|
Log-Analyse und Auswertung: Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.02.2013, 18:48 | #1 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Ausgangspunkt meines Problems war die Installation des Firefox. Dieser funktionierte auch einige Zeit einwandfrei bis ich schließlich aufgefordert wurde ein update des Firefox einzuspielen. Dieses habe ich dann auch eingespielt einschließlich der damit verbundenen Add ons und dem Hinweis während der Installation, eine App (Name habe ich leider überlesen) sei nicht kompatibel. Wie sich bereits kurze Zeit später herausstellte, war das updaten des firefox ein Fehler. Ich kam über den firefox nicht mehr ins Internet. Daraufhin habe ich den Firefox neu installiert. Der Zugang zum Internet funktionierte nach der Neuinstallation einmal, danach war er wieder blockiert. Ich habe GData Antivirus 2013 laufen lassen, ohne Ergebnis. Was mir zudem auffiel war, daß sich die Startseite im Internet Explorer (www.searchnu.com/406) nicht verändern ließ. Ich habe dann nach Hilfe im Internet gesucht und bin auf Euer Board gestoßen. Ich habe Malewarebytes Anti Malware laufen lassen. Die Software hat direkt einige infizierte Registrierungsschlüssel gefunden. Stichwort: "pup.funmoods". Mit dem Löschen der Schlüssel scheint es nicht getan zu sein. Ich hoffe nun, Ihr könnt mir helfen. Vielen Dank schon einmal vorab, Eure Hilfe überhaupt in Anspruch nehmen zu dürfen. Ich bin ein echtes "Greenhorn", was IT betrifft... Viele Grüße Hejo Anbei nun meine 3 logfiles ... jeweils editiert, da mein Name erschien (**********):OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.02.2013 17:30:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**********\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,91% Memory free 7,83 Gb Paging File | 5,57 Gb Available in Paging File | 71,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 177,00 Gb Total Space | 127,30 Gb Free Space | 71,92% Space Free | Partition Type: NTFS Drive D: | 265,59 Gb Total Space | 248,66 Gb Free Space | 93,63% Space Free | Partition Type: NTFS Computer Name: **********-PC | User Name: ********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.19 17:27:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.28 18:16:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe PRC - [2012.12.26 23:33:06 | 001,683,608 | ---- | M] (Bandoo Media Inc) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.03.16 17:46:34 | 002,805,328 | ---- | M] (SAMSUNG ELECTRONICS CO., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe PRC - [2011.09.28 00:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe PRC - [2011.09.06 09:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe PRC - [2011.09.06 09:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe PRC - [2011.08.19 05:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe PRC - [2011.08.17 08:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.07.29 23:47:22 | 003,395,664 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe PRC - [2011.06.24 09:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.03.30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.03.30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.03.30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.03.30 13:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.02.18 17:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe PRC - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe PRC - [2010.09.20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe PRC - [2009.11.02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.20 12:36:18 | 000,078,336 | ---- | M] () -- C:\ProgramData\Wincert\win32prop.dll MOD - [2012.12.20 12:36:18 | 000,007,168 | ---- | M] () -- C:\ProgramData\Wincert\win32cert.dll MOD - [2011.02.16 17:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll MOD - [2010.05.07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2009.11.02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.04.21 08:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.04.21 07:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.02.18 17:41:20 | 001,120,368 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl) SRV:64bit: - [2011.02.18 17:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm) SRV:64bit: - [2010.09.22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.16 21:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.06.05 00:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.05.05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.03.30 13:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.03.30 13:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.03.30 13:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.06.01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.28 18:47:46 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2013.01.25 18:27:55 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.25 18:27:54 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.01.25 18:27:35 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.25 18:27:35 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.01.25 18:27:34 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.09 18:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.11.15 00:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.08.17 08:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.07.29 23:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2011.06.17 04:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.06.05 00:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.05.01 06:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.04.22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.04.21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.04.11 11:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.08 13:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.02.18 17:41:20 | 000,047,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb) DRV:64bit: - [2011.02.18 00:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.16 11:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.10.29 18:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.10.29 18:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.01.12 00:34:52 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.finviz.com/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=514&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2322430982424624&q={searchTerms} IE - HKCU\..\SearchScopes\{CA8BA569-7EB7-4B42-BF83-6A06C72A19B5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=E1F6231E-48EB-4B05-BA99-15F8EFDE43EF&apn_sauid=AC47B5EF-8127-467B-B6AF-62DF734899A7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28 FF - prefs.js..extensions.enabledAddons: dendzones%40captaincaveman.nl:1.5.4.3 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B1acd747e-8470-11db-96a9-00e08161165f%7D:6.3.7.117 FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12 FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.04 17:49:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.10 18:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Extensions [2013.02.04 17:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions [2013.01.20 16:38:19 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2013.01.10 18:58:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2013.01.10 18:58:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\firefox@ghostery.com [2013.02.07 15:40:46 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\zyxdb7we.default\extensions\toolbar@ask.com [2012.12.12 18:50:21 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012.12.03 18:22:31 | 000,083,310 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\extensions\dendzones@captaincaveman.nl.xpi [2013.02.15 16:31:17 | 000,002,412 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\searchplugins\askcom.xml [2013.01.10 18:58:41 | 000,002,687 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\zyxdb7we.default\searchplugins\Search_Results.xml [2013.02.04 17:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.25 18:27:34 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.10 18:58:41 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media Inc) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media Inc) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.17 217.0.43.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9C25AC-30C1-4408-9A5E-D0AD46F95E8E}: DhcpNameServer = 217.0.43.17 217.0.43.49 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (wsauth) - C:\windows\SysNative\wsauth.dll (VMware, Inc.) O30 - LSA: Security Packages - (wsauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.19 17:27:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe [2013.02.15 17:14:16 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Malwarebytes [2013.02.15 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.15 17:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.15 17:13:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.02.15 17:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.15 17:11:10 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Programs [2013.02.14 18:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DT [2013.02.14 18:11:50 | 000,572,928 | ---- | C] (Concept Software, Inc.) -- C:\windows\SysWow64\SKCL.dll [2013.02.14 18:11:48 | 000,605,184 | ---- | C] (Concept Software, Inc.) -- C:\windows\SysWow64\KEYLIB32.dll [2013.02.14 18:11:48 | 000,401,465 | ---- | C] (eSignal, a division of Interactive Data Corporation) -- C:\windows\SysWow64\dbcapi.dll [2013.02.14 18:11:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DT [2013.02.14 18:11:46 | 000,067,312 | ---- | C] (Just Great Software) -- C:\windows\UnDeployV.exe [2013.02.14 18:11:46 | 000,062,976 | ---- | C] (Dynamic Trader Group, Incorporated) -- C:\windows\SysWow64\DTTS.dll [2013.02.14 18:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DT [2013.02.14 18:10:37 | 000,000,000 | ---D | C] -- C:\dttsdata [2013.02.14 16:19:51 | 000,016,504 | ---- | C] (G Data Software) -- C:\windows\SysNative\drivers\GdPhyMem.sys [2013.02.14 16:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.07 14:49:12 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\APN [2013.02.04 17:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.04 17:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.02.04 17:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.02.04 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DataTool 2.5 [2013.02.04 15:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DataTool [2013.02.04 15:00:40 | 000,000,000 | ---D | C] -- C:\MSData [2013.02.02 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bulls Eye Broker 4 [2013.02.02 18:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulls Eye Broker 4 [2013.02.02 18:50:09 | 001,056,768 | ---- | C] (eHelp Corporation.) -- C:\windows\SysWow64\Roboex32.dll [2013.02.02 18:50:09 | 001,009,264 | ---- | C] (FarPoint Technologies, Inc.) -- C:\windows\SysWow64\SPR32X30.ocx [2013.02.02 18:50:09 | 000,675,840 | ---- | C] (Smaller Animals Software, Inc.) -- C:\windows\SysWow64\_ISource2.dll [2013.02.02 18:50:09 | 000,115,200 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\dwsbc36.ocx [2013.02.02 18:50:09 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\windows\SysWow64\INETWH32.dll [2013.02.02 18:50:08 | 000,389,120 | ---- | C] (Designer Controls, Inc.) -- C:\windows\SysWow64\ImgX4.dll [2013.02.02 18:50:08 | 000,345,008 | ---- | C] (VideoSoft) -- C:\windows\SysWow64\VSPRINT7.ocx [2013.02.02 18:50:07 | 000,229,376 | ---- | C] (Inner Media, Inc.) -- C:\windows\SysWow64\duzactx.dll [2013.02.02 18:50:07 | 000,140,800 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\Dwshk36.ocx [2013.02.02 18:50:07 | 000,075,776 | ---- | C] (Desaware Inc.) -- C:\windows\SysWow64\Dwspy36.dll [2013.02.02 18:50:04 | 000,188,518 | ---- | C] (Equis International, Inc.) -- C:\windows\SysWow64\msfl80.dll [2013.02.02 18:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEBrokerV40 [2013.02.01 17:42:32 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\TEST [2013.01.28 18:47:46 | 000,106,648 | ---- | C] (G Data Software) -- C:\windows\SysNative\drivers\GRD.sys [2013.01.28 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Google [2013.01.28 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Funmoods [2013.01.28 18:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.01.28 18:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bulls Eye Broker 5 [2013.01.26 19:24:39 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Pointandfigure [2013.01.26 19:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bulls Eye Broker 5 ========== Files - Modified Within 30 Days ========== [2013.02.19 17:27:41 | 000,050,477 | ---- | M] () -- C:\Users\**********\Desktop\Defogger.exe [2013.02.19 17:27:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe [2013.02.19 17:23:46 | 000,000,000 | ---- | M] () -- C:\Users\**********\defogger_reenable [2013.02.19 16:34:45 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 16:34:45 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.19 16:33:24 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.19 16:33:24 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.19 16:33:24 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.19 16:33:24 