| |
| |||||||
Log-Analyse und Auswertung: Performer-VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.03.2013, 13:05
| #1 |
 |  Performer-Virus Hallo Leute, ich schätze, ich habe mir einen Trojaner/Virus eingefangen. Seit kurzem wird bei vielen Internetseiten, die ich öffe, im unteren Bereich des Bildschirms ein Fester hochgefahren, auf dem mir dann angeboten wird, einen Virenscan durchzuführen, meine Treiber zu aktualisieren oder ähnliches. Dabei wird meist auf eine Internetseite verwiesen, die sich Performer.com nennt. Wenn ich versuche, das Fester mit dem x wegzuklicken, werde ich meistens automatisch weitergeleitet. Die Seite, auf die ich weitergeleitet werden soll, wird von meinem System allerdings geblockt, so dass ich nicht weiß, wohin es mich führen würde. Das Virus nimmt zudem ständig Änderungen an meinen Interneteinstellungen vor, die ich auf Anfrage gerne noch näher beschreibe. Ich habe daraufhin bei Google nach Performer.com gesucht und bin direkt auf Eure Seite gestossen und habe die dort angegebenen Anweisungen/Scans ausgeführt. Der Scan meines Virenschutzprogramms (Norton 360) blieb ohne Befund. Malwarebytes Anti-Malware zeigte zunächst folgendes Ergebnis: siehe Anhang Log-Datei mbam-log-2013-02-26 (14-51-24) Danach habe ich die anderen Scans und die Deaktivierung mit Defogger durchgeführt. Anschließend ließ sich mein Rechner nur noch mithilfe der Wiederherstellung hochfahren. Ich habe dann einen erneuten Scan mit Malwarebytes Anti-Malware durchgeführt, der das folgende Ergebnis aufzeigte: siehe Anhang Log-Datei mbam-log-2013-02-26 (20-06-46) Auch nach dem Scan und dem unter Quarantäne stellen der Viren öffnet sich das Fenster von Performer weiterhin. Änderungen an meinen Einstellungen werden jedoch nicht mehr vorgenommen. Ich hoffe, Ihr könnt mir bei meinem Problem weiterhelfen. Vorab schon mal vielen Dank |
|
01.03.2013, 13:43
| #2 |
| /// Malware-holic   | Performer-Virus Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
:files
:Commands
[emptytemp]
__________________ |
|
01.03.2013, 14:38
| #3 |
| | Performer-Virus Hallo markusg,
__________________vielen Dank für die schnelle Antwort. Hier der Text von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
User: HP
->Temp folder emptied: 371676 bytes
->Temporary Internet Files folder emptied: 3835808 bytes
->Java cache emptied: 14261457 bytes
->FireFox cache emptied: 74307352 bytes
->Flash cache emptied: 506 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24041575 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 111,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03012013_142951
Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
01.03.2013, 17:12
| #4 |
| /// Malware-holic | Performer-Virus Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 18:12
| #5 |
| | Performer-Virus Hi, TDSSKiller.exe runtergeladen und Scan ausgeführt. Das Logfile sieht folgendermaßen aus: Code:
ATTFilter 18:02:28.0559 3668 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:02:28.0839 3668 ============================================================
18:02:28.0839 3668 Current date / time: 2013/03/01 18:02:28.0839
18:02:28.0839 3668 SystemInfo:
18:02:28.0839 3668
18:02:28.0839 3668 OS Version: 6.1.7601 ServicePack: 1.0
18:02:28.0839 3668 Product type: Workstation
18:02:28.0839 3668 ComputerName: HP-HP
18:02:28.0839 3668 UserName: HP
18:02:28.0839 3668 Windows directory: C:\Windows
18:02:28.0839 3668 System windows directory: C:\Windows
18:02:28.0839 3668 Running under WOW64
18:02:28.0839 3668 Processor architecture: Intel x64
18:02:28.0839 3668 Number of processors: 4
18:02:28.0839 3668 Page size: 0x1000
18:02:28.0839 3668 Boot type: Normal boot
18:02:28.0839 3668 ============================================================
18:02:30.0181 3668 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:02:30.0197 3668 ============================================================
18:02:30.0197 3668 \Device\Harddisk0\DR0:
18:02:30.0197 3668 MBR partitions:
18:02:30.0197 3668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:02:30.0197 3668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37182800
18:02:30.0197 3668 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x371E6800, BlocksNum 0x29AF800
18:02:30.0197 3668 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF800
18:02:30.0197 3668 ============================================================
18:02:30.0228 3668 C: <-> \Device\Harddisk0\DR0\Partition2
18:02:30.0275 3668 D: <-> \Device\Harddisk0\DR0\Partition3
18:02:30.0290 3668 E: <-> \Device\Harddisk0\DR0\Partition4
18:02:30.0290 3668 ============================================================
18:02:30.0290 3668 Initialize success
18:02:30.0290 3668 ============================================================
18:03:59.0457 4960 ============================================================
