itunes\itunes.exe | "{F1D1D4A8-FB93-40C5-B2AF-BA09D8306046}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe | "{FB390B75-572E-461B-918F-3DF12F267439}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FDF3CF8C-2BC5-43CC-8971-589CE9A4A551}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{4270A8FF-B743-4189-9E88-71BD716494AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{97ACA1ED-66A7-4F34-8EDE-80FD08A32581}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | "TCP Query User{992EB7FA-9F01-431A-81F3-1143BC07BA23}C:\program files\atube catcher\yct.exe" = protocol=6 | dir=in | app=c:\program files\atube catcher\yct.exe | "UDP Query User{3CE67A4C-D7DE-4958-95ED-4EA42BEB794A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{9F104F62-6F82-4322-A82D-383A63AFD7E0}C:\program files\atube catcher\yct.exe" = protocol=17 | dir=in | app=c:\program files\atube catcher\yct.exe | "UDP Query User{A34832E1-3369-444F-93E0-21129F273176}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21275B6A-333E-3EF6-E68D-B5F5B4B1F6BB}" = Catalyst Control Center InstallProxy "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2AD3FCB8-B812-1A51-D45F-0A71277347E6}" = CCC Help Finnish "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BB57D38-931A-02AB-7C19-B039C87156BA}" = CCC Help Hungarian "{2D1A4418-8BC0-3805-7DD2-4993394000AE}" = CCC Help Danish "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F2A0484-F9B4-AC18-1580-73A6DBD526D3}" = Catalyst Control Center Localization All "{40FDA966-C08D-93FC-5B62-87B0305989D5}" = CCC Help Polish "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{51D1EA4C-3EC5-4A29-8BB6-CC7D447CCFD0}" = CCC Help Japanese "{5425B69E-410D-FF8E-6382-53914B29DB34}" = CCC Help French "{5592F5BF-0A6D-77BE-31D9-A212800C153C}" = CCC Help German "{5785EE0B-DA31-82C5-345A-6AC0721A5445}" = CCC Help Thai "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60D157A6-087B-ABE4-0B5D-69DCB6ADB4B2}" = CCC Help English "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{67BCBB5E-9534-81D4-A489-47D8A3BE22BF}" = CCC Help Spanish "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{708FB213-9CA6-6865-BCEA-6A50206BC17E}" = CCC Help Portuguese "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{759688C0-D976-D3A6-0FF5-CB0EA763B217}" = CCC Help Czech "{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{80198D8E-F593-17D6-26E7-DC4B66BABECD}" = Catalyst Control Center Graphics Light "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{88632316-2F9C-7FAB-E867-C4DFBF79A84E}" = Catalyst Control Center Graphics Previews Vista "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B209A17-940A-D283-8F37-4D5276879CFF}" = CCC Help Korean "{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel "{8CBBD910-23F3-D39C-8B38-2AEDD6C366F5}" = ccc-core-static "{8D1D606A-EF54-ADEE-13EF-4B77CBE389F0}" = Catalyst Control Center Graphics Full Existing "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3 "{AB629EB8-ABB4-F0EF-3C00-CF9B48C283DC}" = Catalyst Control Center Graphics Full New "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI "{AEB7003F-AE66-23F2-20A2-F758446BE167}" = CCC Help Norwegian "{BB761E7E-2635-4E12-A7E8-7431BE178953}" = Chrome toolbar by SweetPacks "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CC45D760-77CC-2B22-F691-3AC97C4BF788}" = CCC Help Greek "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CD185B84-7A26-5EEF-2F05-0CEA3463E557}" = Catalyst Control Center Core Implementation "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{D1F43BEE-D0A4-400B-EFA4-134EC78C81F4}" = CCC Help Turkish "{D7C66DC3-B601-E9F2-4157-D47E687C4539}" = CCC Help Dutch "{D84424BF-5F86-D649-14F3-A8AEB768A5F7}" = CCC Help Russian "{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E2E28E25-79C1-5108-F7F4-EF42AE64711D}" = CCC Help Swedish "{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel "{E6C93A10-25F6-CEC8-8B11-AAC52F4E67A1}" = ATI Catalyst Install Manager "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D4A558-9D51-6ABF-7CA3-0EE1DB2ED48F}" = CCC Help Chinese Standard "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FA8D70EF-1D0D-C0FD-B0D8-9610D5381930}" = CCC Help Italian "{FB8113BC-BB40-DEF0-C734-36697D1774C2}" = ccc-utility "{FFA6BAD0-1B3D-E4B0-95FC-FBFABDCABEF5}" = CCC Help Chinese Traditional "ACRYSH6_is1" = ArchiCrypt Shredder Version 6.0.9.5654 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira Free Antivirus "AviSynth" = AviSynth 2.5 "B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "delta" = Delta toolbar "DivX Setup.divx.com" = DivX-Setup "FMCODEC" = FM Screen Capture Codec (Remove Only) "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01 "Picasa 3" = Picasa 3 "PriceGong" = PriceGong 2.6.7 "Software Informer_is1" = Software Informer 1.0 BETA "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities 2012" = TuneUp Utilities 2012 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Sweet Home 3D" = Sweet Home 3D ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/27/2013 2:26:10 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6614 Error - 1/27/2013 2:26:12 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/27/2013 2:26:12 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8065 Error - 1/27/2013 2:26:12 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8065 Error - 1/27/2013 2:26:13 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/27/2013 2:26:13 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9703 Error - 1/27/2013 2:26:13 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9703 Error - 1/27/2013 2:26:16 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/27/2013 2:26:16 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 12636 Error - 1/27/2013 2:26:16 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 12636 Error - 1/27/2013 4:26:03 PM | Computer Name = Giz-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ System Events ] Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/10/2013 11:48:01 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/10/2013 11:49:44 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/10/2013 11:52:06 AM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 2/10/2013 12:03:21 PM | Computer Name = Giz-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 2/10/2013 12:05:01 PM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 2/10/2013 2:42:52 PM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. < End of report > OTL logfile created on: 2/10/2013 8:37:40 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giz\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 67.87% Memory free 3.50 Gb Paging File | 2.01 Gb Available in Paging File | 57.54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 47.59 Gb Free Space | 47.59% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 33.16 Gb Free Space | 26.99% Space Free | Partition Type: NTFS Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/10 20:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe PRC - [2013/02/10 05:07:10 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/10 05:06:50 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/02/10 05:06:46 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013/02/10 05:06:45 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/01/16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/15 18:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012/08/07 15:10:02 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.exe PRC - [2012/05/29 14:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2012/05/15 12:54:52 | 000,181,824 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) -- C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe PRC - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/03/02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2012/03/01 22:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareAgent.exe PRC - [2011/12/14 12:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011/12/14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/26 23:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2009/10/17 06:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2009/09/11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/28 00:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe PRC - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/08/05 04:45:12 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/08/05 04:44:44 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/07/20 10:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe ========== Modules (No Company Name) ========== MOD - [2013/01/17 19:43:05 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll MOD - [2013/01/17 19:43:02 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll MOD - [2013/01/17 19:42:49 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/17 19:42:48 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013/01/17 19:42:47 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013/01/17 19:42:45 | 006,610,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\bd5f32f9081b6307cadda7422145553e\System.Data.ni.dll MOD - [2013/01/17 19:41:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013/01/17 19:41:46 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/17 19:41:10 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/17 19:41:03 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab2d590a7a1566fe78e3275a90a30ceb\System.Configuration.ni.dll MOD - [2013/01/17 19:41:01 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/17 19:40:51 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013/01/16 17:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013/01/16 17:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012/09/07 14:19:56 | 000,904,704 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2012/08/07 15:11:00 | 000,041,472 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll MOD - [2012/08/07 15:11:00 | 000,028,672 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll MOD - [2012/08/07 15:10:58 | 000,062,464 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2012/08/07 15:10:58 | 000,012,288 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2012/08/07 15:10:58 | 000,010,240 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2012/08/07 15:10:58 | 000,009,728 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2012/08/07 15:10:58 | 000,007,168 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2012/08/07 15:10:00 | 000,025,088 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2012/08/07 15:09:56 | 000,028,672 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2012/08/07 15:09:40 | 001,267,712 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2012/08/07 15:09:32 | 000,007,168 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2012/08/07 15:09:28 | 000,559,616 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2012/08/07 15:09:16 | 000,073,216 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2012/08/07 15:09:12 | 000,040,960 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll MOD - [2012/08/07 15:09:12 | 000,018,944 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2012/08/07 15:09:12 | 000,013,312 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2012/08/07 15:09:06 | 000,074,752 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2012/08/07 15:09:06 | 000,040,960 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2012/08/07 15:09:06 | 000,006,656 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2012/08/07 15:09:06 | 000,006,144 | ---- | M] () -- C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2012/04/17 14:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012/04/17 14:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012/04/17 14:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012/04/17 14:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2012/04/17 14:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012/04/17 14:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012/04/17 14:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012/04/17 14:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:59:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/01/14 13:16:06 | 001,736,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l MOD - [2010/01/14 13:16:06 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/01/14 13:16:06 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.38372__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/01/14 13:16:06 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:06 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/01/14 13:16:06 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll MOD - [2010/01/14 13:16:06 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/01/14 13:16:06 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.38439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/01/14 13:16:06 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.38381__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:06 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/01/14 13:16:06 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/01/14 13:16:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010/01/14 13:16:06 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.38386__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/01/14 13:16:06 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2010/01/14 13:16:06 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.38381__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2010/01/14 13:16:05 | 000,950,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3503.38482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dash board.dll MOD - [2010/01/14 13:16:05 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:05 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2010/01/14 13:16:05 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.38434__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/01/14 13:16:05 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:05 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:05 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.38396__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010/01/14 13:16:05 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:05 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/01/14 13:16:05 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2010/01/14 13:16:05 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/01/14 13:16:05 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/01/14 13:16:05 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2010/01/14 13:16:05 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/01/14 13:16:05 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2010/01/14 13:16:05 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/01/14 13:16:05 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.39091__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/01/14 13:16:05 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.39089__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.39100__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.39127__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.39099__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/01/14 13:16:05 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/01/14 13:16:05 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/01/14 13:16:04 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/01/14 13:16:04 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.39109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/01/14 13:16:04 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.39086__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/01/14 13:16:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.39096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.39087__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.39157__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.39099__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/01/14 13:16:04 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/01/14 13:16:04 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.39089__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.39102__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2010/01/14 13:16:04 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.39098__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.39098__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.39122__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.39090__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/01/14 13:16:04 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.39090__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/01/14 13:16:03 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3503.38481__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll MOD - [2010/01/14 13:16:03 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.38452__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/01/14 13:16:03 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.38451__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/01/14 13:16:03 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.38463__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/01/14 13:16:03 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.39089__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/01/14 13:16:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.39090__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/01/14 13:16:03 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.39098__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/01/14 13:16:03 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.38368__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010/01/14 13:16:02 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.38377__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/01/14 13:16:02 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3503.38447__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/01/14 13:16:02 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.38385__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/01/14 13:16:02 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.38370__90ba9c70f846762e\APM.Server.dll MOD - [2010/01/14 13:16:02 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/01/14 13:16:02 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.38371__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/01/14 13:16:02 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.39100__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/01/14 13:16:02 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.38369__90ba9c70f846762e\AEM.Server.dll MOD - [2010/01/14 13:16:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/01/14 13:16:02 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/01/14 13:16:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/01/14 13:16:02 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.39099__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/01/14 