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.19 16:33:24 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.02.19 16:33:17 | 000,983,126 | ---- | M] () -- C:\windows\SysWow64\sig.bin [2013.02.19 16:33:17 | 000,052,145 | ---- | M] () -- C:\windows\SysWow64\nmp.map [2013.02.19 16:27:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.02.19 16:26:59 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 17:14:02 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.15 10:09:52 | 000,428,616 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.02.14 18:27:59 | 000,000,043 | ---- | M] () -- C:\windows\WALLSTRT.INI [2013.02.14 18:11:53 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\DT6.lnk [2013.02.14 16:19:51 | 000,016,504 | ---- | M] (G Data Software) -- C:\windows\SysNative\drivers\GdPhyMem.sys [2013.02.14 16:13:19 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.14 16:13:19 | 000,002,052 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.04 17:49:43 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.02 18:50:19 | 000,000,006 | ---- | M] () -- C:\windows\SysWow64\BReg9824.dat [2013.02.01 17:42:33 | 000,000,981 | ---- | M] () -- C:\Users\**********\Documents\TEST.htm [2013.02.01 17:42:32 | 000,001,796 | ---- | M] () -- C:\Users\**********\Documents\TEST.hur [2013.01.28 18:47:46 | 000,106,648 | ---- | M] (G Data Software) -- C:\windows\SysNative\drivers\GRD.sys [2013.01.28 18:45:53 | 000,077,671 | ---- | M] () -- C:\Users\**********\AppData\Local\funmoods_2.0.1.crx [2013.01.25 18:27:55 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\PktIcpt.sys [2013.01.25 18:27:54 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\HookCentre.sys [2013.01.25 18:27:35 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\MiniIcpt.sys [2013.01.25 18:27:35 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\GDBehave.sys [2013.01.25 18:27:34 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\windows\SysNative\drivers\gdwfpcd64.sys ========== Files Created - No Company Name ========== [2013.02.19 17:27:41 | 000,050,477 | ---- | C] () -- C:\Users\**********\Desktop\Defogger.exe [2013.02.19 17:23:46 | 000,000,000 | ---- | C] () -- C:\Users\**********\defogger_reenable [2013.02.15 17:14:02 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.14 18:11:53 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DT6.lnk [2013.02.14 18:11:53 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\DT6.lnk [2013.02.14 18:11:52 | 000,139,264 | ---- | C] () -- C:\windows\ShareBarData.dll [2013.02.04 17:49:43 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.04 17:49:43 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.02 18:50:19 | 000,000,006 | ---- | C] () -- C:\windows\SysWow64\BReg9824.dat [2013.02.02 18:50:09 | 000,147,800 | ---- | C] () -- C:\windows\SysWow64\Vspdf.ocx [2013.02.02 18:50:08 | 000,202,752 | ---- | C] () -- C:\windows\SysWow64\Vsview3.ocx [2013.02.01 17:42:33 | 000,000,981 | ---- | C] () -- C:\Users\**********\Documents\TEST.htm [2013.02.01 17:42:28 | 000,001,796 | ---- | C] () -- C:\Users\**********\Documents\TEST.hur [2013.01.28 18:46:49 | 000,077,671 | ---- | C] () -- C:\Users\**********\AppData\Local\funmoods_2.0.1.crx [2013.01.07 14:41:56 | 000,000,320 | ---- | C] () -- C:\Users\**********\AppData\Roaming\SEC541129.trad [2013.01.07 14:41:43 | 000,000,043 | ---- | C] () -- C:\windows\WALLSTRT.INI [2013.01.07 14:34:16 | 001,589,650 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.12.20 12:26:39 | 000,000,680 | RHS- | C] () -- C:\Users\**********\ntuser.pol [2012.12.07 18:18:37 | 000,000,111 | ---- | C] () -- C:\windows\Updata.ini [2012.12.07 18:14:18 | 000,000,119 | ---- | C] () -- C:\windows\director.ini [2012.12.07 18:14:18 | 000,000,030 | ---- | C] () -- C:\windows\tradernet.ini [2012.12.07 18:14:18 | 000,000,016 | ---- | C] () -- C:\windows\temp.ini [2012.09.14 13:02:51 | 000,060,304 | ---- | C] () -- C:\Users\**********\g2mdlhlpx.exe [2012.07.31 11:57:22 | 000,000,192 | ---- | C] () -- C:\Users\**********\1190.png [2012.06.25 10:38:01 | 000,983,126 | ---- | C] () -- C:\windows\SysWow64\sig.bin [2011.10.11 03:28:02 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011.10.11 02:27:55 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini [2011.07.21 06:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.07.21 06:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.07.21 06:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.03 16:21:33 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\FileZilla [2013.01.28 18:46:49 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Funmoods [2012.09.22 12:45:58 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\MetaQuotes [2013.01.07 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\TradeStation Technologies ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.02.2013 17:30:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**********\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 55,91% Memory free 7,83 Gb Paging File | 5,57 Gb Available in Paging File | 71,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 177,00 Gb Total Space | 127,30 Gb Free Space | 71,92% Space Free | Partition Type: NTFS Drive D: | 265,59 Gb Total Space | 248,66 Gb Free Space | 93,63% Space Free | Partition Type: NTFS Computer Name: **********-PC | User Name: ********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{77D300E9-D978-4F57-BC07-AAF08F5A53E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{952188CC-E441-4006-9C3F-BA2B2DF736F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{BB53985F-C22F-41AF-A5EC-9E6F272EE5DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E54344-76EA-49F9-8ED7-DCEBC59241C9}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{0982071D-A6F6-4034-B51C-6A2619A03C10}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{17B57711-027D-42B4-AF3C-D787C94B2F42}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{180B5219-CCAF-4C39-B2F5-F689138CBAAD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{239AF855-B24E-4BBE-A94A-ABF16D4D88A6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{26B8C6A3-57BE-4197-8DFF-96ED18FD6E15}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{322E0717-DF5A-4E13-8C74-5D5BE0258BEA}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{40641DBF-9C10-4AD5-86A4-759136F41AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{41A3386C-D20C-45A5-8928-1CB54F5D3746}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{4CB4D7AC-12FE-4C75-A3AF-2E2516FDB9E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{4FB4D578-8285-4C92-B72C-A7F5B215159A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{58C155CD-8B27-48D6-8985-75C0F6B502C0}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{75916B70-2A2E-4324-AF9F-78A2A14CE89C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{78A5AC17-5097-44D2-8F2E-F03FE873764C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{78CE22EB-77D6-4151-B4C2-46DF6360643D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{7B744EFA-96A5-4E77-BC55-BF44AC6D38ED}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{8EECCDA8-6629-4B50-A8DE-60006A36F34B}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{A2AF4A49-2C67-44BD-9247-61D5BE3C38F6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A3F1A998-726C-4C79-848E-AC22CDD96773}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{A4FCD1B2-23C5-4E94-A906-E1F6D948DFFA}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{C1B438FC-BB26-4B6E-AFD4-0685F2B97DCE}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{CF2579B0-4FFF-4861-A426-12C425B4F082}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{D247F0B8-FA9D-4A31-809B-E1AC7587AFA5}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{E40980E9-846C-4AEA-83FB-0A8EECC610D2}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{E57F24A1-F9BE-4658-BF44-52F77A183060}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E6A96630-35ED-4F43-90E4-F5270AD823F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{FA0EFB10-C9F5-45D6-B568-FFFF75A7C0F6}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | "{FC8A2F6B-0E4C-4303-900D-C03AFA2480D3}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{70C29540-5625-443D-BC4F-6D0C763F44C8}" = VMware View Client "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.83 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "Elantech" = ETDWare PS/2-X64 10.0.7.2_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包 "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지 "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5 "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“ "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“ "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer "{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10 "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일 "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“ "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger "{6A9F65FF-5FF0-4914-9941-E58004829535}" = WHS FutureStation Nano "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库 "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013 "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija "{B948B39D-214F-486E-BCD9-8AB691F8762A}" = TradeStation 9.1 "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리 "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0 "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Bull's-Eye Broker" = Bull's-Eye Broker "DT6" = Dynamic Traders Group, Inc. DT6 2 "FileZilla Client" = FileZilla Client 3.5.3 "Game Console - WildGames" = WildTangent ORB Game Console "ilividtoolbarguid" = Search-Results Toolbar "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite "InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "MetaTrader - ActivTrades" = MetaTrader - ActivTrades "MetaTrader 4 at FOREX.com" = MetaTrader 4 at FOREX.com "MetaTrader 4 by ThinkForex" = MetaTrader 4 by ThinkForex "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Student 2010 "ProInst" = Intel PROSet Wireless "ST6UNST #1" = DataTool 2.5 "TeamViewer 7" = TeamViewer 7 "TraderPro" = TraderPro "VLC media player" = VLC media player 2.0.3 "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live 程式集 "WT085559" = Diner Dash 2 Restaurant Rescue "WT085567" = Chuzzle Deluxe "WT085580" = John Deere Drive Green "WT085581" = Penguins! "WT085583" = Polar Golfer "WT085587" = Agatha Christie - Death on the Nile "WT085597" = Build-a-lot "WT085618" = Farm Frenzy "WT085622" = Insaniquarium Deluxe "WT085663" = Peggle "WT085669" = Plants vs. Zombies "WT089285" = Zuma Deluxe "WT089286" = Bejeweled 2 Deluxe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.12.2012 09:32:34 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 17.12.2012 05:20:45 | Computer Name = **********-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses: 0xc4c Startzeit der fehlerhaften Anwendung: 0x01cddc37cae82ced Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 08bb8951-482b-11e2-88ee-dca971bfdc26 Error - 17.12.2012 05:20:58 | Computer Name = **********-PC | Source = WinMgmt | ID = 10 Description = Error - 17.12.2012 05:30:42 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 19.12.2012 07:15:02 | Computer Name = **********-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung: 0x01cdddda0d2efda2 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 54b2b3ed-49cd-11e2-858f-dca971bfdc26 Error - 19.12.2012 07:15:58 | Computer Name = **********-PC | Source = WinMgmt | ID = 10 Description = Error - 19.12.2012 07:59:26 | Computer Name = **********-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 19.12.2012 12:49:53 | Computer Name = **********-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses: 0xce0 Startzeit der fehlerhaften Anwendung: 0x01cdde08dc4dd22a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 1bdbafff-49fc-11e2-8cf3-dca971bfdc26 Error - 19.12.2012 12:51:11 | Computer Name = **********-PC | Source = WinMgmt | ID = 10 Description = Error - 20.12.2012 06:25:31 | Computer Name = **********-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Name des fehlerhaften Moduls: UIExec.exe, Version: 0.0.0.0, Zeitstempel: 0x4ca41bb3 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00002b58 ID des fehlerhaften Prozesses: 0xdd0 Startzeit der fehlerhaften Anwendung: 0x01cdde9c5042cf91 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe Berichtskennung: 9473ff12-4a8f-11e2-8c33-dca971bfdc26 [ System Events ] Error - 18.11.2012 08:38:00 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2727528) Error - 18.11.2012 08:38:00 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2761217) Error - 14.12.2012 12:59:00 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 17.12.2012 07:48:10 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 19.12.2012 12:57:07 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Intel - Other hardware - Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter Error - 19.12.2012 12:57:44 | Computer Name = **********-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Intel - Other hardware - Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter Error - 18.01.2013 13:47:16 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Norton Online Backup erreicht. Error - 18.01.2013 13:47:16 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Norton Online