18:03:59.0457 4960 Scan started
18:03:59.0457 4960 Mode: Manual; SigCheck; TDLFS;
18:03:59.0457 4960 ============================================================
18:03:59.0878 4960 ================ Scan system memory ========================
18:03:59.0878 4960 System memory - ok
18:03:59.0878 4960 ================ Scan services =============================
18:04:00.0128 4960 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:04:00.0299 4960 1394ohci - ok
18:04:00.0377 4960 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
18:04:00.0658 4960 Accelerometer - ok
18:04:00.0705 4960 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:04:00.0767 4960 ACPI - ok
18:04:00.0830 4960 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:04:00.0908 4960 AcpiPmi - ok
18:04:01.0017 4960 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:04:01.0048 4960 AdobeARMservice - ok
18:04:01.0204 4960 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:04:01.0235 4960 AdobeFlashPlayerUpdateSvc - ok
18:04:01.0298 4960 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:04:01.0345 4960 adp94xx - ok
18:04:01.0423 4960 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:04:01.0469 4960 adpahci - ok
18:04:01.0469 4960 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:04:01.0485 4960 adpu320 - ok
18:04:01.0501 4960 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:04:01.0579 4960 AeLookupSvc - ok
18:04:01.0688 4960 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
18:04:01.0750 4960 AESTFilters - ok
18:04:01.0813 4960 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:04:01.0906 4960 AFD - ok
18:04:01.0953 4960 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:04:01.0984 4960 agp440 - ok
18:04:02.0047 4960 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\Windows\system32\drivers\aksdf.sys
18:04:02.0109 4960 aksdf - ok
18:04:02.0140 4960 [ BC61697103C9EFC3DBA83777CEA8E76B ] aksfridge C:\Windows\system32\DRIVERS\aksfridge.sys
18:04:02.0156 4960 aksfridge - ok
18:04:02.0187 4960 [ A56F1B0F967AEF8A82D7771E6D166DEF ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
18:04:02.0249 4960 akshasp - ok
18:04:02.0296 4960 [ BC0EE7F8D0BE561793B80871F4F10627 ] akshhl C:\Windows\system32\DRIVERS\akshhl.sys
18:04:02.0359 4960 akshhl - ok
18:04:02.0421 4960 [ B13237DDA02267B5D5B8A68780CB4817 ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
18:04:02.0483 4960 aksusb - ok
18:04:02.0515 4960 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:04:02.0608 4960 ALG - ok
18:04:02.0671 4960 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:04:02.0686 4960 aliide - ok
18:04:02.0780 4960 ALSysIO - ok
18:04:02.0842 4960 [ C53D784D7303C463D004C0D5782917B4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:04:02.0920 4960 AMD External Events Utility - ok
18:04:02.0983 4960 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:04:02.0998 4960 amdide - ok
18:04:03.0076 4960 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:04:03.0123 4960 AmdK8 - ok
18:04:03.0419 4960 [ 06778049A44C316E8D016039B9D14667 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:04:03.0731 4960 amdkmdag - ok
18:04:03.0763 4960 [ 94B4028F0EEA1F166D78186A254676B5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:04:03.0825 4960 amdkmdap - ok
18:04:03.0856 4960 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:04:03.0903 4960 AmdPPM - ok
18:04:03.0965 4960 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:04:03.0997 4960 amdsata - ok
18:04:04.0043 4960 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:04:04.0075 4960 amdsbs - ok
18:04:04.0090 4960 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:04:04.0106 4960 amdxata - ok
18:04:04.0153 4960 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:04:04.0246 4960 AppID - ok
18:04:04.0277 4960 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:04:04.0371 4960 AppIDSvc - ok
18:04:04.0402 4960 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:04:04.0480 4960 Appinfo - ok
18:04:04.0511 4960 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:04:04.0527 4960 arc - ok
18:04:04.0558 4960 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:04:04.0558 4960 arcsas - ok
18:04:04.0605 4960 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:04.0652 4960 AsyncMac - ok
18:04:04.0714 4960 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:04:04.0745 4960 atapi - ok
18:04:04.0855 4960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:04.0995 4960 AudioEndpointBuilder - ok
18:04:05.0042 4960 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:04:05.0089 4960 AudioSrv - ok
18:04:05.0135 4960 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:04:05.0213 4960 AxInstSV - ok
18:04:05.0291 4960 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:04:05.0385 4960 b06bdrv - ok