13:16:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.39097__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/01/14 13:16:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.39110__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/01/14 13:16:02 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.38452__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008/10/24 20:29:16 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ========== Services (SafeList) ========== SRV - [2013/02/10 13:00:10 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/10 05:07:10 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/10 05:06:46 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/01/16 17:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012/05/15 12:54:52 | 000,181,824 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe -- (ArchiCrypt Sichere Loeschzonen) SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/03/02 16:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012/03/02 16:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2011/12/14 12:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/06/25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009/08/19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/08/05 04:44:44 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwrchid.sys -- (btwrchid) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwl2cap.sys -- (btwl2cap) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\btwavdt.sys -- (btwavdt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btwaudio.sys -- (btwaudio) DRV - [2013/02/10 05:07:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013/02/10 05:07:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013/02/10 05:07:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013/02/10 05:07:19 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/12/12 19:31:38 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010/06/23 09:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009/10/26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009/10/06 11:34:00 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009/10/05 18:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/10/02 06:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009/08/05 05:22:18 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/07/27 08:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009/07/20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/01 05:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) DRV - [2009/06/05 12:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009/05/05 15:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=52366ec60000000000001c4bd660b0f8 IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=52366ec60000000000001c4bd660b0f8 IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=52366ec60000000000001c4bd660b0f8 IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=06cd9f6f-ddcb-44d5-9f0c-a2e1d1e0dd78&apn_sauid=E218CB8E-98FB-41FC-923F-DC23035217A2& IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/15 20:24:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/15 20:24:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.7\FF [2012/09/07 14:21:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/02/10 07:24:03 | 000,000,000 | ---D | M] [2013/02/10 07:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\Profiles\extensions [2012/12/13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2011/10/14 09:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/05/13 16:03:36 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2010/05/13 09:26:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/26 10:51:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 10:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/07 16:14:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/18 11:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/10/07 10:22:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/06/08 14:17:19 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - homepage: hxxp://google.de/ CHR - default_search_provider: Delta Search (Enabled) CHR - default_search_provider: search_url = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=52366ec60000000000001c4bd660b0f8 CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Mozilla Plugins\npitunes.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Giz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\ CHR - Extension: Delta Toolbar = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\ CHR - Extension: DivX HiQ = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ CHR - Extension: BrowserProtect = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\ CHR - Extension: Delta Toolbar = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\ CHR - Extension: DivX HiQ = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ CHR - Extension: BrowserProtect = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\ CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001..\Run: [Browser Infrastructure Helper] C:\Users\Giz\AppData\Local\Smartbar\Application\Smartbar.exe (Smartbar) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09ABA583-D6D1-4135-BBA0-D6CF7BD51A5D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5E5214-9647-4B53-AB4F-8A1DFADE3032}: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\boingo wi-fi.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\boingofinder.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\eeesplendid.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\javaw.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\javaws.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\quickstart.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sbase.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\scalc.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\sdraw.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\simpress.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\smath.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\soffice.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\swriter.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\udtstart.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\youcam.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{af22b166-d6bf-11df-adb6-e0cb4ea20420}\Shell - "" = AutoRun O33 - MountPoints2\{af22b166-d6bf-11df-adb6-e0cb4ea20420}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/10 20:02:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe [2013/02/10 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/10 18:04:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/02/10 18:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/10 16:28:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\MigWiz [2013/02/10 11:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2013/02/10 11:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013/02/10 11:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher [2013/02/10 08:37:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins [2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions [2013/02/10 07:24:15 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013/02/10 07:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013/02/10 07:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013/02/10 07:23:43 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Delta [2013/02/10 07:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/02/10 07:22:37 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Babylon [2013/02/10 07:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013/02/10 07:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com [2013/02/10 07:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com [2013/02/10 05:21:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Avira [2013/02/10 05:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/10 05:15:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013/02/10 05:15:42 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013/02/10 05:15:42 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013/02/10 05:15:42 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013/02/09 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Malwarebytes [2013/02/09 14:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/09 12:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArchiCrypt [2013/02/09 12:55:15 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\ACShredder6 [2013/02/09 12:54:49 | 001,629,744 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt) -- C:\windows\System32\Shredder.dll [2013/02/09 12:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\ArchiCrypt [2013/02/09 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013/02/10 20:18:06 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001UA.job [2013/02/10 20:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe [2013/02/10 20:01:37 | 000,000,000 | ---- | M] () -- C:\Users\Giz\defogger_reenable [2013/02/10 20:00:28 | 000,050,477 | ---- | M] () -- C:\Users\Giz\Desktop\Defogger.exe [2013/02/10 20:00:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/10 19:42:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/02/10 18:04:31 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/10 17:12:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/10 17:12:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/10 16:47:02 | 245,976,301 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/02/10 08:37:57 | 000,007,597 | ---- | M] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg [2013/02/10 08:18:08 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001Core.job [2013/02/10 05:07:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013/02/10 05:07:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013/02/10 05:07:20 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013/02/10 05:07:19 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013/02/09 15:04:10 | 000,001,045 | ---- | M] () -- C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/02/09 15:03:36 | 000,001,009 | ---- | M] () -- C:\Users\Giz\Desktop\Dropbox.lnk [2013/02/09 13:47:26 | 000,033,134 | ---- | M] () -- C:\Users\Giz\AppData\Roaming\UserTile.png [2013/02/04 18:00:24 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/02/04 18:00:24 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/02/04 18:00:24 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/02/04 18:00:24 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/02/01 17:52:39 | 000,002,352 | ---- | M] () -- C:\Users\Giz\Desktop\Google Chrome.lnk [2013/01/17 19:29:43 | 000,358,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/02/10 20:01:37 | 000,000,000 | ---- | C] () -- C:\Users\Giz\defogger_reenable [2013/02/10 20:00:25 | 000,050,477 | ---- | C] () -- C:\Users\Giz\Desktop\Defogger.exe [2013/02/10 18:04:31 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/10 12:15:08 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/09 13:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\UserTile.png [2011/05/29 09:37:22 | 000,007,597 | ---- | C] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg [2011/02/27 14:03:31 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll [2010/07/20 15:58:03 | 000,937,426 | ---- | C] () -- C:\Users\Giz\Schulplan.pdf [2010/07/01 20:05:25 | 000,066,675 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\mdbu.bin [2010/06/17 18:42:28 | 000,003,584 | ---- | C] () -- C:\Users\Giz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/13 22:41:29 | 000,001,018 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\wklnhst.dat [2010/01/14 13:45:12 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/01/14 15:02:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage [2010/01/14 15:02:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage [2013/02/09 13:01:29 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\ACShredder6 [2012/11/06 13:56:29 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Amazon [2012/03/07 19:49:28 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Asus [2013/02/10 07:22:37 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Babylon [2012/04/12 20:19:27 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\cacaoweb [2013/02/10 07:24:18 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Delta [2013/02/10 17:05:13 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Dropbox [2010/04/14 09:56:27 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\EeeStorageUploader [2010/06/10 09:45:05 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Free Download Manager [2010/12/14 14:13:23 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\GHISLER [2012/09/21 12:07:50 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\HTC [2012/09/22 12:50:57 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011/01/15 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Local [2011/07/13 13:46:15 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\OpenCandy [2011/09/03 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\OpenOffice.org [2011/12/19 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\PhotoScape [2010/09/26 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\PMS [2012/10/22 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Samsung [2010/06/07 07:50:32 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Software Informer [2010/04/14 10:01:27 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\temp [2010/06/08 20:34:06 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\Template [2011/12/20 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\TuneUp Software [2011/10/12 22:21:01 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\UDC Profiles [2010/06/08 14:30:03 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\VoiceCommand [2010/10/25 18:32:01 | 000,000,000 | ---D | M] -- C:\Users\Giz\AppData\Roaming\WinAVI ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Den gmer.exe Scan konnte ich nicht durchführen,da ich während des Scans den besagten Systemabsturz bekomme. Ich hoffe ihr könnt mir da weiterhelfen?! Danke im Voraus! |
|
12.02.2013, 15:32
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | zip. Anhang geöffnet TR/Matsnu.EB.101 Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
12.02.2013, 19:20
| #3 |
| | zip. Anhang geöffnet TR/Matsnu.EB.101 Hallo.
__________________Vielen Dank für die Antwort. hier die Logfiles: mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.12.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Giz :: GIZ-PC [administrator]
12.02.2013 18:28:36
mbar-log-2013-02-12 (18-28-36).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29351
Time elapsed: 23 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-12 18:34:21
-----------------------------
18:34:21.840 OS Version: Windows 6.1.7601 Service Pack 1
18:34:21.840 Number of processors: 1 586 0x7F02
18:34:21.844 ComputerName: GIZ-PC UserName: Giz
18:34:22.833 Initialize success
18:35:22.433 AVAST engine defs: 13021200
18:36:03.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
18:36:03.357 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 11
18:36:03.395 Disk 0 MBR read successfully
18:36:03.407 Disk 0 MBR scan
18:36:03.504 Disk 0 Windows 7 default MBR code
18:36:03.526 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
18:36:03.578 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 125815 MB offset 209717248
18:36:03.637 Disk 0 Partition 3 00 1B Hidd FAT32 MSDOS5.0 10240 MB offset 467386368
18:36:03.684 Disk 0 Partition 4 00 EF EFI FAT A1478 16 MB offset 488357888
18:36:03.748 Disk 0 scanning sectors +488392065
18:36:03.896 Disk 0 scanning C:\windows\system32\drivers
18:36:39.963 Service scanning
18:37:41.919 Modules scanning
18:38:01.140 Disk 0 trace - called modules:
18:38:01.196 ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys halmacpi.dll amdsata.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys
18:38:01.225 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d955f0]
18:38:01.250 3 CLASSPNP.SYS[8878959e] -> nt!IofCallDriver -> [0x85d5c468]
18:38:01.263 5 amdxata.sys[83a017b6] -> nt!IofCallDriver -> \Device\0000005a[0x85c39258]
18:38:02.623 AVAST engine scan C:\windows
18:38:06.998 AVAST engine scan C:\windows\system32
18:46:51.135 AVAST engine scan C:\windows\system32\drivers
18:47:21.340 AVAST engine scan C:\Users\Giz
19:00:09.040 AVAST engine scan C:\ProgramData
19:02:30.320 Scan finished successfully
19:05:49.334 Disk 0 MBR has been saved successfully to "C:\Users\Giz\Desktop\MBR.dat"
19:05:49.345 The log file has been saved successfully to "C:\Users\Giz\Desktop\aswMBR.txt"
|
|
13.02.2013, 09:10
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | zip. Anhang geöffnet TR/Matsnu.EB.101 Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Falls also vorhanden, bitte alle Logs nachreichen. Bitte anschließend Logs mit GMER (<<< klick für Anleitung) und TDSS-Killer (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur den TDSS-Killer aus. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.02.2013, 16:21
| #5 |
| | zip. Anhang geöffnet TR/Matsnu.EB.101 Hi.Hier noch weitere Logs: malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.09.05 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus) Internet Explorer 8.0.7601.17514 Giz :: GIZ-PC [Administrator] 10.02.2013 03:56:30 mbam-log-2013-02-10 (03-56-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 318225 Laufzeit: 50 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Giz\Downloads\programme,setups,sonstiges\installer_sonicstage_4_3_Deutsch.exe (PUP.SmsPay.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.09.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Giz :: GIZ-PC [Administrator] 09.02.2013 15:04:17 mbam-log-2013-02-09 (15-04-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212554 Laufzeit: 14 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.09.05 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus) Internet Explorer 8.0.7601.17514 Giz :: GIZ-PC [Administrator] 10.02.2013 03:56:30 MBAM-log-2013-02-10 (04-51-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 318225 Laufzeit: 50 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Giz\Downloads\programme,setups,sonstiges\installer_sonicstage_4_3_Deutsch.exe (PUP.SmsPay.PGen) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.10.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Giz :: GIZ-PC [Administrator] 10.02.2013 19:31:26 mbam-log-2013-02-10 (19-31-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213778 Laufzeit: 20 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Exportierte Ereignisse:
10.02.2013 10:42 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Giz\AppData\Local\Temp\Temp1_06.02.2013 Bestelldaten Ihrer
Mahnung.zip\Lieferschein Ihrer Bestellung 06.02.2013.zip'
enthielt einen Virus oder unerwünschtes Programm 'TR/Matsnu.EB.101' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5d36c7ab.qua'
verschoben!
10.02.2013 07:24 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Giz\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\74XZETTC\yontoosetup[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5415a292.qua'
verschoben!