Backup" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 22.01.2013 13:42:49 | Computer Name = **********-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error - 25.01.2013 12:12:42 | Computer Name = **********-PC | Source = DCOM | ID = 10010 Description = < End of report > GMER Logfile: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net Rootkit scan 2013-02-19 18:14:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465,76GB Running: GMER_2.1.18952.exe; Driver: C:\Users\SCHNIE~1\AppData\Local\Temp\axlyifoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007767fc18 5 bytes JMP 00000001727e1780 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007767fc90 5 bytes JMP 00000001727e2ad0 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtOpenFile 000000007767fd44 5 bytes JMP 00000001727e16b0 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077680094 5 bytes JMP 00000001727e1600 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtOpenDirectoryObject 00000000776800dc 5 bytes JMP 00000001727e1740 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtCreateDirectoryObject 00000000776806a4 5 bytes JMP 00000001727e1700 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000776809c4 5 bytes JMP 00000001727e1680 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyTransactedW 00000000766fa8ea 5 bytes JMP 00000001727e3af0 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyExW 00000000766fa9c5 5 bytes JMP 00000001727e3ab0 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteValueW 00000000766fcf31 5 bytes JMP 00000001727e3a10 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyW 0000000076701272 7 bytes JMP 00000001727e3a70 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetValueExW 00000000767014d6 5 bytes JMP 00000001727e34b0 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetKeyValueW 0000000076717180 5 bytes JMP 00000001727e37f0 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegSetValueW 000000007671a68a 5 bytes JMP 00000001727e3660 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteTreeW 00000000767334a3 5 bytes JMP 00000001727e3b40 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\ADVAPI32.dll!RegDeleteKeyValueW 000000007674f84b 5 bytes JMP 00000001727e39a0 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[2792] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77] .text ... * 2 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077631465 2 bytes [63, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5920] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776314bb 2 bytes [63, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\windows\System32\svchost.exe [3040:5960] 000007fef34a9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e003e75 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f59338f Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca97107b376 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\dca971bfdc26 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e003e75 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f59338f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca97107b376 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\dca971bfdc26 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Geändert von HeJo (19.02.2013 um 19:04 Uhr) |
19.02.2013, 19:02 | #2 |
/// Malware-holic | Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
20.02.2013, 18:59 | #3 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hallo Markusg,
__________________danke für Deine schnelle Kontaktaufnahme. Anbei nun der Logfile. Ich habe meinen Namen editiert. (**********). Grüße Hejo 18:46:00.0534 3016 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:46:00.0877 3016 ============================================================ 18:46:00.0877 3016 Current date / time: 2013/02/20 18:46:00.0877 18:46:00.0877 3016 SystemInfo: 18:46:00.0877 3016 18:46:00.0877 3016 OS Version: 6.1.7601 ServicePack: 1.0 18:46:00.0877 3016 Product type: Workstation 18:46:00.0877 3016 ComputerName: **********-PC 18:46:00.0877 3016 UserName: ********** 18:46:00.0877 3016 Windows directory: C:\windows 18:46:00.0877 3016 System windows directory: C:\windows 18:46:00.0877 3016 Running under WOW64 18:46:00.0877 3016 Processor architecture: Intel x64 18:46:00.0877 3016 Number of processors: 4 18:46:00.0877 3016 Page size: 0x1000 18:46:00.0877 3016 Boot type: Normal boot 18:46:00.0877 3016 ============================================================ 18:46:02.0858 3016 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:46:02.0874 3016 ============================================================ 18:46:02.0874 3016 \Device\Harddisk0\DR0: 18:46:02.0874 3016 MBR partitions: 18:46:02.0874 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:46:02.0874 3016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000 18:46:02.0889 3016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x2132F000 18:46:02.0889 3016 ============================================================ 18:46:02.0983 3016 C: <-> \Device\Harddisk0\DR0\Partition2 18:46:03.0045 3016 D: <-> \Device\Harddisk0\DR0\Partition3 18:46:03.0045 3016 ============================================================ 18:46:03.0045 3016 Initialize success 18:46:03.0045 3016 ============================================================ 18:47:35.0585 1212 ============================================================ 18:47:35.0585 1212 Scan started 18:47:35.0585 1212 Mode: Manual; SigCheck; TDLFS; 18:47:35.0585 1212 ============================================================ 18:47:35.0865 1212 ================ Scan system memory ======================== 18:47:35.0865 1212 System memory - ok 18:47:35.0865 1212 ================ Scan services ============================= 18:47:36.0068 1212 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 18:47:36.0240 1212 1394ohci - ok 18:47:36.0365 1212 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 18:47:36.0427 1212 ACPI - ok 18:47:36.0458 1212 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 18:47:36.0505 1212 AcpiPmi - ok 18:47:36.0599 1212 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:47:36.0630 1212 AdobeARMservice - ok 18:47:36.0708 1212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 18:47:36.0755 1212 adp94xx - ok 18:47:36.0770 1212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 18:47:36.0786 1212 adpahci - ok 18:47:36.0801 1212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 18:47:36.0817 1212 adpu320 - ok 18:47:36.0864 1212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 18:47:36.0957 1212 AeLookupSvc - ok 18:47:37.0082 1212 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 18:47:37.0145 1212 AFD - ok 18:47:37.0191 1212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 18:47:37.0223 1212 agp440 - ok 18:47:37.0254 1212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 18:47:37.0316 1212 ALG - ok 18:47:37.0347 1212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 18:47:37.0379 1212 aliide - ok 18:47:37.0379 1212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 18:47:37.0394 1212 amdide - ok 18:47:37.0410 1212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 18:47:37.0441 1212 AmdK8 - ok 18:47:37.0441 1212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 18:47:37.0472 1212 AmdPPM - ok 18:47:37.0535 1212 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 18:47:37.0566 1212 amdsata - ok 18:47:37.0597 1212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 18:47:37.0613 1212 amdsbs - ok 18:47:37.0628 1212 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 18:47:37.0675 1212 amdxata - ok 18:47:37.0722 1212 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys 18:47:37.0753 1212 AMPPAL - ok 18:47:37.0769 1212 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys 18:47:37.0784 1212 AMPPALP - ok 18:47:38.0081 1212 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 18:47:38.0127 1212 AMPPALR3 - ok 18:47:38.0190 1212 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 18:47:38.0252 1212 AppID - ok 18:47:38.0283 1212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 18:47:38.0330 1212 AppIDSvc - ok 18:47:38.0346 1212 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 18:47:38.0424 1212 Appinfo - ok 18:47:38.0455 1212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 18:47:38.0471 1212 arc - ok 18:47:38.0471 1212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 18:47:38.0486 1212 arcsas - ok 18:47:38.0627 1212 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:47:38.0658 1212 aspnet_state - ok 18:47:38.0689 1212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 18:47:38.0736 1212 AsyncMac - ok 18:47:38.0767 1212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 18:47:38.0783 1212 atapi - ok 18:47:38.0861 1212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 18:47:38.0939 1212 AudioEndpointBuilder - ok 18:47:38.0970 1212 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 18:47:39.0001 1212 AudioSrv - ok 18:47:39.0219 1212 [ A1ADE0E06E057E3E7C3C931413AD9665 ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe 18:47:39.0282 1212 AVKProxy - ok 18:47:39.0344 1212 [ 68F93849B4197243E8454E704B063F9B ] AVKService C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe 18:47:39.0391 1212 AVKService - ok 18:47:39.0422 1212 [ B278D782732166A55AB270406E89F7A0 ] AVKWCtl C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe 18:47:39.0485 1212 AVKWCtl - ok 18:47:39.0516 1212 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 18:47:39.0578 1212 AxInstSV - ok 18:47:39.0641 1212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 18:47:39.0703 1212 b06bdrv - ok 18:47:39.0734 1212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 18:47:39.0765 1212 b57nd60a - ok 18:47:39.0797 1212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 18:47:39.0828 1212 BDESVC - ok 18:47:39.0843 1212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 18:47:39.0875 1212 Beep - ok 18:47:39.0921 1212 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 18:47:39.0968 1212 BFE - ok 18:47:40.0015 1212 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 18:47:40.0093 1212 BITS - ok 18:47:40.0109 1212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 18:47:40.0140 1212 blbdrive - ok 18:47:40.0249 1212 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 18:47:40.0296 1212 Bluetooth Device Monitor - ok 18:47:40.0343 1212 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 18:47:40.0374 1212 Bluetooth Media Service - ok 18:47:40.0452 1212 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 18:47:40.0483 1212 Bluetooth OBEX Service - ok 18:47:40.0530 1212 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 18:47:40.0577 1212 bowser - ok 18:47:40.0623 1212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 18:47:40.0686 1212 BrFiltLo - ok 18:47:40.0701 1212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 18:47:40.0748 1212 BrFiltUp - ok 18:47:40.0779 1212 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 18:47:40.0811 1212 Browser - ok 18:47:40.0826 1212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 18:47:40.0857 1212 Brserid - ok 18:47:40.0873 1212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 18:47:40.0904 1212 BrSerWdm - ok 18:47:40.0920 1212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 18:47:40.0951 1212 BrUsbMdm - ok 18:47:40.0951 1212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 18:47:40.0998 1212 BrUsbSer - ok 18:47:41.0045 1212 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 18:47:41.0076 1212 BthEnum - ok 18:47:41.0123 1212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 18:47:41.0154 1212 BTHMODEM - ok 18:47:41.0201 1212 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 18:47:41.0232 1212 BthPan - ok 18:47:41.0310 1212 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 18:47:41.0372 1212 BTHPORT - ok 18:47:41.0403 1212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 18:47:41.0481 1212 bthserv - ok 18:47:41.0497 1212 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 18:47:41.0513 1212 BTHSSecurityMgr - ok 18:47:41.0528 1212 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 18:47:41.0544 1212 BTHUSB - ok 18:47:41.0591 1212 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys 18:47:41.0637 1212 btmaux - ok 18:47:41.0684 1212 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys 18:47:41.0731 1212 btmhsf - ok 18:47:41.0762 1212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 18:47:41.0825 1212 cdfs - ok 18:47:41.0856 1212 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 18:47:41.0903 1212 cdrom - ok 18:47:41.0934 1212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 18:47:41.0996 1212 CertPropSvc - ok 18:47:42.0027 1212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 18:47:42.0043 1212 circlass - ok 18:47:42.0090 1212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 18:47:42.0137 1212 CLFS - ok 18:47:42.0183 1212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:47:42.0215 1212 clr_optimization_v2.0.50727_32 - ok 18:47:42.0261 1212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:47:42.0277 1212 clr_optimization_v2.0.50727_64 - ok 18:47:42.0433 1212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:47:42.0464 1212 clr_optimization_v4.0.30319_32 - ok 18:47:42.0495 1212 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:47:42.0511 1212 clr_optimization_v4.0.30319_64 - ok 18:47:42.0542 1212 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys 18:47:42.0573 1212 clwvd - ok 18:47:42.0620 1212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 18:47:42.0651 1212 CmBatt - ok 18:47:42.0683 1212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 18:47:42.0698 1212 cmdide - ok 18:47:42.0745 1212 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 18:47:42.0792 1212 CNG - ok 18:47:42.0823 1212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 18:47:42.0839 1212 Compbatt - ok 18:47:42.0870 1212 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 18:47:42.0917 1212 CompositeBus - ok 18:47:42.0932 1212 COMSysApp - ok 18:47:42.0948 1212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 18:47:42.0963 1212 crcdisk - ok 18:47:43.0026 1212 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 18:47:43.0041 1212 CryptSvc - ok 18:47:43.0166 1212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 18:47:43.0291 1212 DcomLaunch - ok 18:47:43.0322 1212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 18:47:43.0369 1212 defragsvc - ok 18:47:43.0416 1212 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 18:47:43.0494 1212 DfsC - ok 18:47:43.0525 1212 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 18:47:43.0556 1212 Dhcp - ok 18:47:43.0572 1212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 18:47:43.0665 1212 discache - ok 18:47:43.0728 1212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 18:47:43.0759 1212 Disk - ok 18:47:43.0806 1212 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 18:47:43.0853 1212 Dnscache - ok 18:47:43.0915 1212 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 18:47:44.0009 1212 dot3svc - ok 18:47:44.0024 1212 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 18:47:44.0071 1212 DPS - ok 18:47:44.0118 1212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 18:47:44.0165 1212 drmkaud - ok 18:47:44.0180 1212 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 18:47:44.0227 1212 DXGKrnl - ok 18:47:44.0258 1212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 18:47:44.0305 1212 EapHost - ok 18:47:44.0617 1212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 18:47:44.0773 1212 ebdrv - ok 18:47:44.0804 1212 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 18:47:44.0835 1212 EFS - ok 18:47:44.0898 1212 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 18:47:44.0945 1212 ehRecvr - ok 18:47:44.0960 1212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 18:47:45.0007 1212 ehSched - ok 18:47:45.0069 1212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 18:47:45.0085 1212 elxstor - ok 18:47:45.0101 1212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 18:47:45.0132 1212 ErrDev - ok 18:47:45.0163 1212 [ 98B103D1D5C426A10219437E36E03FE8 ] ETD C:\windows\system32\DRIVERS\ETD.sys 18:47:45.0179 1212 ETD - ok 18:47:45.0225 1212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 18:47:45.0272 1212 EventSystem - ok 18:47:45.0303 1212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 18:47:45.0350 1212 exfat - ok 18:47:45.0381 1212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 18:47:45.0459 1212 fastfat - ok 18:47:45.0522 1212 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 18:47:45.0569 1212 Fax - ok 18:47:45.0600 1212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 18:47:45.0615 1212 fdc - ok 18:47:45.0678 1212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 18:47:45.0771 1212 fdPHost - ok 18:47:45.0787 1212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 18:47:45.0834 1212 FDResPub - ok 18:47:45.0849 1212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 18:47:45.0865 1212 FileInfo - ok 18:47:45.0881 1212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 18:47:45.0927 1212 Filetrace - ok 18:47:45.0943 1212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 18:47:45.0959 1212 flpydisk - ok 18:47:45.0974 1212 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 18:47:45.0990 1212 FltMgr - ok 18:47:46.0037 1212 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 18:47:46.0099 1212 FontCache - ok 18:47:46.0130 1212 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:47:46.0161 1212 FontCache3.0.0.0 - ok 18:47:46.0177 1212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 18:47:46.0208 1212 FsDepends - ok 18:47:46.0239 1212 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 18:47:46.0271 1212 Fs_Rec - ok 18:47:46.0317 1212 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 18:47:46.0349 1212 fvevol - ok 18:47:46.0380 1212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 18:47:46.0395 1212 gagp30kx - ok 18:47:46.0442 1212 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe 18:47:46.0489 1212 GameConsoleService - ok 18:47:46.0551 1212 [ DEC2DEB0025548EE434C2DBA68B771BC ] GDBehave C:\windows\system32\drivers\GDBehave.sys 18:47:46.0567 1212 GDBehave - ok 18:47:46.0614 1212 [ C91D9D7338AD7E6D0CC707828E90203F ] GDMnIcpt C:\windows\system32\drivers\MiniIcpt.sys 18:47:46.0645 1212 GDMnIcpt - ok 18:47:46.0676 1212 [ B6F4C60CF97E823F2874FF9FEF4CC89B ] GDPkIcpt C:\windows\system32\drivers\PktIcpt.sys 18:47:46.0692 1212 GDPkIcpt - ok 18:47:46.0739 1212 [ 110C6DC36EA9F5DA664A584756B1B297 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe 18:47:46.0770 1212 GDScan - ok 18:47:46.0785 1212 [ 080B1C7B27BD44877DA04F6EC3D16CF3 ] gdwfpcd C:\windows\system32\drivers\gdwfpcd64.sys 18:47:46.0801 1212 gdwfpcd - ok 18:47:46.0863 1212 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 18:47:46.0926 1212 gpsvc - ok 18:47:46.0988 1212 [ 9580CBF03D2EE08BD1C0D701AAE4092A ] GRD C:\windows\system32\drivers\GRD.sys 18:47:47.0019 1212 GRD - ok 18:47:47.0051 1212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 18:47:47.0082 1212 hcw85cir - ok 18:47:47.0113 1212 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 18:47:47.0144 1212 HdAudAddService - ok 18:47:47.0160 1212 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 18:47:47.0191 1212 HDAudBus - ok 18:47:47.0238 1212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 18:47:47.0269 1212 HidBatt - ok 18:47:47.0269 1212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 18:47:47.0300 1212 HidBth - ok 18:47:47.0316 1212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 18:47:47.0331 1212 HidIr - ok 18:47:47.0378 1212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 18:47:47.0425 1212 hidserv - ok 18:47:47.0456 1212 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 18:47:47.0472 1212 HidUsb - ok 18:47:47.0519 1212 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 18:47:47.0612 1212 hkmsvc - ok 18:47:47.0628 1212 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 18:47:47.0659 1212 HomeGroupListener - ok 18:47:47.0690 1212 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 18:47:47.0706 1212 HomeGroupProvider - ok 18:47:47.0721 1212 [ 907C238D9F85BE868817740C0FD8D315 ] HookCentre C:\windows\system32\drivers\HookCentre.sys 18:47:47.0737 1212 HookCentre - ok 18:47:47.0784 1212 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 18:47:47.0815 1212 HpSAMD - ok 18:47:47.0862 1212 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 18:47:47.0940 1212 HTTP - ok 18:47:47.0955 1212 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 18:47:47.0971 1212 hwpolicy - ok 18:47:48.0002 1212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 18:47:48.0018 1212 i8042prt - ok 18:47:48.0065 1212 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 18:47:48.0080 1212 iaStor - ok 18:47:48.0143 1212 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 18:47:48.0174 1212 iaStorV - ok 18:47:48.0189 1212 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys 18:47:48.0205 1212 iBtFltCoex - ok 18:47:48.0267 1212 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:47:48.0314 1212 idsvc - ok 18:47:49.0157 1212 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 18:47:49.0547 1212 igfx - ok 18:47:49.0625 1212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 18:47:49.0656 1212 iirsp - ok 18:47:49.0921 1212 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 18:47:49.0999 1212 IKEEXT - ok 18:47:50.0217 1212 [ 8E05ADB4B809B478B2EC65A1A1633DEB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 18:47:50.0295 1212 IntcAzAudAddService - ok 18:47:50.0342 1212 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 18:47:50.0405 1212 IntcDAud - ok 18:47:50.0436 1212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 18:47:50.0451 1212 intelide - ok 18:47:50.0498 1212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 18:47:50.0545 1212 intelppm - ok 18:47:50.0607 1212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 18:47:50.0685 1212 IPBusEnum - ok 18:47:50.0701 1212 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 18:47:50.0795 1212 IpFilterDriver - ok 18:47:50.0841 1212 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 18:47:50.0857 1212 iphlpsvc - ok 18:47:50.0873 1212 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 18:47:50.0919 1212 IPMIDRV - ok 18:47:50.0919 1212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 18:47:50.0982 1212 IPNAT - ok 18:47:51.0013 1212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 18:47:51.0029 1212 IRENUM - ok 18:47:51.0044 1212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 18:47:51.0060 1212 isapnp - ok 18:47:51.0091 1212 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 18:47:51.0122 1212 iScsiPrt - ok 18:47:51.0138 1212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 18:47:51.0153 1212 kbdclass - ok 18:47:51.0169 1212 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 18:47:51.0200 1212 kbdhid - ok 18:47:51.0216 1212 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 18:47:51.0231 1212 KeyIso - ok 18:47:51.0278 1212 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 18:47:51.0278 1212 KSecDD - ok 18:47:51.0309 1212 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 18:47:51.0325 1212 KSecPkg - ok 18:47:51.0325 1212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 18:47:51.0372 1212 ksthunk - ok 18:47:51.0403 1212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 18:47:51.0465 1212 KtmRm - ok 18:47:51.0512 1212 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 18:47:51.0606 1212 LanmanServer - ok 18:47:51.0637 1212 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 18:47:51.0699 1212 LanmanWorkstation - ok 18:47:51.0731 1212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 18:47:51.0793 1212 lltdio - ok 18:47:51.0824 1212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 18:47:51.0887 1212 lltdsvc - ok 18:47:51.0902 1212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 18:47:51.0980 1212 lmhosts - ok 18:47:52.0027 1212 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:47:52.0058 1212 LMS - ok 18:47:52.0089 1212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 18:47:52.0105 1212 LSI_FC - ok 18:47:52.0121 1212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 18:47:52.0136 1212 LSI_SAS - ok 18:47:52.0136 1212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 18:47:52.0152 1212 LSI_SAS2 - ok 18:47:52.0167 1212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 18:47:52.0183 1212 LSI_SCSI - ok 18:47:52.0199 1212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 18:47:52.0245 1212 luafv - ok 18:47:52.0292 1212 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\windows\system32\drivers\massfilter.sys 18:47:52.0339 1212 massfilter - ok 18:47:52.0401 1212 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys 18:47:52.0417 1212 MBAMProtector - ok 18:47:52.0479 1212 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:47:52.0511 1212 MBAMScheduler - ok 18:47:52.0542 1212 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:47:52.0589 1212 MBAMService - ok 18:47:52.0682 1212 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 18:47:52.0713 1212 McComponentHostService - ok 18:47:52.0729 1212 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 18:47:52.0760 1212 Mcx2Svc - ok 18:47:52.0791 1212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 18:47:52.0807 1212 megasas - ok 18:47:52.0838 1212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 18:47:52.0854 1212 MegaSR - ok 18:47:52.0885 1212 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 18:47:52.0901 1212 MEIx64 - ok 18:47:52.0932 1212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 18:47:52.0963 1212 MMCSS - ok 18:47:52.0979 1212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 18:47:53.0041 1212 Modem - ok 18:47:53.0072 1212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 18:47:53.0103 1212 monitor - ok 18:47:53.0119 1212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 18:47:53.0135 1212 mouclass - ok 18:47:53.0166 1212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 18:47:53.0181 1212 mouhid - ok 18:47:53.0213 1212 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 18:47:53.0228 1212 mountmgr - ok 18:47:53.0322 1212 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:47:53.0369 1212 MozillaMaintenance - ok 18:47:53.0384 1212 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 18:47:53.0431 1212 mpio - ok 18:47:53.0447 1212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 18:47:53.0478 1212 mpsdrv - ok 18:47:53.0525 1212 