10.02.2013 07:22 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Giz\AppData\Local\Temp\50B07035\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.02.2013 07:22 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Giz\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\74XZETTC\yontoosetup[1].exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
10.02.2013 07:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Giz\AppData\Local\Temp\50B07035\up.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.02.2013 07:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Giz\AppData\Local\Temp\50B07035\YontooSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Code:
ATTFilter 16:13:54.0819 1784 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:13:55.0059 1784 ============================================================
16:13:55.0059 1784 Current date / time: 2013/02/13 16:13:55.0059
16:13:55.0060 1784 SystemInfo:
16:13:55.0060 1784
16:13:55.0060 1784 OS Version: 6.1.7601 ServicePack: 1.0
16:13:55.0060 1784 Product type: Workstation
16:13:55.0060 1784 ComputerName: GIZ-PC
16:13:55.0061 1784 UserName: Giz
16:13:55.0061 1784 Windows directory: C:\windows
16:13:55.0061 1784 System windows directory: C:\windows
16:13:55.0061 1784 Processor architecture: Intel x86
16:13:55.0061 1784 Number of processors: 1
16:13:55.0061 1784 Page size: 0x1000
16:13:55.0061 1784 Boot type: Normal boot
16:13:55.0061 1784 ============================================================
16:13:57.0513 1784 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:13:57.0530 1784 ============================================================
16:13:57.0530 1784 \Device\Harddisk0\DR0:
16:13:57.0538 1784 MBR partitions:
16:13:57.0538 1784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
16:13:57.0538 1784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0xF5BB800
16:13:57.0539 1784 ============================================================
16:13:57.0588 1784 C: <-> \Device\Harddisk0\DR0\Partition1
16:13:57.0633 1784 D: <-> \Device\Harddisk0\DR0\Partition2
16:13:57.0640 1784 ============================================================
16:13:57.0640 1784 Initialize success
16:13:57.0640 1784 ============================================================
16:16:12.0533 3328 ============================================================
16:16:12.0534 3328 Scan started
16:16:12.0534 3328 Mode: Manual; SigCheck; TDLFS;
16:16:12.0534 3328 ============================================================
16:16:14.0226 3328 ================ Scan system memory ========================
16:16:14.0226 3328 System memory - ok
16:16:14.0240 3328 ================ Scan services =============================
16:16:14.0495 3328 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:16:14.0742 3328 1394ohci - ok
16:16:14.0798 3328 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:16:14.0835 3328 ACPI - ok
16:16:14.0877 3328 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:16:15.0010 3328 AcpiPmi - ok
16:16:15.0117 3328 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:16:15.0227 3328 AdobeFlashPlayerUpdateSvc - ok
16:16:15.0305 3328 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
16:16:15.0469 3328 adp94xx - ok
16:16:15.0545 3328 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
16:16:15.0682 3328 adpahci - ok
16:16:15.0763 3328 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
16:16:15.0892 3328 adpu320 - ok
16:16:15.0927 3328 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:16:16.0022 3328 AeLookupSvc - ok
16:16:16.0074 3328 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
16:16:16.0211 3328 AFD - ok
16:16:16.0242 3328 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
16:16:16.0281 3328 agp440 - ok
16:16:16.0346 3328 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
16:16:16.0384 3328 aic78xx - ok
16:16:16.0438 3328 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
16:16:16.0548 3328 ALG - ok
16:16:16.0607 3328 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
16:16:16.0658 3328 aliide - ok
16:16:16.0732 3328 [ 6887351BF7ADAFEB7A324CAE6AAFE598 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:16:16.0886 3328 AMD External Events Utility - ok
16:16:16.0943 3328 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
16:16:17.0041 3328 amdagp - ok
16:16:17.0131 3328 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
16:16:17.0219 3328 amdide - ok
16:16:17.0297 3328 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
16:16:17.0391 3328 AmdK8 - ok
16:16:17.0464 3328 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
16:16:17.0565 3328 AmdPPM - ok
16:16:17.0627 3328 [ 6F64C768A9A48FAB7C6D6CEE1B30F97F ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
16:16:17.0695 3328 amdsata - ok
16:16:17.0758 3328 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
16:16:17.0821 3328 amdsbs - ok
16:16:17.0855 3328 [ E27866684780606BCCE640A57937D88A ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
16:16:17.0904 3328 amdxata - ok
16:16:18.0066 3328 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:16:18.0095 3328 AntiVirSchedulerService - ok
16:16:18.0209 3328 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:16:18.0267 3328 AntiVirService - ok
16:16:18.0362 3328 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
16:16:18.0728 3328 AppID - ok
16:16:18.0795 3328 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:16:18.0972 3328 AppIDSvc - ok
16:16:19.0017 3328 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
16:16:19.0077 3328 Appinfo - ok
16:16:19.0184 3328 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:16:19.0209 3328 Apple Mobile Device - ok
16:16:19.0247 3328 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
16:16:19.0288 3328 arc - ok
16:16:19.0421 3328 [ EFB2008E95D9909EBA7848B9A2EAFFD3 ] ArchiCrypt Sichere Loeschzonen C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe
16:16:19.0450 3328 ArchiCrypt Sichere Loeschzonen - ok
16:16:19.0499 3328 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
16:16:19.0595 3328 arcsas - ok
16:16:19.0668 3328 [ E67493490466B5F04B58C22D2590E8CA ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
16:16:19.0763 3328 AsUpIO - ok
16:16:19.0836 3328 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
16:16:19.0913 3328 AsusService ( UnsignedFile.Multi.Generic ) - warning
16:16:19.0913 3328 AsusService - detected UnsignedFile.Multi.Generic (1)
16:16:19.0980 3328 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:16:20.0249 3328 AsyncMac - ok
16:16:20.0316 3328 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
16:16:20.0397 3328 atapi - ok
16:16:20.0487 3328 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\windows\system32\DRIVERS\athr.sys
16:16:20.0664 3328 athr - ok
16:16:20.0917 3328 [ BCB9CF3B087DD15A8F33A149296E6183 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
16:16:21.0476 3328 atikmdag - ok
16:16:21.0533 3328 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
16:16:21.0583 3328 AtiPcie - ok
16:16:21.0668 3328 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:16:21.0730 3328 AudioEndpointBuilder - ok
16:16:21.0756 3328 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
16:16:21.0813 3328 Audiosrv - ok
16:16:21.0889 3328 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
16:16:21.0983 3328 avgntflt - ok
16:16:22.0074 3328 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
16:16:22.0207 3328 avipbb - ok
16:16:22.0277 3328 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
16:16:22.0370 3328 avkmgr - ok
16:16:22.0478 3328 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
16:16:22.0683 3328 AxInstSV - ok
16:16:22.0748 3328 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
16:16:22.0853 3328 b06bdrv - ok
16:16:22.0901 3328 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
16:16:23.0001 3328 b57nd60x - ok
16:16:23.0104 3328 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
16:16:23.0202 3328 BDESVC - ok
16:16:23.0238 3328 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
16:16:23.0375 3328 Beep - ok
16:16:23.0521 3328 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
16:16:23.0766 3328 BFE - ok
16:16:23.0854 3328 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
16:16:23.0941 3328 BITS - ok
16:16:23.0972 3328 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:16:24.0060 3328 blbdrive - ok
16:16:24.0166 3328 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:16:24.0201 3328 Bonjour Service - ok
16:16:24.0259 3328 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:16:24.0399 3328 bowser - ok
16:16:24.0461 3328 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
16:16:24.0624 3328 BrFiltLo - ok
16:16:24.0680 3328 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
16:16:24.0816 3328 BrFiltUp - ok
16:16:24.0884 3328 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
16:16:24.0976 3328 Browser - ok
16:16:25.0180 3328 [ 639838B4BD0ED95F308650B910E3EC82 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
16:16:25.0348 3328 BrowserProtect - ok
16:16:25.0406 3328 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:16:25.0568 3328 Brserid - ok
16:16:25.0619 3328 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:16:25.0720 3328 BrSerWdm - ok
16:16:25.0767 3328 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:16:25.0939 3328 BrUsbMdm - ok
16:16:25.0979 3328 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:16:26.0081 3328 BrUsbSer - ok
16:16:26.0164 3328 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:16:26.0382 3328 BthEnum - ok
16:16:26.0446 3328 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
16:16:26.0588 3328 BTHMODEM - ok
16:16:26.0652 3328 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:16:26.0813 3328 BthPan - ok
16:16:26.0901 3328 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:16:27.0106 3328 BTHPORT - ok
16:16:27.0172 3328 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
16:16:27.0354 3328 bthserv - ok
16:16:27.0409 3328 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:16:27.0496 3328 BTHUSB - ok
16:16:27.0548 3328 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\windows\system32\drivers\btusbflt.sys
16:16:27.0600 3328 btusbflt - ok
16:16:27.0619 3328 btwaudio - ok
16:16:27.0656 3328 btwavdt - ok
16:16:27.0677 3328 btwl2cap - ok
16:16:27.0698 3328 btwrchid - ok
16:16:27.0734 3328 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:16:27.0828 3328 cdfs - ok
16:16:27.0889 3328 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
16:16:27.0973 3328 cdrom - ok
16:16:28.0035 3328 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
16:16:28.0112 3328 CertPropSvc - ok
16:16:28.0164 3328 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
16:16:28.0226 3328 circlass - ok
16:16:28.0276 3328 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
16:16:28.0317 3328 CLFS - ok
16:16:28.0389 3328 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:28.0445 3328 clr_optimization_v2.0.50727_32 - ok
16:16:28.0525 3328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:16:28.0573 3328 clr_optimization_v4.0.30319_32 - ok
16:16:28.0612 3328 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:16:28.0701 3328 CmBatt - ok
16:16:28.0751 3328 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
16:16:28.0842 3328 cmdide - ok
16:16:28.0927 3328 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
16:16:29.0143 3328 CNG - ok
16:16:29.0226 3328 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
16:16:29.0295 3328 Compbatt - ok
16:16:29.0377 3328 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
16:16:29.0512 3328 CompositeBus - ok
16:16:29.0572 3328 COMSysApp - ok
16:16:29.0627 3328 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
16:16:29.0753 3328 crcdisk - ok
16:16:29.0864 3328 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
16:16:29.0954 3328 CryptSvc - ok
16:16:30.0055 3328 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
16:16:30.0181 3328 DcomLaunch - ok
16:16:30.0223 3328 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
16:16:30.0308 3328 defragsvc - ok
16:16:30.0401 3328 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:16:30.0568 3328 DfsC - ok
16:16:30.0680 3328 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
16:16:30.0848 3328 Dhcp - ok
16:16:30.0914 3328 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
16:16:31.0079 3328 discache - ok
16:16:31.0153 3328 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
16:16:31.0291 3328 Disk - ok
16:16:31.0339 3328 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:16:31.0413 3328 Dnscache - ok
16:16:31.0479 3328 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
16:16:31.0590 3328 dot3svc - ok
16:16:31.0644 3328 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
16:16:31.0729 3328 DPS - ok
16:16:31.0765 3328 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:16:31.0844 3328 drmkaud - ok
16:16:31.0894 3328 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:16:32.0014 3328 DXGKrnl - ok
16:16:32.0054 3328 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
16:16:32.0136 3328 EapHost - ok
16:16:32.0251 3328 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
16:16:32.0445 3328 ebdrv - ok
16:16:32.0500 3328 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
16:16:32.0583 3328 EFS - ok
16:16:32.0672 3328 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:16:32.0889 3328 ehRecvr - ok
16:16:32.0944 3328 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
16:16:33.0107 3328 ehSched - ok
16:16:33.0187 3328 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
16:16:33.0326 3328 elxstor - ok
16:16:33.0357 3328 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
16:16:33.0436 3328 ErrDev - ok
16:16:33.0517 3328 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
16:16:33.0615 3328 EventSystem - ok
16:16:33.0651 3328 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
16:16:33.0755 3328 exfat - ok
16:16:33.0805 3328 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
16:16:33.0942 3328 fastfat - ok
16:16:34.0019 3328 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
16:16:34.0079 3328 Fax - ok
16:16:34.0114 3328 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
16:16:34.0200 3328 fdc - ok
16:16:34.0265 3328 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
16:16:34.0455 3328 fdPHost - ok
16:16:34.0503 3328 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
16:16:34.0667 3328 FDResPub - ok
16:16:34.0739 3328 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:16:34.0777 3328 FileInfo - ok
16:16:34.0804 3328 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:16:34.0906 3328 Filetrace - ok
16:16:34.0930 3328 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
16:16:34.0980 3328 flpydisk - ok
16:16:35.0019 3328 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:16:35.0092 3328 FltMgr - ok
16:16:35.0163 3328 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
16:16:35.0278 3328 FontCache - ok
16:16:35.0348 3328 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:16:35.0383 3328 FontCache3.0.0.0 - ok
16:16:35.0412 3328 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:16:35.0469 3328 FsDepends - ok
16:16:35.0546 3328 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
16:16:35.0585 3328 fssfltr - ok