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 18:47:53.0603 1212 MpsSvc - ok 18:47:53.0603 1212 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 18:47:53.0649 1212 MRxDAV - ok 18:47:53.0681 1212 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 18:47:53.0712 1212 mrxsmb - ok 18:47:53.0743 1212 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 18:47:53.0759 1212 mrxsmb10 - ok 18:47:53.0774 1212 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 18:47:53.0790 1212 mrxsmb20 - ok 18:47:53.0821 1212 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 18:47:53.0837 1212 msahci - ok 18:47:53.0852 1212 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 18:47:53.0868 1212 msdsm - ok 18:47:53.0883 1212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 18:47:53.0915 1212 MSDTC - ok 18:47:53.0930 1212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 18:47:53.0993 1212 Msfs - ok 18:47:54.0008 1212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 18:47:54.0039 1212 mshidkmdf - ok 18:47:54.0071 1212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 18:47:54.0102 1212 msisadrv - ok 18:47:54.0149 1212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 18:47:54.0211 1212 MSiSCSI - ok 18:47:54.0211 1212 msiserver - ok 18:47:54.0227 1212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 18:47:54.0289 1212 MSKSSRV - ok 18:47:54.0305 1212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 18:47:54.0351 1212 MSPCLOCK - ok 18:47:54.0367 1212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 18:47:54.0414 1212 MSPQM - ok 18:47:54.0429 1212 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 18:47:54.0445 1212 MsRPC - ok 18:47:54.0476 1212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 18:47:54.0476 1212 mssmbios - ok 18:47:54.0507 1212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 18:47:54.0554 1212 MSTEE - ok 18:47:54.0570 1212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 18:47:54.0601 1212 MTConfig - ok 18:47:54.0632 1212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 18:47:54.0648 1212 Mup - ok 18:47:54.0695 1212 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 18:47:54.0757 1212 napagent - ok 18:47:54.0788 1212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 18:47:54.0866 1212 NativeWifiP - ok 18:47:54.0913 1212 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 18:47:54.0960 1212 NDIS - ok 18:47:54.0991 1212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 18:47:55.0069 1212 NdisCap - ok 18:47:55.0116 1212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 18:47:55.0194 1212 NdisTapi - ok 18:47:55.0225 1212 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 18:47:55.0319 1212 Ndisuio - ok 18:47:55.0334 1212 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 18:47:55.0397 1212 NdisWan - ok 18:47:55.0412 1212 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 18:47:55.0490 1212 NDProxy - ok 18:47:55.0521 1212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 18:47:55.0568 1212 NetBIOS - ok 18:47:55.0584 1212 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 18:47:55.0631 1212 NetBT - ok 18:47:55.0662 1212 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 18:47:55.0677 1212 Netlogon - ok 18:47:55.0880 1212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 18:47:56.0021 1212 Netman - ok 18:47:56.0145 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:47:56.0192 1212 NetMsmqActivator - ok 18:47:56.0208 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:47:56.0239 1212 NetPipeActivator - ok 18:47:56.0270 1212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 18:47:56.0348 1212 netprofm - ok 18:47:56.0348 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:47:56.0364 1212 NetTcpActivator - ok 18:47:56.0379 1212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:47:56.0395 1212 NetTcpPortSharing - ok 18:47:56.0894 1212 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys 18:47:57.0175 1212 NETwNs64 - ok 18:47:57.0237 1212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 18:47:57.0253 1212 nfrd960 - ok 18:47:57.0331 1212 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 18:47:57.0393 1212 NlaSvc - ok 18:47:57.0534 1212 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 18:47:57.0581 1212 NOBU - ok 18:47:57.0612 1212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 18:47:57.0643 1212 Npfs - ok 18:47:57.0690 1212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 18:47:57.0737 1212 nsi - ok 18:47:57.0783 1212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 18:47:57.0846 1212 nsiproxy - ok 18:47:58.0142 1212 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 18:47:58.0205 1212 Ntfs - ok 18:47:58.0267 1212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 18:47:58.0329 1212 Null - ok 18:47:58.0751 1212 [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys 18:47:59.0172 1212 nvlddmkm - ok 18:47:59.0203 1212 [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys 18:47:59.0219 1212 nvpciflt - ok 18:47:59.0250 1212 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 18:47:59.0265 1212 nvraid - ok 18:47:59.0297 1212 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 18:47:59.0343 1212 nvstor - ok 18:47:59.0562 1212 [ E04FCE1D149CF05C3449E3171F9C3E41 ] NVSvc C:\windows\system32\nvvsvc.exe 18:47:59.0609 1212 NVSvc - ok 18:47:59.0702 1212 [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 18:47:59.0749 1212 nvUpdatusService - ok 18:47:59.0780 1212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 18:47:59.0796 1212 nv_agp - ok 18:47:59.0796 1212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 18:47:59.0811 1212 ohci1394 - ok 18:47:59.0889 1212 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:47:59.0905 1212 ose - ok 18:48:00.0077 1212 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:48:00.0248 1212 osppsvc - ok 18:48:00.0279 1212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 18:48:00.0295 1212 p2pimsvc - ok 18:48:00.0326 1212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 18:48:00.0373 1212 p2psvc - ok 18:48:00.0404 1212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 18:48:00.0451 1212 Parport - ok 18:48:00.0482 1212 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 18:48:00.0498 1212 partmgr - ok 18:48:00.0545 1212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 18:48:00.0607 1212 PcaSvc - ok 18:48:00.0638 1212 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 18:48:00.0654 1212 pci - ok 18:48:00.0669 1212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 18:48:00.0685 1212 pciide - ok 18:48:00.0701 1212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 18:48:00.0716 1212 pcmcia - ok 18:48:00.0732 1212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 18:48:00.0747 1212 pcw - ok 18:48:00.0763 1212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 18:48:00.0825 1212 PEAUTH - ok 18:48:00.0888 1212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 18:48:00.0935 1212 PerfHost - ok 18:48:01.0013 1212 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 18:48:01.0091 1212 pla - ok 18:48:01.0122 1212 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 18:48:01.0153 1212 PlugPlay - ok 18:48:01.0184 1212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 18:48:01.0200 1212 PNRPAutoReg - ok 18:48:01.0231 1212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 18:48:01.0247 1212 PNRPsvc - ok 18:48:01.0309 1212 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 18:48:01.0387 1212 PolicyAgent - ok 18:48:01.0418 1212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 18:48:01.0481 1212 Power - ok 18:48:01.0527 1212 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 18:48:01.0559 1212 PptpMiniport - ok 18:48:01.0574 1212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 18:48:01.0637 1212 Processor - ok 18:48:01.0683 1212 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 18:48:01.0730 1212 ProfSvc - ok 18:48:01.0761 1212 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 18:48:01.0777 1212 ProtectedStorage - ok 18:48:01.0808 1212 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 18:48:01.0871 1212 Psched - ok 18:48:01.0949 1212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 18:48:02.0011 1212 ql2300 - ok 18:48:02.0027 1212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 18:48:02.0042 1212 ql40xx - ok 18:48:02.0058 1212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 18:48:02.0073 1212 QWAVE - ok 18:48:02.0089 1212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 18:48:02.0120 1212 QWAVEdrv - ok 18:48:02.0136 1212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 18:48:02.0183 1212 RasAcd - ok 18:48:02.0214 1212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 18:48:02.0261 1212 RasAgileVpn - ok 18:48:02.0276 1212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 18:48:02.0323 1212 RasAuto - ok 18:48:02.0339 1212 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 18:48:02.0385 1212 Rasl2tp - ok 18:48:02.0417 1212 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 18:48:02.0495 1212 RasMan - ok 18:48:02.0510 1212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 18:48:02.0557 1212 RasPppoe - ok 18:48:02.0604 1212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 18:48:02.0666 1212 RasSstp - ok 18:48:02.0682 1212 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 18:48:02.0729 1212 rdbss - ok 18:48:02.0744 1212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 18:48:02.0760 1212 rdpbus - ok 18:48:02.0775 1212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 18:48:02.0822 1212 RDPCDD - ok 18:48:02.0838 1212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 18:48:02.0885 1212 RDPENCDD - ok 18:48:02.0900 1212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 18:48:02.0947 1212 RDPREFMP - ok 18:48:02.0978 1212 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 18:48:03.0025 1212 RDPWD - ok 18:48:03.0056 1212 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 18:48:03.0072 1212 rdyboost - ok 18:48:03.0103 1212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 18:48:03.0134 1212 RemoteAccess - ok 18:48:03.0243 1212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 18:48:03.0321 1212 RemoteRegistry - ok 18:48:03.0399 1212 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 18:48:03.0446 1212 RFCOMM - ok 18:48:03.0602 1212 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 18:48:03.0633 1212 RichVideo ( UnsignedFile.Multi.Generic ) - warning 18:48:03.0633 1212 RichVideo - detected UnsignedFile.Multi.Generic (1) 18:48:03.0680 1212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 18:48:03.0727 1212 RpcEptMapper - ok 18:48:03.0743 1212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 18:48:03.0758 1212 RpcLocator - ok 18:48:03.0789 1212 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 18:48:03.0836 1212 RpcSs - ok 18:48:03.0883 1212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 18:48:03.0961 1212 rspndr - ok 18:48:04.0008 1212 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 18:48:04.0055 1212 RTL8167 - ok 18:48:04.0133 1212 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys 18:48:04.0148 1212 rtport - ok 18:48:04.0179 1212 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys 18:48:04.0226 1212 SABI - ok 18:48:04.0226 1212 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 18:48:04.0257 1212 SamSs - ok 18:48:04.0304 1212 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 18:48:04.0351 1212 sbp2port - ok 18:48:04.0382 1212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 18:48:04.0429 1212 SCardSvr - ok 18:48:04.0460 1212 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 18:48:04.0507 1212 scfilter - ok 18:48:04.0601 1212 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 18:48:04.0710 1212 Schedule - ok 18:48:04.0725 1212 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 18:48:04.0757 1212 SCPolicySvc - ok 18:48:04.0788 1212 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 18:48:04.0850 1212 SDRSVC - ok 18:48:04.0897 1212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 18:48:04.0959 1212 secdrv - ok 18:48:04.0991 1212 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 18:48:05.0100 1212 seclogon - ok 18:48:05.0115 1212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 18:48:05.0162 1212 SENS - ok 18:48:05.0209 1212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 18:48:05.0240 1212 SensrSvc - ok 18:48:05.0256 1212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 18:48:05.0287 1212 Serenum - ok 18:48:05.0303 1212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 18:48:05.0334 1212 Serial - ok 18:48:05.0365 1212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 18:48:05.0396 1212 sermouse - ok 18:48:05.0427 1212 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 18:48:05.0459 1212 SessionEnv - ok 18:48:05.0474 1212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 18:48:05.0490 1212 sffdisk - ok 18:48:05.0505 1212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 18:48:05.0537 1212 sffp_mmc - ok 18:48:05.0568 1212 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 18:48:05.0630 1212 sffp_sd - ok 18:48:05.0661 1212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 18:48:05.0693 1212 sfloppy - ok 18:48:05.0739 1212 [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv C:\windows\system32\DRIVERS\SGdrv64.sys 18:48:05.0771 1212 SGDrv - ok 18:48:05.0864 1212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 18:48:05.0973 1212 SharedAccess - ok 18:48:06.0020 1212 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 18:48:06.0067 1212 ShellHWDetection - ok 18:48:06.0098 1212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 18:48:06.0145 1212 SiSRaid2 - ok 18:48:06.0176 1212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 18:48:06.0207 1212 SiSRaid4 - ok 18:48:06.0270 1212 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:48:06.0285 1212 SkypeUpdate - ok 18:48:06.0301 1212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 18:48:06.0363 1212 Smb - ok 18:48:06.0410 1212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 18:48:06.0441 1212 SNMPTRAP - ok 18:48:06.0473 1212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 18:48:06.0519 1212 spldr - ok 18:48:06.0566 1212 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 18:48:06.0613 1212 Spooler - ok 18:48:06.0878 1212 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 18:48:06.0956 1212 sppsvc - ok 18:48:06.0972 1212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 18:48:07.0034 1212 sppuinotify - ok 18:48:07.0065 1212 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 18:48:07.0143 1212 srv - ok 18:48:07.0159 1212 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 18:48:07.0206 1212 srv2 - ok 18:48:07.0237 1212 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 18:48:07.0268 1212 srvnet - ok 18:48:07.0315 1212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 18:48:07.0393 1212 SSDPSRV - ok 18:48:07.0409 1212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 18:48:07.0455 1212 SstpSvc - ok 18:48:07.0487 1212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 18:48:07.0487 1212 stexstor - ok 18:48:07.0549 1212 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 18:48:07.0643 1212 stisvc - ok 18:48:07.0658 1212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 18:48:07.0674 1212 swenum - ok 18:48:07.0705 1212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 18:48:07.0752 1212 swprv - ok 18:48:07.0814 1212 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 18:48:07.0892 1212 SysMain - ok 18:48:07.0923 1212 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 18:48:07.0970 1212 TabletInputService - ok 18:48:07.0986 1212 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 18:48:08.0048 1212 TapiSrv - ok 18:48:08.0064 1212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 18:48:08.0111 1212 TBS - ok 18:48:08.0189 1212 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys 18:48:08.0251 1212 Tcpip - ok 18:48:08.0267 1212 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 18:48:08.0313 1212 TCPIP6 - ok 18:48:08.0345 1212 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 18:48:08.0360 1212 tcpipreg - ok 18:48:08.0391 1212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 18:48:08.0423 1212 TDPIPE - ok 18:48:08.0438 1212 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 18:48:08.0454 1212 TDTCP - ok 18:48:08.0469 1212 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 18:48:08.0532 1212 tdx - ok 18:48:08.0672 1212 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 18:48:08.0735 1212 TeamViewer7 - ok 18:48:08.0750 1212 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 18:48:08.0766 1212 TermDD - ok 18:48:08.0797 1212 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 18:48:08.0844 1212 TermService - ok 18:48:08.0859 1212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 18:48:08.0906 1212 Themes - ok 18:48:08.0937 1212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 18:48:08.0969 1212 THREADORDER - ok 18:48:08.0984 1212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 18:48:09.0031 1212 TrkWks - ok 18:48:09.0078 1212 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 18:48:09.0125 1212 TrustedInstaller - ok 18:48:09.0140 1212 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 18:48:09.0171 1212 tssecsrv - ok 18:48:09.0171 1212 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 18:48:09.0203 1212 TsUsbFlt - ok 18:48:09.0218 1212 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 18:48:09.0234 1212 TsUsbGD - ok 18:48:09.0281 1212 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 18:48:09.0327 1212 tunnel - ok 18:48:09.0327 1212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 18:48:09.0343 1212 uagp35 - ok 18:48:09.0359 1212 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 18:48:09.0437 1212 udfs - ok 18:48:09.0499 1212 [ 13BFF97E926BF8D9C1230CECC371A0C0 ] UI Assistant Service C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe 18:48:09.0546 1212 UI Assistant Service - ok 18:48:09.0608 1212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 18:48:09.0655 1212 UI0Detect - ok 18:48:09.0686 1212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 18:48:09.0702 1212 uliagpkx - ok 18:48:09.0733 1212 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 18:48:09.0780 1212 umbus - ok 18:48:09.0795 1212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 18:48:09.0827 1212 UmPass - ok 18:48:10.0310 1212 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:48:10.0388 1212 UNS - ok 18:48:10.0419 1212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 18:48:10.0497 1212 upnphost - ok 18:48:10.0544 1212 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 18:48:10.0575 1212 usbccgp - ok 18:48:10.0638 1212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 18:48:10.0685 1212 usbcir - ok 18:48:10.0700 1212 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 18:48:10.0731 1212 usbehci - ok 18:48:10.0778 1212 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 18:48:10.0825 1212 usbhub - ok 18:48:10.0856 1212 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 18:48:10.0872 1212 usbohci - ok 18:48:10.0887 1212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 18:48:10.0919 1212 usbprint - ok 18:48:10.0950 1212 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 18:48:10.0965 1212 usbscan - ok 18:48:10.0981 1212 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 18:48:11.0012 1212 USBSTOR - ok 18:48:11.0028 1212 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 18:48:11.0043 1212 usbuhci - ok 18:48:11.0075 1212 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 18:48:11.0137 1212 usbvideo - ok 18:48:11.0168 1212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 18:48:11.0215 1212 UxSms - ok 18:48:11.0231 1212 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 18:48:11.0246 1212 VaultSvc - ok 18:48:11.0277 1212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 18:48:11.0293 1212 vdrvroot - ok 18:48:11.0324 1212 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 18:48:11.0387 1212 vds - ok 18:48:11.0433 1212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 18:48:11.0449 1212 vga - ok 18:48:11.0465 1212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 18:48:11.0511 1212 VgaSave - ok 18:48:11.0511 1212 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 18:48:11.0527 1212 vhdmp - ok 18:48:11.0558 1212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 18:48:11.0574 1212 viaide - ok 18:48:11.0621 1212 [ 1C1111810F0FCD958A6DFE3F869AD80D ] vmwvusb C:\windows\system32\Drivers\vmwvusb.sys 18:48:11.0652 1212 vmwvusb - ok 18:48:11.0667 1212 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 18:48:11.0683 1212 volmgr - ok 18:48:11.0714 1212 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 18:48:11.0730 1212 volmgrx - ok 18:48:11.0761 1212 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys 18:48:11.0792 1212 volsnap - ok 18:48:11.0823 1212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 18:48:11.0839 1212 vsmraid - ok 18:48:11.0901 1212 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 18:48:11.0995 1212 VSS - ok 18:48:12.0011 1212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 18:48:12.0042 1212 vwifibus - ok 18:48:12.0104 1212 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 18:48:12.0135 1212 vwififlt - ok 18:48:12.0167 1212 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 18:48:12.0198 1212 vwifimp - ok 18:48:12.0245 1212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 18:48:12.0307 1212 W32Time - ok 18:48:12.0338 1212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 18:48:12.0354 1212 WacomPen - ok 18:48:12.0401 1212 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 18:48:12.0447 1212 WANARP - ok 18:48:12.0463 1212 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 18:48:12.0494 1212 Wanarpv6 - ok 18:48:12.0525 1212 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 18:48:12.0588 1212 wbengine - ok 18:48:12.0619 1212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 18:48:12.0650 1212 WbioSrvc - ok 18:48:12.0681 1212 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 18:48:12.0713 1212 wcncsvc - ok 18:48:12.0728 1212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 18:48:12.0759 1212 WcsPlugInService - ok 18:48:12.0791 1212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 18:48:12.0791 1212 Wd - ok 18:48:12.0837 1212 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 18:48:12.0915 1212 Wdf01000 - ok 18:48:12.0931 1212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 18:48:12.0978 1212 WdiServiceHost - ok 18:48:12.0978 1212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 18:48:13.0009 1212 WdiSystemHost - ok 18:48:13.0040 1212 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 18:48:13.0118 1212 WebClient - ok 18:48:13.0149 1212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 18:48:13.0196 1212 Wecsvc - ok 18:48:13.0212 1212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 18:48:13.0259 1212 wercplsupport - ok 18:48:13.0274 1212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 18:48:13.0383 1212 WerSvc - ok 18:48:13.0430 1212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 18:48:13.0477 1212 WfpLwf - ok 18:48:13.0508 1212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 18:48:13.0539 1212 WIMMount - ok 18:48:13.0617 1212 WinDefend - ok 18:48:13.0649 1212 WinHttpAutoProxySvc - ok 18:48:13.0773 1212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 18:48:13.0836 1212 Winmgmt - ok 18:48:13.0992 1212 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 18:48:14.0070 1212 WinRM - ok 18:48:14.0226 1212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 18:48:14.0288 1212 Wlansvc - ok 18:48:14.0335 1212 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:48:14.0366 1212 wlcrasvc - ok 18:48:14.0507 1212 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:48:14.0553 1212 wlidsvc - ok 18:48:14.0585 1212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 18:48:14.0585 1212 WmiAcpi - ok 18:48:14.0631 1212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 18:48:14.0678 1212 wmiApSrv - ok 18:48:14.0709 1212 WMPNetworkSvc - ok 18:48:14.0741 1212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 18:48:14.0756 1212 WPCSvc - ok 18:48:14.0772 1212 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 18:48:14.0787 1212 WPDBusEnum - ok 18:48:14.0834 1212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 18:48:14.0865 1212 ws2ifsl - ok 18:48:14.0897 1212 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 18:48:14.0928 1212 wscsvc - ok 18:48:14.0928 1212 WSearch - ok 18:48:15.0021 1212 [ 3CF81F104137457A7F32C274709635BE ] wsnm C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe 18:48:15.0068 1212 wsnm - ok 18:48:15.0115 1212 [ AFD194F6C3FAF4D29493AD2DF28B46BF ] wsnm_usbctrl C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe 18:48:15.0146 1212 wsnm_usbctrl - ok 18:48:15.0240 1212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 18:48:15.0302 1212 wuauserv - ok 18:48:15.0349 1212 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 18:48:15.0380 1212 WudfPf - ok 18:48:15.0427 1212 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 18:48:15.0474 1212 WUDFRd - ok 18:48:15.0489 1212 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 18:48:15.0521 1212 wudfsvc - ok 18:48:15.0536 1212 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 18:48:15.0567 1212 WwanSvc - ok 18:48:15.0630 1212 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys 18:48:15.0677 1212 ZTEusbmdm6k - ok 18:48:15.0692 1212 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys 18:48:15.0708 1212 ZTEusbnmea - ok 18:48:15.0755 1212 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys 18:48:15.0786 1212 ZTEusbser6k - ok 18:48:15.0801 1212 ================ Scan global =============================== 18:48:15.0833 1212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 18:48:15.0848 1212 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 18:48:15.0864 1212 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 18:48:15.0895 1212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 18:48:15.0926 1212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 18:48:15.0926 1212 [Global] - ok 18:48:15.0926 1212 ================ Scan MBR ================================== 18:48:15.0926 1212 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 18:48:16.0285 1212 \Device\Harddisk0\DR0 - ok 18:48:16.0285 1212 ================ Scan VBR ================================== 18:48:16.0285 1212 [ C0074F5509A90A8A9316377AC0729464 ] \Device\Harddisk0\DR0\Partition1 18:48:16.0285 1212 \Device\Harddisk0\DR0\Partition1 - ok 18:48:16.0332 1212 [ D7089683512038A43C27EB302E6A85A4 ] \Device\Harddisk0\DR0\Partition2 18:48:16.0332 1212 \Device\Harddisk0\DR0\Partition2 - ok 18:48:16.0347 1212 [ 963413C90315B314DA8F187CC30F66D8 ] \Device\Harddisk0\DR0\Partition3 18:48:16.0363 1212 \Device\Harddisk0\DR0\Partition3 - ok 18:48:16.0363 1212 ============================================================ 18:48:16.0363 1212 Scan finished 18:48:16.0363 1212 ============================================================ 18:48:16.0363 3248 Detected object count: 1 18:48:16.0363 3248 Actual detected object count: 1 18:51:45.0684 3248 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 18:51:45.0684 3248 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip |
20.02.2013, 19:52 | #4 |