16:16:35.0663 3328 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:16:35.0869 3328 fsssvc - ok
16:16:35.0953 3328 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\windows\system32\FsUsbExDisk.SYS
16:16:36.0042 3328 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
16:16:36.0042 3328 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
16:16:36.0101 3328 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:16:36.0189 3328 Fs_Rec - ok
16:16:36.0299 3328 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:16:36.0463 3328 fvevol - ok
16:16:36.0546 3328 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
16:16:36.0649 3328 gagp30kx - ok
16:16:36.0732 3328 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:16:36.0837 3328 GEARAspiWDM - ok
16:16:36.0925 3328 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
16:16:37.0168 3328 gpsvc - ok
16:16:37.0254 3328 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:16:37.0356 3328 gusvc - ok
16:16:37.0412 3328 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:16:37.0546 3328 hcw85cir - ok
16:16:37.0606 3328 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:16:37.0706 3328 HdAudAddService - ok
16:16:37.0743 3328 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
16:16:37.0786 3328 HDAudBus - ok
16:16:37.0835 3328 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
16:16:37.0881 3328 HidBatt - ok
16:16:37.0917 3328 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
16:16:37.0972 3328 HidBth - ok
16:16:38.0022 3328 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
16:16:38.0113 3328 HidIr - ok
16:16:38.0145 3328 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
16:16:38.0222 3328 hidserv - ok
16:16:38.0278 3328 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:16:38.0335 3328 HidUsb - ok
16:16:38.0389 3328 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
16:16:38.0469 3328 hkmsvc - ok
16:16:38.0504 3328 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:16:38.0629 3328 HomeGroupListener - ok
16:16:38.0686 3328 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:16:38.0745 3328 HomeGroupProvider - ok
16:16:38.0803 3328 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:16:38.0861 3328 HpSAMD - ok
16:16:38.0950 3328 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\windows\system32\Drivers\ANDROIDUSB.sys
16:16:39.0089 3328 HTCAND32 - ok
16:16:39.0196 3328 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys
16:16:39.0327 3328 htcnprot - ok
16:16:39.0440 3328 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:16:39.0583 3328 HTTP - ok
16:16:39.0617 3328 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:16:39.0676 3328 hwpolicy - ok
16:16:39.0747 3328 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
16:16:39.0808 3328 i8042prt - ok
16:16:39.0858 3328 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:16:39.0990 3328 iaStorV - ok
16:16:40.0126 3328 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:16:40.0189 3328 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:16:40.0189 3328 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:16:40.0312 3328 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:16:40.0585 3328 idsvc - ok
16:16:40.0793 3328 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
16:16:41.0114 3328 igfx - ok
16:16:41.0171 3328 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
16:16:41.0236 3328 iirsp - ok
16:16:41.0329 3328 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
16:16:41.0434 3328 IKEEXT - ok
16:16:41.0561 3328 [ DB96B8BD676BB24BD4F1DC53CA1F182C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
16:16:41.0761 3328 IntcAzAudAddService - ok
16:16:41.0803 3328 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
16:16:41.0863 3328 intelide - ok
16:16:41.0929 3328 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:16:41.0980 3328 intelppm - ok
16:16:42.0020 3328 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:16:42.0102 3328 IPBusEnum - ok
16:16:42.0133 3328 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:16:42.0220 3328 IpFilterDriver - ok
16:16:42.0297 3328 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:16:42.0383 3328 iphlpsvc - ok
16:16:42.0442 3328 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:16:42.0504 3328 IPMIDRV - ok
16:16:42.0551 3328 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:16:42.0628 3328 IPNAT - ok
16:16:42.0716 3328 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:16:42.0820 3328 iPod Service - ok
16:16:42.0864 3328 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
16:16:43.0015 3328 IRENUM - ok
16:16:43.0064 3328 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:16:43.0173 3328 isapnp - ok
16:16:43.0252 3328 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:16:43.0385 3328 iScsiPrt - ok
16:16:43.0460 3328 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
16:16:43.0566 3328 kbdclass - ok
16:16:43.0643 3328 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
16:16:43.0770 3328 kbdhid - ok
16:16:43.0848 3328 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
16:16:43.0937 3328 kbfiltr - ok
16:16:43.0987 3328 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
16:16:44.0049 3328 KeyIso - ok
16:16:44.0110 3328 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:16:44.0199 3328 KSecDD - ok
16:16:44.0242 3328 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:16:44.0305 3328 KSecPkg - ok
16:16:44.0362 3328 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
16:16:44.0494 3328 KtmRm - ok
16:16:44.0542 3328 [ A158CEA8644B8A5C1EC0E9A81B70F65A ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
16:16:44.0636 3328 L1C - ok
16:16:44.0678 3328 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
16:16:44.0761 3328 LanmanServer - ok
16:16:44.0806 3328 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:16:44.0894 3328 LanmanWorkstation - ok
16:16:44.0980 3328 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:16:45.0114 3328 lltdio - ok
16:16:45.0196 3328 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
16:16:45.0350 3328 lltdsvc - ok
16:16:45.0402 3328 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
16:16:45.0574 3328 lmhosts - ok
16:16:45.0666 3328 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
16:16:45.0785 3328 LSI_FC - ok
16:16:45.0829 3328 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
16:16:45.0884 3328 LSI_SAS - ok
16:16:45.0931 3328 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
16:16:45.0997 3328 LSI_SAS2 - ok
16:16:46.0040 3328 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
16:16:46.0080 3328 LSI_SCSI - ok
16:16:46.0117 3328 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
16:16:46.0209 3328 luafv - ok
16:16:46.0254 3328 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:16:46.0299 3328 Mcx2Svc - ok
16:16:46.0323 3328 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
16:16:46.0359 3328 megasas - ok
16:16:46.0408 3328 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
16:16:46.0477 3328 MegaSR - ok
16:16:46.0525 3328 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
16:16:46.0594 3328 MMCSS - ok
16:16:46.0637 3328 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
16:16:46.0721 3328 Modem - ok
16:16:46.0788 3328 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:16:46.0834 3328 monitor - ok
16:16:46.0874 3328 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\drivers\mouclass.sys
16:16:46.0939 3328 mouclass - ok
16:16:46.0997 3328 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:16:47.0083 3328 mouhid - ok
16:16:47.0150 3328 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:16:47.0257 3328 mountmgr - ok
16:16:47.0336 3328 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
16:16:47.0446 3328 mpio - ok
16:16:47.0511 3328 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:16:47.0660 3328 mpsdrv - ok
16:16:47.0747 3328 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
16:16:47.0859 3328 MpsSvc - ok
16:16:47.0908 3328 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:16:47.0988 3328 MRxDAV - ok
16:16:48.0046 3328 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:16:48.0125 3328 mrxsmb - ok
16:16:48.0168 3328 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:16:48.0229 3328 mrxsmb10 - ok
16:16:48.0261 3328 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:16:48.0309 3328 mrxsmb20 - ok
16:16:48.0337 3328 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
16:16:48.0372 3328 msahci - ok
16:16:48.0436 3328 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
16:16:48.0475 3328 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
16:16:48.0475 3328 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
16:16:48.0529 3328 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:16:48.0606 3328 msdsm - ok
16:16:48.0671 3328 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
16:16:48.0798 3328 MSDTC - ok
16:16:48.0907 3328 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
16:16:49.0088 3328 Msfs - ok
16:16:49.0148 3328 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:16:49.0342 3328 mshidkmdf - ok
16:16:49.0403 3328 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:16:49.0487 3328 msisadrv - ok
16:16:49.0545 3328 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:16:49.0656 3328 MSiSCSI - ok
16:16:49.0676 3328 msiserver - ok
16:16:49.0719 3328 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:16:49.0803 3328 MSKSSRV - ok
16:16:49.0833 3328 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:16:49.0890 3328 MSPCLOCK - ok
16:16:49.0928 3328 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:16:50.0015 3328 MSPQM - ok
16:16:50.0063 3328 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:16:50.0108 3328 MsRPC - ok
16:16:50.0150 3328 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
16:16:50.0178 3328 mssmbios - ok
16:16:50.0214 3328 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:16:50.0271 3328 MSTEE - ok
16:16:50.0302 3328 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
16:16:50.0354 3328 MTConfig - ok
16:16:50.0386 3328 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
16:16:50.0443 3328 Mup - ok
16:16:50.0503 3328 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
16:16:50.0577 3328 napagent - ok
16:16:50.0638 3328 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:16:50.0703 3328 NativeWifiP - ok
16:16:50.0765 3328 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
16:16:50.0824 3328 NDIS - ok
16:16:50.0882 3328 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:16:50.0953 3328 NdisCap - ok
16:16:50.0999 3328 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:16:51.0098 3328 NdisTapi - ok
16:16:51.0171 3328 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:16:51.0248 3328 Ndisuio - ok
16:16:51.0307 3328 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:16:51.0415 3328 NdisWan - ok
16:16:51.0466 3328 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:16:51.0539 3328 NDProxy - ok
16:16:51.0600 3328 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:16:51.0611 3328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:16:51.0611 3328 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:16:51.0665 3328 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:16:51.0762 3328 NetBIOS - ok
16:16:51.0824 3328 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:16:51.0907 3328 NetBT - ok
16:16:51.0942 3328 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
16:16:51.0970 3328 Netlogon - ok
16:16:52.0025 3328 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
16:16:52.0103 3328 Netman - ok
16:16:52.0145 3328 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
16:16:52.0240 3328 netprofm - ok
16:16:52.0287 3328 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:16:52.0354 3328 NetTcpPortSharing - ok
16:16:52.0430 3328 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
16:16:52.0468 3328 nfrd960 - ok
16:16:52.0521 3328 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
16:16:52.0566 3328 NlaSvc - ok
16:16:52.0672 3328 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\windows\system32\drivers\npf.sys
16:16:52.0727 3328 NPF - ok
16:16:52.0781 3328 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
16:16:52.0956 3328 Npfs - ok
16:16:53.0024 3328 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
16:16:53.0288 3328 nsi - ok
16:16:53.0340 3328 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:16:53.0420 3328 nsiproxy - ok
16:16:53.0505 3328 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:16:53.0646 3328 Ntfs - ok
16:16:53.0687 3328 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
16:16:53.0766 3328 Null - ok
16:16:53.0828 3328 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
16:16:53.0884 3328 nvraid - ok
16:16:53.0945 3328 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
16:16:54.0011 3328 nvstor - ok
16:16:54.0051 3328 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:16:54.0120 3328 nv_agp - ok
16:16:54.0171 3328 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:16:54.0221 3328 ohci1394 - ok
16:16:54.0261 3328 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:16:54.0319 3328 p2pimsvc - ok
16:16:54.0375 3328 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
16:16:54.0505 3328 p2psvc - ok
16:16:54.0585 3328 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:16:54.0702 3328 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
16:16:54.0703 3328 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
16:16:54.0761 3328 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
16:16:54.0877 3328 Parport - ok
16:16:54.0944 3328 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
16:16:55.0037 3328 partmgr - ok
16:16:55.0112 3328 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
16:16:55.0168 3328 Parvdm - ok
16:16:55.0252 3328 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
16:16:55.0280 3328 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
16:16:55.0280 3328 PassThru Service - detected UnsignedFile.Multi.Generic (1)
16:16:55.0332 3328 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
16:16:55.0384 3328 PcaSvc - ok
16:16:55.0417 3328 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
16:16:55.0456 3328 pci - ok
16:16:55.0502 3328 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
16:16:55.0538 3328 pciide - ok
16:16:55.0577 3328 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
16:16:55.0641 3328 pcmcia - ok
16:16:55.0680 3328 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
16:16:55.0741 3328 pcw - ok
16:16:55.0797 3328 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:16:56.0053 3328 PEAUTH - ok
16:16:56.0272 3328 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
16:16:56.0585 3328 pla - ok
16:16:56.0667 3328 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:16:56.0783 3328 PlugPlay - ok
16:16:56.0812 3328 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:16:56.0852 3328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:16:56.0852 3328 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:16:56.0884 3328 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:16:56.0925 3328 PNRPAutoReg - ok
16:16:56.0956 3328 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:16:56.0990 3328 PNRPsvc - ok
16:16:57.0051 3328 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:16:57.0180 3328 PolicyAgent - ok
16:16:57.0220 3328 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
16:16:57.0297 3328 Power - ok
16:16:57.0350 3328 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:16:57.0439 3328 PptpMiniport - ok
16:16:57.0480 3328 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
16:16:57.0554 3328 Processor - ok
16:16:57.0603 3328 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
16:16:57.0706 3328 ProfSvc - ok
16:16:57.0740 3328 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
16:16:57.0770 3328 ProtectedStorage - ok
16:16:57.0823 3328 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:16:57.0885 3328 Psched - ok
16:16:57.0938 3328 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
16:16:58.0000 3328 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:16:58.0000 3328 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:16:58.0058 3328 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
16:16:58.0351 3328 ql2300 - ok
16:16:58.0429 3328 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
16:16:58.0542 3328 ql40xx - ok
16:16:58.0610 3328 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
16:16:58.0790 3328 QWAVE - ok
16:16:58.0865 3328 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:16:58.0963 3328 QWAVEdrv - ok
16:16:59.0029 3328 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:16:59.0187 3328 RasAcd - ok
16:16:59.0264 3328 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:16:59.0420 3328 RasAgileVpn - ok
16:16:59.0493 3328 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
16:16:59.0672 3328 RasAuto - ok
16:16:59.0727 3328 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:16:59.0799 3328 Rasl2tp - ok
16:16:59.0859 3328 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
16:16:59.0961 3328 RasMan - ok
16:17:00.0004 3328 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:17:00.0079 3328 RasPppoe - ok
16:17:00.0120 3328 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:17:00.0221 3328 RasSstp - ok
16:17:00.0274 3328 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:17:00.0529 3328 rdbss - ok
16:17:00.0589 3328 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
16:17:00.0700 3328 rdpbus - ok
16:17:00.0770 3328 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:17:00.0941 3328 RDPCDD - ok
16:17:01.0063 3328 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:17:01.0193 3328 RDPENCDD - ok
16:17:01.0274 3328 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:17:01.0374 3328 RDPREFMP - ok
16:17:01.0415 3328 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:17:01.0529 3328 RDPWD - ok
16:17:01.0600 3328 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:17:01.0670 3328 rdyboost - ok
16:17:01.0723 3328 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
16:17:01.0821 3328 RemoteAccess - ok
16:17:01.0867 3328 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:17:02.0084 3328 RemoteRegistry - ok
16:17:02.0180 3328 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:17:02.0271 3328 RFCOMM - ok
16:17:02.0364 3328 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
16:17:02.0496 3328 rpcapd - ok
16:17:02.0560 3328 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:17:02.0705 3328 RpcEptMapper - ok
16:17:02.0741 3328 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
16:17:02.0800 3328 RpcLocator - ok
16:17:02.0847 3328 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
16:17:02.0910 3328 RpcSs - ok
16:17:02.0967 3328 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:17:03.0032 3328 rspndr - ok
16:17:03.0115 3328 [ 44B7739F2D623AD6FB46755BB60351A4 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
16:17:03.0276 3328 rtl8192se - ok
16:17:03.0307 3328 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
16:17:03.0365 3328 SamSs - ok
16:17:03.0525 3328 [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
16:17:03.0570 3328 SamsungAllShareV2.0 - ok
16:17:03.0640 3328 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:17:03.0745 3328 sbp2port - ok
16:17:03.0819 3328 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
16:17:03.0978 3328 SCardSvr - ok
16:17:04.0017 3328 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:17:04.0122 3328 scfilter - ok
16:17:04.0182 3328 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
16:17:04.0336 3328 Schedule - ok
16:17:04.0374 3328 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
16:17:04.0426 3328 SCPolicySvc - ok
16:17:04.0482 3328 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:17:04.0588 3328 SDRSVC - ok
16:17:04.0637 3328 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:17:04.0699 3328 secdrv - ok
16:17:04.0734 3328 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
16:17:04.0837 3328 seclogon - ok
16:17:04.0883 3328 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
16:17:04.0953 3328 SENS - ok
16:17:04.0986 3328 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
16:17:05.0039 3328 SensrSvc - ok
16:17:05.0078 3328 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
16:17:05.0134 3328 Serenum - ok
16:17:05.0171 3328 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
16:17:05.0222 3328 Serial - ok
16:17:05.0259 3328 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
16:17:05.0343 3328 sermouse - ok
16:17:05.0420 3328 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
16:17:05.0507 3328 SessionEnv - ok
16:17:05.0538 3328 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:17:05.0584 3328 sffdisk - ok
16:17:05.0615 3328 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:17:05.0668 3328 sffp_mmc - ok
16:17:05.0720 3328 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:17:05.0761 3328 sffp_sd - ok
16:17:05.0809 3328 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
16:17:05.0885 3328 sfloppy - ok
16:17:05.0948 3328 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
16:17:06.0072 3328 SharedAccess - ok
16:17:06.0128 3328 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:17:06.0208 3328 ShellHWDetection - ok
16:17:06.0251 3328 [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
16:17:06.0302 3328 SimpleSlideShowServer - ok
16:17:06.0347 3328 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
16:17:06.0406 3328 sisagp - ok
16:17:06.0472 3328 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
16:17:06.0523 3328 SiSRaid2 - ok
16:17:06.0567 3328 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
16:17:06.0606 3328 SiSRaid4 - ok
16:17:06.0643 3328 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
16:17:06.0761 3328 Smb - ok
16:17:06.0840 3328 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:17:06.0871 3328 SNMPTRAP - ok
16:17:06.0936 3328 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
16:17:06.0969 3328 SonicStage Back-End Service - ok
16:17:07.0013 3328 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
16:17:07.0067 3328 spldr - ok
16:17:07.0141 3328 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
16:17:07.0216 3328 Spooler - ok
16:17:07.0383 3328 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
16:17:07.0708 3328 sppsvc - ok
16:17:07.0784 3328 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:17:07.0917 3328 sppuinotify - ok
16:17:07.0974 3328 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:17:08.0041 3328 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
16:17:08.0041 3328 SPTISRV - detected UnsignedFile.Multi.Generic (1)
16:17:08.0091 3328 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
16:17:08.0209 3328 srv - ok
16:17:08.0245 3328 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:17:08.0390 3328 srv2 - ok
16:17:08.0452 3328 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:17:08.0584 3328 srvnet - ok
16:17:08.0736 3328 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:17:08.0890 3328 SSDPSRV - ok
16:17:08.0997 3328 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
16:17:09.0082 3328 ssmdrv - ok
16:17:09.0200 3328 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
16:17:09.0251 3328 SSScsiSV - ok
16:17:09.0321 3328 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
16:17:09.0434 3328 SstpSvc - ok
16:17:09.0501 3328 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
16:17:09.0562 3328 stexstor - ok
16:17:09.0634 3328 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
16:17:09.0764 3328 StiSvc - ok
16:17:09.0804 3328 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
16:17:09.0854 3328 swenum - ok
16:17:09.0916 3328 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
16:17:10.0029 3328 swprv - ok
16:17:10.0096 3328 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:17:10.0165 3328 SynTP - ok
16:17:10.0248 3328 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
16:17:10.0371 3328 SysMain - ok
16:17:10.0447 3328 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
16:17:10.0546 3328 TabletInputService - ok
16:17:10.0632 3328 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
16:17:10.0817 3328 TapiSrv - ok
16:17:10.0881 3328 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
16:17:10.0944 3328 TBS - ok
16:17:11.0033 3328 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:17:11.0251 3328 Tcpip - ok
16:17:11.0308 3328 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:17:11.0365 3328 TCPIP6 - ok
16:17:11.0415 3328 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:17:11.0475 3328 tcpipreg - ok
16:17:11.0539 3328 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:17:11.0620 3328 TDPIPE - ok
16:17:11.0666 3328 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:17:11.0739 3328 TDTCP - ok
16:17:11.0785 3328 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:17:11.0844 3328 tdx - ok
16:17:11.0881 3328 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
16:17:11.0943 3328 TermDD - ok
16:17:12.0004 3328 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
16:17:12.0103 3328 TermService - ok
16:17:12.0145 3328 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
16:17:12.0206 3328 Themes - ok
16:17:12.0248 3328 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
16:17:12.0301 3328 THREADORDER - ok
16:17:12.0331 3328 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
16:17:12.0422 3328 TrkWks - ok
16:17:12.0492 3328 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:17:12.0558 3328 TrustedInstaller - ok
16:17:12.0602 3328 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:17:12.0692 3328 tssecsrv - ok
16:17:12.0753 3328 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:17:12.0845 3328 TsUsbFlt - ok
16:17:13.0115 3328 [ 60C6AC47323C81712896C5C8C7974DD1 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
16:17:13.0259 3328 TuneUp.UtilitiesSvc - ok
16:17:13.0339 3328 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
16:17:13.0420 3328 TuneUpUtilitiesDrv - ok
16:17:13.0518 3328 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:17:13.0682 3328 tunnel - ok
16:17:13.0741 3328 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
16:17:13.0823 3328 uagp35 - ok
16:17:13.0920 3328 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:17:14.0010 3328 udfs - ok
16:17:14.0068 3328 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:17:14.0126 3328 UI0Detect - ok
16:17:14.0155 3328 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:17:14.0201 3328 uliagpkx - ok
16:17:14.0262 3328 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
16:17:14.0313 3328 umbus - ok
16:17:14.0372 3328 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
16:17:14.0429 3328 UmPass - ok
16:17:14.0473 3328 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
16:17:14.0583 3328 upnphost - ok
16:17:14.0641 3328 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
16:17:14.0709 3328 USBAAPL - ok
16:17:14.0766 3328 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
16:17:14.0853 3328 usbaudio - ok
16:17:14.0895 3328 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:17:15.0003 3328 usbccgp - ok
16:17:15.0044 3328 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:17:15.0135 3328 usbcir - ok
16:17:15.0182 3328 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:17:15.0219 3328 usbehci - ok
16:17:15.0268 3328 [ 19999CA8E83F16D271AFC467B84718D7 ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
16:17:15.0301 3328 usbfilter - ok
16:17:15.0361 3328 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:17:15.0459 3328 usbhub - ok
16:17:15.0488 3328 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
16:17:15.0536 3328 usbohci - ok
16:17:15.0592 3328 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
16:17:15.0675 3328 usbprint - ok
16:17:15.0769 3328 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:17:15.0924 3328 USBSTOR - ok
16:17:15.0994 3328 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:17:16.0186 3328 usbuhci - ok
16:17:16.0282 3328 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
16:17:16.0380 3328 usbvideo - ok
16:17:16.0438 3328 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
16:17:16.0538 3328 UxSms - ok
16:17:16.0566 3328 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
16:17:16.0614 3328 VaultSvc - ok
16:17:16.0654 3328 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:17:16.0692 3328 vdrvroot - ok
16:17:16.0762 3328 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
16:17:16.0896 3328 vds - ok
16:17:16.0941 3328 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:17:17.0004 3328 vga - ok
16:17:17.0047 3328 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
16:17:17.0146 3328 VgaSave - ok
16:17:17.0194 3328 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:17:17.0241 3328 vhdmp - ok
16:17:17.0290 3328 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
16:17:17.0330 3328 viaagp - ok
16:17:17.0372 3328 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
16:17:17.0451 3328 ViaC7 - ok
16:17:17.0496 3328 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
16:17:17.0549 3328 viaide - ok
16:17:17.0590 3328 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:17:17.0629 3328 volmgr - ok
16:17:17.0681 3328 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:17:17.0756 3328 volmgrx - ok
16:17:17.0802 3328 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
16:17:17.0856 3328 volsnap - ok
16:17:17.0902 3328 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
16:17:17.0978 3328 vsmraid - ok
16:17:18.0054 3328 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
16:17:18.0264 3328 VSS - ok
16:17:18.0294 3328 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:17:18.0334 3328 vwifibus - ok
16:17:18.0379 3328 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:17:18.0451 3328 vwififlt - ok
16:17:18.0521 3328 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
16:17:18.0593 3328 vwifimp - ok
16:17:18.0641 3328 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
16:17:18.0711 3328 W32Time - ok
16:17:18.0758 3328 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
16:17:18.0830 3328 WacomPen - ok
16:17:18.0889 3328 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:17:18.0950 3328 WANARP - ok
16:17:18.0968 3328 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:17:19.0024 3328 Wanarpv6 - ok
16:17:19.0106 3328 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
16:17:19.0318 3328 wbengine - ok
16:17:19.0399 3328 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:17:19.0513 3328 WbioSrvc - ok