/// Malware-holic | Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.02.2013, 19:27 | #5 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hallo markusg, ich habe combofix.exe gespeichert und als administrator laufen lassen. Zuvor habe ich Malware und GData Virenschutz ausgeschaltet. Combofix wird ausgeführt. Ich bekomme aber folgende Meldungen von GData: 1) Combofix.exe ist ein vermeintlich bösartiges Programm /Herausgeber: Unbekannt, Gestartet von svchost.exe Während diese Meldung auf meinem Bildschirm aufpoppt, scheint das Programm combofix nicht weiterzukommen. Es bleibt bei 38% stehen... Erst der Klick auf "Erlauben" von GData läßt combofix weiterlaufen. Ich bekomme aber keine combofix.txt Datei als Ergebnis. Hierauf erscheinen dann weitere folgende Meldungen von GData 2) per.3exe ist ein vermeintlich bösartiges Programm / Herausgeber: Unbekannt, Gestartet von : cmd.3xe Das Programm stellt GData in Quarantäne... Dann die nächste Meldung: 3) regedit.exe ist ein vermeintlich bösartiges Programm / Herausgeber: Microsoft Windows, Gestartet von cmd.exe Das Programm stellt GDate in Quarantäne... Dann die nächste Meldung: 4) Der Rechner muß neu gestartet werden, um die schädliche Software zu entfernen. Taste ok gedrückt Nun folgende Meldung 5) cmd.exe ist ein vermeintlich bösartiges Programm / Herausgeber: unbekannt ; gestartet von hidec.3xe Wie gesagt, ich bekomme keine combofix.txt - Datei, die ich hier posten könnte. Auf C habe ich gesucht und keine gefunden. Nach dem ich anfänglich noch auf den Windows Explorer zugreifen konnte, stelle ich nun fest, daß ich den Windows Explorer nicht mehr öffnen kann und ich auf kein Programm mehr zugreifen kann. Dies bleibt auch so, wenn ich den Computer neu gestartet habe. Das macht mir jetzt echt Angst... irgendetwas habe ich wahrscheinlich nicht richtig gemacht.. Ich bekomme bei dem Versuch auf den Windows Explorer oder auf Programme zuzugreifen Meldungen, die so oder ähnlich lauten: "C:/Windows/system 32/icacls.exe: Der Datei ist kein Programm zum Ausführen dieser Aktion zugeordnet. Installieren Sie ein entsprechendes Programm, oder erstellen Sie in der Systemsteuerung unter "standardprogramme" eine Zuordnung, wenn bereits ein Programm installiert ist.". Ich hoffe, Du kannst mir weiterhelfen...Viele Grüße Hejo Geändert von HeJo (21.02.2013 um 19:51 Uhr) |
21.02.2013, 19:56 | #6 |
/// Malware-holic | Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen hi öffne mal gdata und schaue, ob du dort die verhaltensanalyse noch abschalten kannst. evtl. kann man es auch über rechtsklick im infobereich auf das symbol beenden
__________________ --> Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen |
21.02.2013, 22:39 | #7 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hi markusg, sorry aber ich weiß nicht genau, was Du meinst. Das Progamm GData kann ich nicht mehr öffnen. Durch rechten Mausklick in den Programmpfad komme ich noch auf die Eigenschaften. Dort kann ich Einstellungen vornehmen für "allgemein", "freigabe", "Sicherheit", "vorgängerversionen", "anpassen". Zudem kann ich über das Wartungscenter den Virenschutz anscheinend wieder aktivieren. Ich wage mich aber gar nicht mehr, irgendeinen Button zu drücken. Daher frage ich lieber noch einmal nach, was genau Du mit "Verhaltensanalyse abschalten" meinst. Danke für Deine Hilfe! Viele Grüße Hejo |
25.02.2013, 18:30 | #8 |
/// Malware-holic | Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen ok dann klicke im gdata meldungen auf erlauben wenn bei Combofix scan meldungen erscheinen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.02.2013, 13:15 | #9 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hallo, sorry war krank... Habe gestern noch einmal Combofix laufen lassen...Ich habe das Programm als Administrator ausgeführt. Es bestand keine Verbindung zum Internet. Folgende Combofix.txt habe ich im Programmverzeichnis gefunden... Das dunkelblau gefärbte Administrator Fenster war die ganze Nacht geöffnet mit dem Hinweis, daß ein LogDatei vorbereitet wird und der Anwender kein Programm starten soll bis Combofix abgeschlossen ist. Eine Meldung, das das Programm fertig sei, gab es nicht. Ich habe das Fenster dann heute morgen geschlossen. Grüße Hejo ComboFix 13-02-21.02 - ********** 27.02.2013 17:35:52.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.2491 [GMT 1:00] ausgeführt von:: C:\Users\**********\Desktop\ComboFix.exe AV: G Data AntiVirus 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} SP: G Data AntiVirus 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} - REDUZIERTER FUNKTIONALITÄTSMODUS - ((((((((((((((((((((((( Dateien erstellt von 2013-01-27 bis 2013-02-27 )))))))))))))))))))))))))))))) 2013-02-27 16:38:49 . 2013-02-27 16:38:49 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2013-02-27 16:38:49 . 2013-02-27 16:38:49 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-02-27 16:14:24 . 2013-02-27 16:14:24 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0D58FD7-C485-4202-84EA-9B3BFD6C3B99}\offreg.dll 2013-02-19 15:32:28 . 2013-01-08 05:32:08 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F0D58FD7-C485-4202-84EA-9B3BFD6C3B99}\mpengine.dll 2013-02-15 16:14:16 . 2013-02-15 16:14:16 -------- d-----w- C:\Users\**********\AppData\Roaming\Malwarebytes 2013-02-15 16:14:01 . 2013-02-15 16:14:01 -------- d-----w- C:\ProgramData\Malwarebytes 2013-02-15 16:13:59 . 2013-02-15 16:14:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-02-15 16:13:59 . 2012-12-14 15:49:28 24176 ----a-w- C:\windows\system32\drivers\mbam.sys 2013-02-15 16:11:10 . 2013-02-15 16:11:10 -------- d-----w- C:\Users\**********\AppData\Local\Programs 2013-02-14 17:47:40 . 2013-01-09 01:10:05 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 17:47:40 . 2013-01-08 22:01:00 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 17:11:52 . 2007-06-12 13:19:56 139264 ----a-w- C:\windows\ShareBarData.dll 2013-02-14 17:11:52 . 2000-01-24 04:01:00 25600 ----a-w- C:\windows\borlndmm.dll 2013-02-14 17:11:52 . 2000-01-24 04:01:00 248832 ----a-w- C:\windows\SysWow64\vclx50.bpl 2013-02-14 17:11:51 . 2000-01-24 04:01:00 2023424 ----a-w- C:\windows\SysWow64\vcl50.bpl 2013-02-14 17:11:50 . 2010-07-13 10:25:20 572928 ----a-w- C:\windows\SysWow64\SKCL.dll 2013-02-14 17:11:50 . 2000-01-24 04:01:00 264192 ----a-w- C:\windows\SysWow64\midas.dll 2013-02-14 17:11:48 . 2010-07-13 10:24:56 605184 ----a-w- C:\windows\SysWow64\KEYLIB32.dll 2013-02-14 17:11:48 . 2006-03-14 14:04:22 401465 ----a-w- C:\windows\SysWow64\dbcapi.dll 2013-02-14 17:11:46 . 2013-02-14 17:11:52 -------- d-----w- C:\Program Files (x86)\DT 2013-02-14 17:11:46 . 2010-07-01 02:32:00 67312 ----a-w- C:\windows\UnDeployV.exe 2013-02-14 17:11:46 . 2002-07-23 02:53:00 62976 ----a-w- C:\windows\SysWow64\DTTS.dll 2013-02-14 17:10:37 . 2013-02-14 17:38:34 -------- d-----w- C:\dttsdata 2013-02-14 15:25:59 . 2013-01-05 05:53:43 5553512 ----a-w- C:\windows\system32\ntoskrnl.exe 2013-02-14 15:25:59 . 2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-02-14 15:25:58 . 2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-02-14 15:25:55 . 2013-01-04 05:46:09 215040 ----a-w- C:\windows\system32\winsrv.dll 2013-02-14 15:25:55 . 2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-02-14 15:25:55 . 2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-02-14 15:25:55 . 2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-02-14 15:25:55 . 2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-02-14 15:25:55 . 2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-02-14 15:25:40 . 2013-01-04 03:26:48 3153408 ----a-w- C:\windows\system32\win32k.sys 2013-02-14 15:25:37 . 2013-01-03 06:00:54 1913192 ----a-w- C:\windows\system32\drivers\tcpip.sys 2013-02-14 15:25:37 . 2013-01-03 06:00:42 288088 ----a-w- C:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-14 15:19:51 . 2013-02-14 15:19:51 16504 ----a-w- C:\windows\system32\drivers\GdPhyMem.sys 2013-02-07 13:49:12 . 2013-02-07 13:49:12 -------- d-----w- C:\Users\**********\AppData\Local\APN 2013-02-04 16:42:49 . 2013-02-07 13:49:19 -------- d-----w- C:\Program Files (x86)\Ask.com 2013-02-04 16:32:40 . 2013-02-04 16:32:40 -------- d-----w- C:\ProgramData\Ask 2013-02-04 16:32:13 . 2013-02-04 16:32:09 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-04 14:26:59 . 2013-02-04 14:26:59 380445 ----a-w- C:\windows\SysWow64\temp.003 2013-02-04 14:26:59 . 2013-02-04 14:26:59 30749 ----a-w- C:\windows\SysWow64\temp.004 2013-02-04 14:25:38 . 2013-02-15 15:09:55 -------- d-----w- C:\Program Files (x86)\DataTool 2013-02-04 14:21:26 . 2013-02-04 14:25:20 253952 ------w- C:\windows\Setup1.exe 2013-02-04 14:21:23 . 2013-02-04 14:25:20 74752 ----a-w- C:\windows\ST6UNST.EXE 2013-02-04 14:00:40 . 2013-02-15 14:58:40 -------- d-----w- C:\MSData 2013-01-28 17:47:46 . 2013-01-28 17:47:46 106648 ----a-w- C:\windows\system32\drivers\GRD.sys 2013-01-28 17:46:49 . 2013-01-28 17:46:49 -------- d-----w- C:\Users\**********\AppData\Roaming\Funmoods 2013-01-28 17:46:49 . 2013-01-28 17:46:49 -------- d-----w- C:\Users\**********\AppData\Local\Google 2013-01-28 17:45:51 . 2013-01-28 17:55:44 -------- d-----w- C:\ProgramData\Tarma Installer 2013-01-28 17:19:47 . 2013-01-28 17:19:47 -------- d-----w- C:\Program Files (x86)\Bulls Eye Broker 5 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-02-14 17:50:52 . 2012-06-25 08:42:48 70004024 ----a-w- C:\windows\system32\MRT.exe 2013-02-04 16:32:08 . 2012-08-05 11:13:47 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-02-04 16:32:08 . 2012-08-05 11:13:47 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-01-25 17:27:55 . 2012-06-25 08:07:54 62368 ----a-w- C:\windows\system32\drivers\PktIcpt.sys 2013-01-25 17:27:54 . 2012-06-25 08:07:20 64416 ----a-w- C:\windows\system32\drivers\HookCentre.sys 2013-01-25 17:27:35 . 2012-06-25 08:07:19 126880 ----a-w- C:\windows\system32\drivers\MiniIcpt.sys 2013-01-25 17:27:35 . 2012-06-25 08:07:18 54176 ----a-w- C:\windows\system32\drivers\GDBehave.sys 2013-01-25 17:27:34 . 2012-06-25 08:07:14 65008 ----a-w- C:\windows\system32\drivers\gdwfpcd64.sys 2013-01-17 00:28:58 . 2010-11-21 03:27:21 273840 ------w- C:\windows\system32\MpSigStub.exe 2013-01-10 13:35:41 . 2012-06-25 08:37:50 11240 ----a-w- C:\windows\SysWow64\GdScrSv.de.dll 2013-01-04 04:43:21 . 2013-02-14 15:25:55 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-12-16 17:11:22 . 2012-12-22 11:51:48 46080 ----a-w- C:\windows\system32\atmlib.dll 2012-12-16 14:45:03 . 2012-12-22 11:51:48 367616 ----a-w- C:\windows\system32\atmfd.dll 2012-12-16 14:13:28 . 2012-12-22 11:51:48 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 . 2012-12-22 11:51:48 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-07 13:20:16 . 2013-01-10 10:30:28 441856 ----a-w- C:\windows\system32\Wpc.dll 2012-12-07 13:15:31 . 2013-01-10 10:30:28 2746368 ----a-w- C:\windows\system32\gameux.dll 2012-12-07 12:26:17 . 2013-01-10 10:30:28 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 . 2013-01-10 10:30:28 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 . 2013-01-10 10:30:28 30720 ----a-w- C:\windows\system32\usk.rs 2012-12-07 11:20:03 . 2013-01-10 10:30:28 43520 ----a-w- C:\windows\system32\csrr.rs 2012-12-07 11:20:03 . 2013-01-10 10:30:28 23552 ----a-w- C:\windows\system32\oflc.rs 2012-12-07 11:20:01 . 2013-01-10 10:30:28 45568 ----a-w- C:\windows\system32\oflc-nz.rs 2012-12-07 11:20:01 . 2013-01-10 10:30:28 44544 ----a-w- C:\windows\system32\pegibbfc.rs 2012-12-07 11:20:01 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\system32\pegi-fi.rs 2012-12-07 11:20:00 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\system32\pegi-pt.rs 2012-12-07 11:19:59 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\system32\pegi.rs 2012-12-07 11:19:58 . 2013-01-10 10:30:28 46592 ----a-w- C:\windows\system32\fpb.rs 2012-12-07 11:19:57 . 2013-01-10 10:30:28 40960 ----a-w- C:\windows\system32\cob-au.rs 2012-12-07 11:19:57 . 2013-01-10 10:30:28 21504 ----a-w- C:\windows\system32\grb.rs 2012-12-07 11:19:57 . 2013-01-10 10:30:28 15360 ----a-w- C:\windows\system32\djctq.rs 2012-12-07 11:19:56 . 2013-01-10 10:30:28 55296 ----a-w- C:\windows\system32\cero.rs 2012-12-07 11:19:55 . 2013-01-10 10:30:28 51712 ----a-w- C:\windows\system32\esrb.rs 2012-12-07 10:46:42 . 2013-01-10 10:30:28 43520 ----a-w- C:\windows\SysWow64\csrr.rs 2012-12-07 10:46:42 . 2013-01-10 10:30:28 30720 ----a-w- C:\windows\SysWow64\usk.rs 2012-12-07 10:46:41 . 