16:17:19.0613 3328 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
16:17:19.0758 3328 wcncsvc - ok
16:17:19.0808 3328 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:17:19.0994 3328 WcsPlugInService - ok
16:17:20.0062 3328 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
16:17:20.0208 3328 Wd - ok
16:17:20.0305 3328 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:17:20.0455 3328 Wdf01000 - ok
16:17:20.0525 3328 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
16:17:20.0749 3328 WdiServiceHost - ok
16:17:20.0806 3328 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
16:17:20.0891 3328 WdiSystemHost - ok
16:17:20.0946 3328 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
16:17:21.0021 3328 WebClient - ok
16:17:21.0078 3328 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
16:17:21.0153 3328 Wecsvc - ok
16:17:21.0188 3328 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
16:17:21.0251 3328 wercplsupport - ok
16:17:21.0294 3328 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
16:17:21.0396 3328 WerSvc - ok
16:17:21.0455 3328 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:17:21.0528 3328 WfpLwf - ok
16:17:21.0575 3328 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:17:21.0613 3328 WIMMount - ok
16:17:21.0693 3328 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:17:21.0775 3328 WinDefend - ok
16:17:21.0804 3328 WinHttpAutoProxySvc - ok
16:17:21.0874 3328 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:17:21.0988 3328 Winmgmt - ok
16:17:22.0065 3328 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
16:17:22.0212 3328 WinRM - ok
16:17:22.0284 3328 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
16:17:22.0373 3328 WinUsb - ok
16:17:22.0432 3328 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
16:17:22.0661 3328 Wlansvc - ok
16:17:22.0816 3328 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:17:23.0013 3328 wlidsvc - ok
16:17:23.0088 3328 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
16:17:23.0143 3328 WmiAcpi - ok
16:17:23.0190 3328 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:17:23.0272 3328 wmiApSrv - ok
16:17:23.0391 3328 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:17:23.0481 3328 WMPNetworkSvc - ok
16:17:23.0545 3328 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
16:17:23.0668 3328 WPCSvc - ok
16:17:23.0746 3328 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:17:23.0904 3328 WPDBusEnum - ok
16:17:23.0971 3328 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:17:24.0087 3328 ws2ifsl - ok
16:17:24.0166 3328 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
16:17:24.0333 3328 wscsvc - ok
16:17:24.0352 3328 WSearch - ok
16:17:24.0450 3328 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
16:17:24.0564 3328 wuauserv - ok
16:17:24.0610 3328 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:17:24.0708 3328 WudfPf - ok
16:17:24.0782 3328 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:17:24.0839 3328 WUDFRd - ok
16:17:24.0903 3328 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:17:25.0011 3328 wudfsvc - ok
16:17:25.0083 3328 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
16:17:25.0285 3328 WwanSvc - ok
16:17:25.0397 3328 ================ Scan global ===============================
16:17:25.0469 3328 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
16:17:25.0535 3328 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
16:17:25.0586 3328 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
16:17:25.0630 3328 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:17:25.0673 3328 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:17:25.0718 3328 [Global] - ok
16:17:25.0725 3328 ================ Scan MBR ==================================
16:17:25.0741 3328 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:17:26.0184 3328 \Device\Harddisk0\DR0 - ok
16:17:26.0199 3328 ================ Scan VBR ==================================
16:17:26.0217 3328 [ 0A2950E952858229FC44EB3EFC999D24 ] \Device\Harddisk0\DR0\Partition1
16:17:26.0221 3328 \Device\Harddisk0\DR0\Partition1 - ok
16:17:26.0276 3328 [ FC2C98DD2EC94A43BC19445F1C0DC14D ] \Device\Harddisk0\DR0\Partition2
16:17:26.0284 3328 \Device\Harddisk0\DR0\Partition2 - ok
16:17:26.0301 3328 ============================================================
16:17:26.0301 3328 Scan finished
16:17:26.0301 3328 ============================================================
16:17:26.0369 5312 Detected object count: 10
16:17:26.0369 5312 Actual detected object count: 10
16:18:09.0167 5312 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0168 5312 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0169 5312 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0169 5312 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0170 5312 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0170 5312 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0183 5312 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0183 5312 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0184 5312 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0184 5312 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0193 5312 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0194 5312 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0194 5312 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0198 5312 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0207 5312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0208 5312 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0208 5312 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0209 5312 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:18:09.0221 5312 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:18:09.0221 5312 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruss |
|
14.02.2013, 11:09
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | zip. Anhang geöffnet TR/Matsnu.EB.101 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> zip. Anhang geöffnet TR/Matsnu.EB.101 |
|
14.02.2013, 20:23
| #7 |
| | zip. Anhang geöffnet TR/Matsnu.EB.101 ... Guten Morgen. Also,wollte das das Combofix durchlaufen lassen.entweder stürzt beim Rechner komplett ab,oder ich bekomme die Nachricht das Windows heruntergefahren wird. kann also das Combifix nicht durchlaufen lassen.Eine Logdatei wird mir demnach auch nicht erstellt. Gruss Geändert von giz02 (14.02.2013 um 20:37 Uhr) |
|
15.02.2013, 10:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | zip. Anhang geöffnet TR/Matsnu.EB.101 Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2013, 08:14
| #9 |
| | zip. Anhang geöffnet TR/Matsnu.EB.101 Funktioniert nach wie vor nicht. |
|
16.02.2013, 18:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | zip. Anhang geöffnet TR/Matsnu.EB.101 Probier CF bitte im abgesicherten Modus mit Netzwerktreibern Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2013, 18:36
| #11 |
| | zip. Anhang geöffnet TR/Matsnu.EB.101 hi. nun hat es funktioniert. hier die LOG: Code:
ATTFilter ComboFix 13-02-15.01 - Giz 17.02.2013 10:33:12.8.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1791.1240 [GMT 1:00]
ausgeführt von:: c:\users\Giz\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Thumbs.db
.
Infizierte Kopie von c:\windows\system32\user32.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-17 bis 2013-02-17 ))))))))))))))))))))))))))))))
.
.
2013-02-17 09:51 . 2013-02-17 09:51 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-02-17 09:51 . 2013-02-17 09:51 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-02-17 09:51 . 2013-02-17 09:51 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-02-17 09:51 . 2013-02-17 09:51 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-02-17 09:51 . 2013-02-17 09:51 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-02-17 09:51 . 2013-02-17 09:51 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-02-17 09:51 . 2013-02-17 09:51 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-02-17 09:51 . 2013-02-17 09:51 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-02-17 09:51 . 2013-02-17 09:51 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-02-17 09:51 . 2013-02-17 09:51 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-02-17 09:51 . 2013-02-17 09:51 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-02-17 09:51 . 2013-02-17 09:51 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-02-17 09:50 . 2013-02-17 09:50 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-02-17 09:50 . 2013-02-17 09:50 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-02-17 09:50 . 2013-02-17 09:50 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-02-17 09:50 . 2013-02-17 09:50 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-02-17 09:50 . 2013-02-17 09:50 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-02-17 09:44 . 2013-02-17 09:44 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{790B3F69-808C-4D23-BA5C-1E4E3CD4DFC8}\offreg.dll
2013-02-17 09:44 . 2013-02-17 09:54 -------- d-----w- c:\users\Giz\AppData\Local\temp
2013-02-17 09:44 . 2013-02-17 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-17 08:48 . 2013-02-17 08:48 -------- d-----w- C:\found.000
2013-02-16 00:21 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{790B3F69-808C-4D23-BA5C-1E4E3CD4DFC8}\mpengine.dll
2013-02-14 16:13 . 2012-06-02 04:36 1159680 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_c0000010_dbf58aa59f8fc7a2119898f1dac9534d7439885_cab_031902be\crypt32.dll
2013-02-13 14:14 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 14:14 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 14:14 . 2012-12-26 04:49 760320 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 14:14 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-10 17:04 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-10 17:04 . 2013-02-10 17:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-10 15:28 . 2013-02-10 15:28 -------- dc----w- c:\users\Giz\AppData\Local\MigWiz
2013-02-10 11:15 . 2013-02-10 12:00 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 11:15 . 2013-02-10 12:00 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 10:52 . 2013-02-10 10:52 -------- d-----w- c:\program files\WinPcap
2013-02-10 06:24 . 2013-02-10 06:24 -------- d-----w- c:\windows\system32\searchplugins
2013-02-10 06:24 . 2013-02-10 06:24 -------- d-----w- c:\windows\system32\Extensions
2013-02-10 06:23 . 2013-02-10 06:23 -------- d-----w- c:\programdata\BrowserProtect
2013-02-10 06:23 . 2013-02-10 06:23 -------- d-----w- c:\program files\Delta
2013-02-10 06:23 . 2013-02-10 06:24 -------- d-----w- c:\users\Giz\AppData\Roaming\Delta
2013-02-10 06:22 . 2013-02-10 06:22 -------- d-----w- c:\programdata\Babylon
2013-02-10 06:22 . 2013-02-10 06:22 -------- d-----w- c:\users\Giz\AppData\Roaming\Babylon
2013-02-10 06:21 . 2013-02-10 06:21 -------- d-----w- c:\programdata\Tarma Installer
2013-02-10 06:21 . 2013-02-10 06:21 -------- d-----w- c:\program files\Movie2KDownloader.com
2013-02-10 06:21 . 2013-02-10 06:30 -------- d-----w- c:\program files\hdvidcodec.com
2013-02-10 04:21 . 2013-02-10 04:21 -------- d-----w- c:\users\Giz\AppData\Roaming\Avira
2013-02-10 04:15 . 2013-02-10 04:07 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-10 04:15 . 2013-02-10 04:07 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-10 04:15 . 2013-02-10 04:07 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-10 04:15 . 2013-02-10 04:15 -------- d-----w- c:\programdata\Avira
2013-02-10 04:15 . 2013-02-10 04:15 -------- d-----w- c:\program files\Avira
2013-02-09 13:41 . 2013-02-09 13:41 -------- d-----w- c:\users\Giz\AppData\Roaming\Malwarebytes
2013-02-09 13:40 . 2013-02-09 13:40 -------- d-----w- c:\programdata\Malwarebytes
2013-02-09 11:55 . 2013-02-09 12:01 -------- d-----w- c:\users\Giz\AppData\Roaming\ACShredder6
2013-02-09 11:54 . 2013-01-02 10:37 1629744 ----a-w- c:\windows\system32\Shredder.dll
2013-02-09 11:54 . 2013-02-09 11:54 -------- d-----w- c:\program files\ArchiCrypt
2013-02-09 11:54 . 2013-02-09 11:54 -------- d-----w- c:\users\Giz\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2011-03-28 08:24 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 14:13 . 2012-12-22 02:01 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:01 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 17:21 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 17:21 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 17:21 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 17:21 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 17:21 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 17:21 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 17:21 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 17:21 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 17:21 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 17:21 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 17:21 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 17:21 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 17:21 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 17:21 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 17:21 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 17:21 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 17:22 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 17:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 17:22 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 17:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 17:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 17:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 17:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:48 . 2013-01-09 17:23 49152 ----a-w- c:\windows\system32\taskhost.exe
2012-11-22 04:45 . 2013-01-09 17:24 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51 . 2013-01-09 17:21 220160 ----a-w- c:\windows\system32\ncrypt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browser Infrastructure Helper"="c:\users\Giz\AppData\Local\Smartbar\Application\Smartbar.exe" [2012-08-07 13824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-14 2018032]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
.
c:\users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261095~1.52\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Giz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 asushwio;asushwio;c:\windows\system32\drivers\asushwio.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ArchiCrypt Sichere Loeschzonen;ArchiCrypt Shredder - Sichere Löschzonen Hilfsservice;c:\program files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - ArchiCryptInjector
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 12:00]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001Core.job
- c:\users\Giz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 11:29]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001UA.job
- c:\users\Giz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-14 11:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=52366ec60000000000001c4bd660b0f8
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4404)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\taskschd.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-17 10:59:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-17 09:59
.
Vor Suchlauf: 10 Verzeichnis(se), 51.557.535.744 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.382.333.440 Bytes frei
.
- - End Of File - - 6913CB41E757EF52FEE47622C6A7C125
|
|
20.02.2013, 10:40
| #13 |
| | zip. Anhang geöffnet TR/Matsnu.EB.101 hier der Scan Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-20 10:36:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000005d ST925031 rev.0002 232,89GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Giz\AppData\Local\Temp\uwldqpow.sys
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 820499E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820831C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.0 ----
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + 6 777E55CE 4 Bytes [28, 2C, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + B 777E55D3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 777E5C2E 4 Bytes [28, 2F, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + B 777E5C33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + 6 777E5CDE 4 Bytes [68, 2C, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + B 777E5CE3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + 6 777E5D8E 4 Bytes [A8, 2D, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + B 777E5D93 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessToken + B 777E5DA3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + 6 777E5DAE 4 Bytes [A8, 2E, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + B 777E5DB3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + 6 777E5E0E 4 Bytes [68, 2D, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + B 777E5E13 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + 6 777E5E1E 4 Bytes [68, 2E, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + B 777E5E23 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadTokenEx + B 777E5E33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + 6 777E5F3E 4 Bytes [A8, 2C, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + B 777E5F43 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryFullAttributesFile + B 777E5FF3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + 6 777E663E 4 Bytes [28, 2D, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + B 777E6643 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + 6 777E669E 4 Bytes [28, 2E, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + B 777E66A3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6 777E69BE 4 Bytes [68, 2F, EA, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + B 777E69C3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + 6 777E55CE 4 Bytes [28, 88, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtCreateFile + B 777E55D3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + 6 777E5C2E 4 Bytes [28, 8B, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtMapViewOfSection + B 777E5C33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + 6 777E5CDE 4 Bytes [68, 88, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenFile + B 777E5CE3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + 6 777E5D8E 4 Bytes [A8, 89, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcess + B 777E5D93 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessToken + B 777E5DA3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + 6 777E5DAE 4 Bytes [A8, 8A, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenProcessTokenEx + B 777E5DB3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + 6 777E5E0E 4 Bytes [68, 89, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThread + B 777E5E13 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + 6 777E5E1E 4 Bytes [68, 8A, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadToken + B 777E5E23 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtOpenThreadTokenEx + B 777E5E33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + 6 777E5F3E 4 Bytes [A8, 88, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryAttributesFile + B 777E5F43 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtQueryFullAttributesFile + B 777E5FF3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + 6 777E663E 4 Bytes [28, 89, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationFile + B 777E6643 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + 6 777E669E 4 Bytes [28, 8A, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtSetInformationThread + B 777E66A3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + 6 777E69BE 4 Bytes [68, 8B, 5C, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1260] ntdll.dll!NtUnmapViewOfSection + B 777E69C3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtCreateFile + 6 777E55CE 4 Bytes [28, 00, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtCreateFile + B 777E55D3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtMapViewOfSection + 6 777E5C2E 1 Byte [28]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtMapViewOfSection + 6 777E5C2E 4 Bytes [28, 03, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtMapViewOfSection + B 777E5C33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenFile + 6 777E5CDE 4 Bytes [68, 00, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenFile + B 777E5CE3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcess + 6 777E5D8E 4 Bytes [A8, 01, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcess + B 777E5D93 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcessToken + B 777E5DA3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcessTokenEx + 6 777E5DAE 4 Bytes [A8, 02, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenProcessTokenEx + B 777E5DB3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThread + 6 777E5E0E 4 Bytes [68, 01, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThread + B 777E5E13 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThreadToken + 6 777E5E1E 4 Bytes [68, 02, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThreadToken + B 777E5E23 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtOpenThreadTokenEx + B 777E5E33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtQueryAttributesFile + 6 777E5F3E 4 Bytes [A8, 00, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtQueryAttributesFile + B 777E5F43 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtQueryFullAttributesFile + B 777E5FF3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationFile + 6 777E663E 4 Bytes [28, 01, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationFile + B 777E6643 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationThread + 6 777E669E 4 Bytes [28, 02, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtSetInformationThread + B 777E66A3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtUnmapViewOfSection + 6 777E69BE 1 Byte [68]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtUnmapViewOfSection + 6 777E69BE 4 Bytes [68, 03, 80, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1288] ntdll.dll!NtUnmapViewOfSection + B 777E69C3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtCreateFile + 6 777E55CE 4 Bytes [28, 88, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtCreateFile + B 777E55D3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtMapViewOfSection + 6 777E5C2E 4 Bytes [28, 8B, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtMapViewOfSection + B 777E5C33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenFile + 6 777E5CDE 4 Bytes [68, 88, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenFile + B 777E5CE3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcess + 6 777E5D8E 4 Bytes [A8, 89, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcess + B 777E5D93 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessToken + B 777E5DA3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + 6 777E5DAE 4 Bytes [A8, 8A, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenProcessTokenEx + B 777E5DB3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThread + 6 777E5E0E 4 Bytes [68, 89, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThread + B 777E5E13 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + 6 777E5E1E 4 Bytes [68, 8A, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadToken + B 777E5E23 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtOpenThreadTokenEx + B 777E5E33 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + 6 777E5F3E 4 Bytes [A8, 88, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryAttributesFile + B 777E5F43 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtQueryFullAttributesFile + B 777E5FF3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationFile + 6 777E663E 4 Bytes [28, 89, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationFile + B 777E6643 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationThread + 6 777E669E 4 Bytes [28, 8A, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtSetInformationThread + B 777E66A3 1 Byte [E2]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtUnmapViewOfSection + 6 777E69BE 4 Bytes [68, 8B, D7, 00]
.text C:\Users\Giz\AppData\Local\Google\Chrome\Application\chrome.exe[1984] ntdll.dll!NtUnmapViewOfSection + B 777E69C3 1 Byte [E2]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745124CB] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744F562E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744F56EC] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [74512546] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745085AA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74504D5E] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74505105] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745051DA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74506707] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74508301] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74508850] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745090B1] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7450E254] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\windows\Explorer.EXE[1440] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74504C90] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d66eee
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d66eee (not active ControlSet)
---- EOF - GMER 2.0 ----
|
|
20.02.2013, 17:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | zip. Anhang geöffnet TR/Matsnu.EB.101 JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2013, 19:12
| #15 |
| | zip. Anhang geöffnet TR/Matsnu.EB.101 hier die scans: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x86
Ran by Giz on 20.02.2013 at 18:18:54,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3532530151-904022732-2976600449-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3532530151-904022732-2976600449-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pricegongie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Giz\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Giz\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\Giz\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2013 at 18:26:29,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 20/02/2013 um 18:27:48 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Giz - GIZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Giz\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Ask
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5e4dddfb269bf47
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\cacaoweb
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\5e4dddfb269bf47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3497 octets] - [20/02/2013 18:27:48]
########## EOF - C:\AdwCleaner[S1].txt - [3557 octets] ##########
Code:
ATTFilter OTL logfile created on: 2/20/2013 6:53:19 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giz\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 52.59% Memory free 3.50 Gb Paging File | 2.29 Gb Available in Paging File | 65.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 47.32 Gb Free Space | 47.32% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 85.44 Gb Free Space | 69.54% Space Free | Partition Type: NTFS Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Giz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll () MOD - C:\Users\Giz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll () MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll () MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll () MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll () MOD - C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab2d590a7a1566fe78e3275a90a30ceb\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.38390__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.38372__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.38439__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.38381__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.38421__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.38426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.38458__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.38457__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.38386__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.38381__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3503.38482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.38415__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.38392__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.38434__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.38396__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.38391__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.38413__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.38414__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.38419__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.38420__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3496.39091__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3496.39089__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3496.39100__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3496.39127__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3496.39099__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3496.39125__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3496.39109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3496.39106__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3496.39105__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3496.39122__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3496.39108__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3496.39086__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3496.39096__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3496.39087__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3496.39157__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3496.39121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3496.39099__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3496.39091__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3496.39107__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3496.39089__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3496.39102__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3496.39098__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3496.39098__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3496.39122__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3496.39090__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3496.39104__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3496.39101__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3496.39090__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3503.38481__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.38452__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.38451__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.38463__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3496.39089__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3496.39090__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3496.39098__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.38368__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.38377__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3503.38447__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.38385__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.38370__90ba9c70f846762e\APM.Server.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.38371__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3496.39100__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.38369__90ba9c70f846762e\AEM.Server.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3496.39088__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3496.39092__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3496.39099__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3496.39097__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3496.39110__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.38452__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ArchiCrypt Sichere Loeschzonen) -- C:\Program Files\ArchiCrypt\ArchiCrypt Shredder 6\ArchiCryptInjector32.exe (Softwareentwicklung Remus - ArchiCrypt) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (SamsungAllShareV2.0) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer) -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Giz\AppData\Local\Temp\catchme.sys File not found DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (asushwio) -- C:\Windows\System32\drivers\ASUSHWIO.