2013-01-10 10:30:28 45568 ----a-w- C:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46:41 . 2013-01-10 10:30:28 44544 ----a-w- C:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46:41 . 2013-01-10 10:30:28 23552 ----a-w- C:\windows\SysWow64\oflc.rs 2012-12-07 10:46:41 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46:40 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46:39 . 2013-01-10 10:30:28 46592 ----a-w- C:\windows\SysWow64\fpb.rs 2012-12-07 10:46:39 . 2013-01-10 10:30:28 20480 ----a-w- C:\windows\SysWow64\pegi.rs 2012-12-07 10:46:38 . 2013-01-10 10:30:28 21504 ----a-w- C:\windows\SysWow64\grb.rs 2012-12-07 10:46:37 . 2013-01-10 10:30:28 40960 ----a-w- C:\windows\SysWow64\cob-au.rs 2012-12-07 10:46:37 . 2013-01-10 10:30:28 15360 ----a-w- C:\windows\SysWow64\djctq.rs 2012-12-07 10:46:36 . 2013-01-10 10:30:28 55296 ----a-w- C:\windows\SysWow64\cero.rs 2012-12-07 10:46:36 . 2013-01-10 10:30:28 51712 ----a-w- C:\windows\SysWow64\esrb.rs 2012-11-30 05:45:35 . 2013-01-10 10:30:02 362496 ----a-w- C:\windows\system32\wow64win.dll 2012-11-30 05:45:35 . 2013-01-10 10:30:02 243200 ----a-w- C:\windows\system32\wow64.dll 2012-11-30 05:45:35 . 2013-01-10 10:30:02 13312 ----a-w- C:\windows\system32\wow64cpu.dll 2012-11-30 05:43:12 . 2013-01-10 10:30:02 16384 ----a-w- C:\windows\system32\ntvdm64.dll 2012-11-30 05:41:07 . 2013-01-10 10:30:02 424448 ----a-w- C:\windows\system32\KernelBase.dll 2012-11-30 05:41:07 . 2013-01-10 10:30:02 1161216 ----a-w- C:\windows\system32\kernel32.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 6144 ---ha-w- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 4608 ---ha-w- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 4608 ---ha-w- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38:45 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 5120 ---ha-w- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 05:38:44 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 04:53:59 . 2013-01-10 10:30:02 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45:15 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45:14 . 2013-01-10 10:30:02 5120 ---ha-w- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45:14 . 2013-01-10 10:30:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-28 17:16:16 1520776] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2013-01-28 17:16:16 1520776 ----a-w- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-28 17:16:16 1520776] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 06:33:10 1155928] "RemoteControl10"="C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 03:24:42 87336] "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 05:21:26 103720] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352] "G Data AntiVirus Tray Application"="C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2013-01-09 12:01:22 1035216] "UIExec"="C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe" [2010-09-30 12:00:28 139088] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848] "ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [2013-01-28 17:16:20 1644680] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) |
28.02.2013, 17:43 | #10 |
/// Malware-holic | Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.02.2013, 19:44 | #11 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hallo markusg, ich habe das Programm CC Cleaner als Administrator ausgeführt und habe Deinen Anweisungen folgend hinter jeder der Programme einen Vermerk gemacht. Ich kenne mich mit den Systemkomponenten nicht so gut aus, gehe aber davon aus, daß ich alles was Intel und Microsoft ist, benötige. Zu meiner Verwunderung wurde parallel zur Installation des CCleaner folgende Meldung eingeblendet: "Inkompatible Add-ons": Folgendes Add on nicht kompatibel mit dieser Version von FireFox und wurde deaktiviert: "DataMngr 1.0". Ich habe keine Funktion ausführen lassen, lediglich das Fenster habe ich mit einem Klick auf das X in der rechten oberen Ecke geschlossen. Ich sage daß, weil diese Meldung beim letzten update des Firefox auch aufpoppte, danach begann das ganze Maleur... Danke für Deine Hilfe! Hier nun die Programmliste: 1&1 Surf-Stick 30.06.2012 1.0.0.2 notwendig 7-Zip 9.20 26.09.2012 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 16.08.2012 6,00MB 11.3.300.271 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.11.2012 6,00MB 11.5.502.110 notwendig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 15.02.2013 168MB 10.1.5 notwendig Ask Toolbar Ask.com 07.02.2013 4,95MB 1.15.15.0 unbekannt Ask Toolbar Updater Ask.com 07.02.2013 1.2.4.36191 unbekannt Bull's-Eye Broker 02.02.2013 notwendig CCleaner Piriform 25.02.2013 3.28 notwendig CyberLink Media Suite CyberLink Corp. 11.10.2011 37,1MB 8.0.2227 unbekannt CyberLink Media+ Player10 CyberLink Corp. 11.10.2011 103MB 10.0.1110.00 unbekannt CyberLink MediaShow CyberLink Corp. 11.10.2011 381MB 5.0.1130a unbekannt CyberLink Power2Go CyberLink Corp. 11.10.2011 108MB 6.1.3802 unbekannt CyberLink PowerDirector CyberLink Corp. 11.10.2011 287MB 8.0.3306 unbekannt CyberLink YouCam CyberLink Corp. 11.10.2011 135MB 3.1.4417 unbekannt DataTool 2.5 04.02.2013 notwendig Dynamic Traders Group, Inc. DT6 2 Dynamic Traders Group, Inc. 14.02.2013 27,2MB 2 notwendig Easy File Share Samsung Electronics Co., Ltd. 11.10.2011 31,0MB 1.1.1699 unbekannt Easy Migration Samsung Electronics Co., Ltd. 11.10.2011 1.0 unbekannt Easy Settings Samsung Electronics Co., Ltd. 11.10.2011 1.1 unbekannt Easy Software Manager Samsung Electronics Co., Ltd. 25.06.2012 1.1.44.25 unbekannt Easy Support Center 1.0 Samsung 11.10.2011 85,1MB 1.1.36 unbekannt ETDWare PS/2-X64 10.0.7.2_WHQL ELAN Microelectronic Corp. 25.06.2012 10.0.7.2 unbekannt FileZilla Client 3.5.3 FileZilla Project 23.07.2012 16,5MB 3.5.3 unnötig G Data AntiVirus 2013 G Data Software AG 25.06.2012 68,1MB 23.0.0.0 notwendig GoToMeeting 5.1.0.880 CitrixOnline 14.09.2012 5.1.0.880 unbekannt Intel(R) Management Engine Components Intel Corporation 11.10.2011 7.0.0.1144 notwendig Intel(R) Processor Graphics Intel Corporation 11.10.2011 74,2MB 8.15.10.2266 notwendig Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed Intel Corporation 25.06.2012 5,82MB 1.1.0.0157 notwendig Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 25.06.2012 88,8MB 1.1.0.0537 notwendig Intel(R) PROSet/Wireless WiFi Software Intel Corporation 11.10.2011 14,3MB 14.01.1000 notwendig Intel(R) Rapid Storage Technology Intel Corporation 28.02.2013 10.1.5.1001 notwendig Java 7 Update 13 Oracle 04.02.2013 129MB 7.0.130 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 15.02.2013 18,4MB 1.70.0.1100 notwendig McAfee Security Scan Plus McAfee, Inc. 14.02.2013 10,2MB 3.0.318.3 notwendig McAfee SiteAdvisor McAfee, Inc. 26.09.2012 3.3.129 notwendig MetaTrader - ActivTrades MetaQuotes Software Corp. 26.06.2012 4.00 notwendig MetaTrader 4 at FOREX.com MetaQuotes Software Corp. 26.06.2012 4.00 notwendig MetaTrader 4 by ThinkForex MetaQuotes Software Corp. 26.06.2012 4.00 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2012 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2012 2,93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 07.01.2013 51,9MB 4.0.30319 notwendig Microsoft Office Home and Student 2010 Microsoft Corporation 05.07.2012 14.0.6029.1000 notwendig Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 07.12.2012 7,71MB 8.0.50727.42 notwendig Microsoft Silverlight Microsoft Corporation 13.09.2012 50,6MB 5.1.10411.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.10.2011 1,69MB 3.1.0000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.06.2012 300KB 8.0.61001 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 11.10.2011 788KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 26.06.2012 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 07.12.2012 1,41MB 9.0.21022 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.10.2011 240KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.10.2011 596KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 26.06.2012 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10.12.2012 15,0MB 10.0.40219 notwendig Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 07.12.2012 notwendig Mozilla Firefox 18.0.2 (x86 de) Mozilla 28.02.2013 43,3MB 18.0.2 notwendig Mozilla Maintenance Service Mozilla 28.02.2013 330KB 18.0.2 unbekannt Multimedia POP 11.10.2011 1.0 unbekannt Norton Online Backup Symantec Corporation 11.10.2011 6,19MB 2.1.17869 notwendig NVIDIA Graphics Driver 268.83 NVIDIA Corporation 11.10.2011 268.83 unbekannt Realtek Ethernet Controller Driver Realtek 11.10.2011 7.44.421.2011 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.10.2011 6.0.1.6413 unbekannt Samsung Recovery Solution 5 Samsung 11.10.2011 5.0.1.5 unbekannt Search-Results Toolbar APN LLC 10.01.2013 1.0.0.12 unbekannt Skype™ 5.10 Skype Technologies S.A. 12.09.2012 19,4MB 5.10.116 notwendig Software Launcher Samsung 11.10.2011 7,11MB 1.0.2 unbekannt TeamViewer 7 TeamViewer 23.07.2012 7.0.13989 notwendig TraderPro 07.12.2012 notwendig TradeStation 9.1 TradeStation Technologies 07.01.2013 166MB 9.01.00.12098 notwendig User Guide 11.10.2011 1.3 unbekannt VLC media player 2.0.3 VideoLAN 13.09.2012 2.0.3 notwendig VMware View Client 25.06.2012 39,7MB unbekannt WHS FutureStation Nano Fipertec 05.09.2012 2.0 notwendig WildTangent Games WildTangent 11.10.2011 1.0.1.5 unbekannt Windows Live 程式集 Microsoft Corporation 11.10.2011 15.4.3508.1109 unbekannt |
28.02.2013, 21:32 | #12 |
/// Malware-holic | Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hi danke für den Hinweis. deinstaliere: Ask : alle CyberLink : alle, falls nicht verwendet FileZilla GoToMeeting Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Search-Results TeamViewer : würde ich nur bei Bedarf instalieren, wenns drauf bleiben soll, upgrade auf Version 8 VMware WildTangent Windows Live Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
01.03.2013, 18:28 | #13 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hi Markusg ich habe Deine Anweisungen befolgt. Nach dem Download von Java war ich noch mit dem Internet verbunden. Ich habe dann mit dem Deinstallieren der Programme weitergemacht. Nach dem Deinstallieren von Search Results hat GData einmal gemeckert. "Unbekannte Bedrohung, gestartet von dllhost.exe / Unbek Herausgeber". Ich habe dann die Meldung mit dem X rechts oben in der Ecke geschlossen und mich vom Internet getrennt sowie den Rechner einmal neu gestartet. Danach habe ich mit Deinem Prozedere wie von Dir beschrieben weitermachen können. Als Ergebnis bekomme ich folgende AdwCleaner (S1).txt: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 01/03/2013 um 18:05:30 erstellt # Aktualisiert am 23/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : ********** - **********-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\**********\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\searchplugins\Search_Results.xml Gelöscht mit Neustart : C:\Program Files (x86)\search results toolbar Gelöscht mit Neustart : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\**********\AppData\Roaming\Funmoods ***** [Registrierungsdatenbank] ***** Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\ilivid Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\iLividSRTB Schlüssel Gelöscht : HKLM\Software\InstallCore Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.2 (de) Datei : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\prefs.js C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\zyxdb7we.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com"); Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406"); ************************* AdwCleaner[S1].txt - [7637 octets] - [01/03/2013 18:05:30] ########## EOF - C:\AdwCleaner[S1].txt - [7697 octets] ########## |
03.03.2013, 20:30 | #14 |
/// Malware-holic | Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hi HitmanPro - Download - Filepony hitmanpro laden, doppelklick, Lizenz, Testlizenz. Auf Scan nichts löschen. Log als xml exportieren und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.03.2013, 17:16 | #15 |
| Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen Hi markusg, anbei der log-file als log-Datei. Ist nicht so groß. Danke für Deine Hilfe. Was empfiehlst Du als Software zum Thema Sicherheit? Darf ruhig etwas kosten. Ich mache schon mal ein paar Trades mit einem oder meheren Online Brokern oder auch Online-Banking. Viele Grüße Hejo Code:
ATTFilter HitmanPro 3.7.2.190 www.hitmanpro.com Computer name . . . . : **********-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : **********-PC\********** UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-03-04 17:01:46 Scan mode . . . . . . : Normal Scan duration . . . . : 3m 53s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 1.427.311 Files scanned . . . . : 12.723 Remnants scanned . . : 261.414 files / 1.153.174 keys |
Themen zu Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen |
7-zip, antivirus, bandoo, board, diner dash, explorer, firefox, gdata, gesucht, infiziert, infizierte, install.exe, installation, internet explorer, kurze, löschen, malware, neu, neuinstallation, nicht mehr, ntdll.dll, nvidia update, nvpciflt.sys, pup.funmoods, registrierungsschlüssel, search results toolbar, searchnu.com, seite, software, startseite, stichwort, tarma, unknown mbr, update, updaten, verändern, zugang, öffnen |