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/17 22:42:07 | 000,000,000 | ---D | M] [2013/02/10 07:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\Profiles\extensions [2012/12/13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Giz\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2011/10/14 09:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/05/13 16:03:36 | 000,000,000 | ---D | M] (Recorder Toolbar) -- C:\Program Files\mozilla firefox\extensions\{10743931-94DF-476f-A987-4391233C17A2} [2010/05/13 09:26:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/26 10:51:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 10:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/02/07 16:14:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/03/18 11:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011/10/07 10:22:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - homepage: hxxp://google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms} CHR - homepage: hxxp://google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Mozilla Plugins\npitunes.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Giz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Movie2kDownloader = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: YouTube = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Logitech-Ger\u00E4teerkennung = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: Google Mail = C:\Users\Giz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/02/17 10:44:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [AllShareAgent] C:\Program Files\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Giz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3532530151-904022732-2976600449-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09ABA583-D6D1-4135-BBA0-D6CF7BD51A5D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5E5214-9647-4B53-AB4F-8A1DFADE3032}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\acshredder6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\dropbox.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\htcupctloader.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\quarantine.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\schedmon6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\scheduler6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\taskhandler6.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/20 18:18:48 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/02/20 18:18:37 | 000,000,000 | ---D | C] -- C:\JRT [2013/02/20 18:17:24 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Giz\Desktop\JRT.exe [2013/02/17 10:59:21 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/02/17 10:52:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/17 10:44:07 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\temp [2013/02/17 09:48:18 | 000,000,000 | ---D | C] -- C:\found.000 [2013/02/14 16:56:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/02/14 16:56:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/02/14 16:56:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/02/14 16:55:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/14 16:54:21 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/02/13 16:12:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Giz\Desktop\tdsskiller.exe [2013/02/13 15:15:23 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/02/13 15:15:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/02/13 15:15:20 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013/02/13 15:15:20 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/02/13 15:15:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/02/13 15:15:08 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2013/02/13 15:15:07 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2013/02/13 15:15:01 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2013/02/13 15:14:44 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2013/02/13 15:14:32 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2013/02/12 18:31:09 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Giz\Desktop\aswMBR.exe [2013/02/12 18:00:25 | 000,000,000 | ---D | C] -- C:\Users\Giz\Desktop\mbar-1.01.0.1020 [2013/02/10 20:02:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe [2013/02/10 18:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/10 18:04:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/02/10 18:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/10 16:28:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\MigWiz [2013/02/10 12:15:03 | 000,697,712 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013/02/10 12:15:03 | 000,074,096 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013/02/10 11:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher [2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\searchplugins [2013/02/10 07:24:17 | 000,000,000 | ---D | C] -- C:\windows\System32\Extensions [2013/02/10 07:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com [2013/02/10 07:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com [2013/02/10 05:21:53 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Avira [2013/02/10 05:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/02/10 05:15:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013/02/10 05:15:42 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013/02/10 05:15:42 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013/02/10 05:15:42 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/02/10 05:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013/02/09 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\Malwarebytes [2013/02/09 14:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/09 12:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArchiCrypt [2013/02/09 12:55:15 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Roaming\ACShredder6 [2013/02/09 12:54:49 | 001,629,744 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt) -- C:\windows\System32\Shredder.dll [2013/02/09 12:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\ArchiCrypt [2013/02/09 12:54:20 | 000,000,000 | ---D | C] -- C:\Users\Giz\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013/02/20 19:00:17 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/20 18:39:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/20 18:39:27 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/20 18:31:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/02/20 18:24:21 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001UA.job [2013/02/20 18:17:47 | 000,587,671 | ---- | M] () -- C:\Users\Giz\Desktop\adwcleaner0.exe [2013/02/20 18:13:14 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Giz\Desktop\JRT.exe [2013/02/20 10:11:29 | 195,399,053 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/02/19 17:07:56 | 000,001,060 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532530151-904022732-2976600449-1001Core.job [2013/02/17 21:33:34 | 000,000,535 | ---- | M] () -- C:\windows\System32\mapisvc.inf [2013/02/17 10:44:11 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2013/02/15 03:38:23 | 000,358,312 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/02/15 03:09:02 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/02/15 03:09:02 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/02/15 03:09:02 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/02/15 03:09:02 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/02/13 16:12:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Giz\Desktop\tdsskiller.exe [2013/02/12 19:05:49 | 000,000,512 | ---- | M] () -- C:\Users\Giz\Desktop\MBR.dat [2013/02/12 18:32:28 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Giz\Desktop\aswMBR.exe [2013/02/12 17:59:11 | 013,711,621 | ---- | M] () -- C:\Users\Giz\Desktop\mbar-1.01.0.1020.zip [2013/02/10 21:07:10 | 000,365,568 | ---- | M] () -- C:\Users\Giz\Desktop\gmer_2.0.18454.exe [2013/02/10 20:02:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giz\Desktop\OTL.exe [2013/02/10 20:01:37 | 000,000,000 | ---- | M] () -- C:\Users\Giz\defogger_reenable [2013/02/10 20:00:28 | 000,050,477 | ---- | M] () -- C:\Users\Giz\Desktop\Defogger.exe [2013/02/10 18:04:31 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/10 13:00:09 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013/02/10 13:00:09 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013/02/10 08:37:57 | 000,007,597 | ---- | M] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg [2013/02/10 05:07:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2013/02/10 05:07:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2013/02/10 05:07:20 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2013/02/10 05:07:19 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2013/02/09 15:04:10 | 000,001,045 | -H-- | M] () -- C:\Users\Giz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/02/09 15:03:36 | 000,001,009 | ---- | M] () -- C:\Users\Giz\Desktop\Dropbox.lnk [2013/02/09 13:47:26 | 000,033,134 | ---- | M] () -- C:\Users\Giz\AppData\Roaming\UserTile.png [2013/02/01 17:52:39 | 000,002,352 | ---- | M] () -- C:\Users\Giz\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013/02/20 18:15:48 | 000,587,671 | ---- | C] () -- C:\Users\Giz\Desktop\adwcleaner0.exe [2013/02/14 16:56:15 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/02/14 16:56:15 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/02/14 16:56:15 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/02/14 16:56:15 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/02/14 16:56:15 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/02/12 19:05:49 | 000,000,512 | ---- | C] () -- C:\Users\Giz\Desktop\MBR.dat [2013/02/12 17:58:42 | 013,711,621 | ---- | C] () -- C:\Users\Giz\Desktop\mbar-1.01.0.1020.zip [2013/02/10 21:07:02 | 000,365,568 | ---- | C] () -- C:\Users\Giz\Desktop\gmer_2.0.18454.exe [2013/02/10 20:01:37 | 000,000,000 | ---- | C] () -- C:\Users\Giz\defogger_reenable [2013/02/10 20:00:25 | 000,050,477 | ---- | C] () -- C:\Users\Giz\Desktop\Defogger.exe [2013/02/10 18:04:31 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/10 12:15:08 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/02/09 13:47:26 | 000,033,134 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\UserTile.png [2011/05/29 09:37:22 | 000,007,597 | ---- | C] () -- C:\Users\Giz\AppData\Local\Resmon.ResmonCfg [2011/02/27 14:03:31 | 000,532,480 | ---- | C] () -- C:\windows\System32\CddbPlaylist2Sony.dll [2010/07/20 15:58:03 | 000,937,426 | ---- | C] () -- C:\Users\Giz\Schulplan.pdf [2010/07/01 20:05:25 | 000,066,675 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\mdbu.bin [2010/06/17 18:42:28 | 000,003,584 | ---- | C] () -- C:\Users\Giz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/13 22:41:29 | 000,001,018 | ---- | C] () -- C:\Users\Giz\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Code:
ATTFilter OTL Extras logfile created on: 2/20/2013 6:53:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Giz\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.75 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 52.59% Memory free
3.50 Gb Paging File | 2.29 Gb Available in Paging File | 65.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 47.32 Gb Free Space | 47.32% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 85.44 Gb Free Space | 69.54% Space Free | Partition Type: NTFS
Computer Name: GIZ-PC | User Name: Giz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.BU4WFSV3H6M4JN7DPOWR2R76ZA] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8038CD96-F38A-42A8-A370-4E42AF1E366A}" = rport=41952 | protocol=6 | dir=out | name=tversity |
"{845F9CEE-4551-4AE9-8FE4-D014A8329EDA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDEACF16-C4BB-4D55-A49C-DEF5FD6163D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B7906-1556-42A2-9789-AC8F6FB43829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40171638-2984-40DF-AF7C-11C690596551}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6F070512-CC6F-4A8E-AFF2-D3D5321E3953}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6F1176AD-B032-4807-B786-6C8A34EE3EB8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{79535E6A-67D8-4C6F-8CEB-9CC7D0DDA663}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{7C756BE0-D1FB-479C-B19E-7C6190FBA177}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9273E720-55AD-498F-A3AD-C81F302465A8}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{99E1D3F2-7150-4894-A146-792135081D3A}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{A41C7F57-E1BC-4D63-9B00-6F8514C99032}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{CB4C30CC-7049-4B53-8977-2B76D0EAA1BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CF2D152F-40F5-45DC-BC58-32585F6FBB18}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F1D1D4A8-FB93-40C5-B2AF-BA09D8306046}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{FB390B75-572E-461B-918F-3DF12F267439}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDF3CF8C-2BC5-43CC-8971-589CE9A4A551}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{4270A8FF-B743-4189-9E88-71BD716494AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{97ACA1ED-66A7-4F34-8EDE-80FD08A32581}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{992EB7FA-9F01-431A-81F3-1143BC07BA23}C:\program files\atube catcher\yct.exe" = protocol=6 | dir=in | app=c:\program files\atube catcher\yct.exe |
"UDP Query User{3CE67A4C-D7DE-4958-95ED-4EA42BEB794A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{9F104F62-6F82-4322-A82D-383A63AFD7E0}C:\program files\atube catcher\yct.exe" = protocol=17 | dir=in | app=c:\program files\atube catcher\yct.exe |
"UDP Query User{A34832E1-3369-444F-93E0-21129F273176}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21275B6A-333E-3EF6-E68D-B5F5B4B1F6BB}" = Catalyst Control Center InstallProxy
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2AD3FCB8-B812-1A51-D45F-0A71277347E6}" = CCC Help Finnish
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BB57D38-931A-02AB-7C19-B039C87156BA}" = CCC Help Hungarian
"{2D1A4418-8BC0-3805-7DD2-4993394000AE}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F2A0484-F9B4-AC18-1580-73A6DBD526D3}" = Catalyst Control Center Localization All
"{40FDA966-C08D-93FC-5B62-87B0305989D5}" = CCC Help Polish
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D1EA4C-3EC5-4A29-8BB6-CC7D447CCFD0}" = CCC Help Japanese
"{5425B69E-410D-FF8E-6382-53914B29DB34}" = CCC Help French
"{5592F5BF-0A6D-77BE-31D9-A212800C153C}" = CCC Help German
"{5785EE0B-DA31-82C5-345A-6AC0721A5445}" = CCC Help Thai
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60D157A6-087B-ABE4-0B5D-69DCB6ADB4B2}" = CCC Help English
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67BCBB5E-9534-81D4-A489-47D8A3BE22BF}" = CCC Help Spanish
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{708FB213-9CA6-6865-BCEA-6A50206BC17E}" = CCC Help Portuguese
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{759688C0-D976-D3A6-0FF5-CB0EA763B217}" = CCC Help Czech
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80198D8E-F593-17D6-26E7-DC4B66BABECD}" = Catalyst Control Center Graphics Light
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88632316-2F9C-7FAB-E867-C4DFBF79A84E}" = Catalyst Control Center Graphics Previews Vista
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B209A17-940A-D283-8F37-4D5276879CFF}" = CCC Help Korean
"{8CBBD910-23F3-D39C-8B38-2AEDD6C366F5}" = ccc-core-static
"{8D1D606A-EF54-ADEE-13EF-4B77CBE389F0}" = Catalyst Control Center Graphics Full Existing
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{AB629EB8-ABB4-F0EF-3C00-CF9B48C283DC}" = Catalyst Control Center Graphics Full New
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AEB7003F-AE66-23F2-20A2-F758446BE167}" = CCC Help Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CC45D760-77CC-2B22-F691-3AC97C4BF788}" = CCC Help Greek
"{CD185B84-7A26-5EEF-2F05-0CEA3463E557}" = Catalyst Control Center Core Implementation
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1F43BEE-D0A4-400B-EFA4-134EC78C81F4}" = CCC Help Turkish
"{D7C66DC3-B601-E9F2-4157-D47E687C4539}" = CCC Help Dutch
"{D84424BF-5F86-D649-14F3-A8AEB768A5F7}" = CCC Help Russian
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2E28E25-79C1-5108-F7F4-EF42AE64711D}" = CCC Help Swedish
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E6C93A10-25F6-CEC8-8B11-AAC52F4E67A1}" = ATI Catalyst Install Manager
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D4A558-9D51-6ABF-7CA3-0EE1DB2ED48F}" = CCC Help Chinese Standard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA8D70EF-1D0D-C0FD-B0D8-9610D5381930}" = CCC Help Italian
"{FB8113BC-BB40-DEF0-C734-36697D1774C2}" = ccc-utility
"{FFA6BAD0-1B3D-E4B0-95FC-FBFABDCABEF5}" = CCC Help Chinese Traditional
"ACRYSH6_is1" = ArchiCrypt Shredder Version 6.0.9.5654
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"DivX Setup" = DivX-Setup
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Picasa 3" = Picasa 3
"Software Informer_is1" = Software Informer 1.0 BETA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3532530151-904022732-2976600449-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 2/20/2013 1:31:00 PM | Computer Name = Giz-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 2/20/2013 1:32:03 PM | Computer Name = Giz-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
[ TuneUp Events ]
Error - 2/16/2013 5:18:01 AM | Computer Name = Giz-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 2/16/2013 2:56:16 PM | Computer Name = Giz-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 2/16/2013 2:56:16 PM | Computer Name = Giz-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
|
|
| Themen zu zip. Anhang geöffnet TR/Matsnu.EB.101 |
| 32 bit, adware/yontoo.e.1, antivir, avira, checkliste, delta search, delta toolbar, desktop, email, excel, firefox, flash player, free download, google, homepage, install.exe, installation, intranet, javaws.exe, msiexec.exe, object, picasa, plug-in, programm, pup.smspay.pgen, realtek, registry, remote control, security, server, smartbar, software, super, svchost.exe, tarma, tr/matsnu.a.63, tr/matsnu.eb.101, trojaner, windows, wlansvc, zip. anhang |
Linear-Darstellung