18:04:05.0432 4960 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:04:05.0494 4960 b57nd60a - ok
18:04:05.0572 4960 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:04:05.0666 4960 BCM43XX - ok
18:04:05.0713 4960 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:04:05.0775 4960 BDESVC - ok
18:04:05.0853 4960 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:05.0947 4960 Beep - ok
18:04:06.0056 4960 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:04:06.0149 4960 BFE - ok
18:04:06.0383 4960 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys
18:04:06.0430 4960 BHDrvx64 - ok
18:04:06.0461 4960 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:04:06.0602 4960 BITS - ok
18:04:06.0633 4960 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:04:06.0695 4960 blbdrive - ok
18:04:06.0727 4960 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:06.0773 4960 bowser - ok
18:04:06.0867 4960 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:04:06.0929 4960 BrFiltLo - ok
18:04:06.0929 4960 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:04:06.0945 4960 BrFiltUp - ok
18:04:07.0023 4960 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:04:07.0117 4960 Browser - ok
18:04:07.0132 4960 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:04:07.0210 4960 Brserid - ok
18:04:07.0241 4960 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:04:07.0273 4960 BrSerWdm - ok
18:04:07.0304 4960 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:04:07.0335 4960 BrUsbMdm - ok
18:04:07.0351 4960 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:04:07.0366 4960 BrUsbSer - ok
18:04:07.0397 4960 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:04:07.0429 4960 BTHMODEM - ok
18:04:07.0491 4960 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:04:07.0553 4960 bthserv - ok
18:04:07.0631 4960 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys
18:04:07.0663 4960 ccSet_N360 - ok
18:04:07.0725 4960 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:07.0819 4960 cdfs - ok
18:04:07.0865 4960 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:07.0912 4960 cdrom - ok
18:04:07.0959 4960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:08.0037 4960 CertPropSvc - ok
18:04:08.0115 4960 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:04:08.0193 4960 circlass - ok
18:04:08.0209 4960 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:04:08.0240 4960 CLFS - ok
18:04:08.0302 4960 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:08.0333 4960 clr_optimization_v2.0.50727_32 - ok
18:04:08.0380 4960 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:04:08.0396 4960 clr_optimization_v2.0.50727_64 - ok
18:04:08.0505 4960 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:08.0536 4960 clr_optimization_v4.0.30319_32 - ok
18:04:08.0567 4960 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:04:08.0567 4960 clr_optimization_v4.0.30319_64 - ok
18:04:08.0630 4960 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
18:04:08.0645 4960 clwvd - ok
18:04:08.0692 4960 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:04:08.0739 4960 CmBatt - ok
18:04:08.0770 4960 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:08.0786 4960 cmdide - ok
18:04:08.0848 4960 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:04:08.0911 4960 CNG - ok
18:04:08.0973 4960 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:04:08.0989 4960 Compbatt - ok
18:04:09.0004 4960 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:04:09.0082 4960 CompositeBus - ok
18:04:09.0098 4960 COMSysApp - ok
18:04:09.0113 4960 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:04:09.0129 4960 crcdisk - ok
18:04:09.0191 4960 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:09.0269 4960 CryptSvc - ok
18:04:09.0347 4960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:09.0441 4960 DcomLaunch - ok
18:04:09.0503 4960 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:04:09.0597 4960 defragsvc - ok
18:04:09.0644 4960 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:09.0722 4960 DfsC - ok
18:04:09.0784 4960 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:04:09.0878 4960 Dhcp - ok
18:04:09.0925 4960 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:04:10.0018 4960 discache - ok
18:04:10.0081 4960 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:04:10.0112 4960 Disk - ok
18:04:10.0159 4960 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:10.0252 4960 Dnscache - ok
18:04:10.0299 4960 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:10.0377 4960 dot3svc - ok
18:04:10.0408 4960 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:04:10.0471 4960 DPS - ok
18:04:10.0517 4960 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:10.0564 4960 drmkaud - ok
18:04:10.0627 4960 [ A4F408AD1065C7AD2ED332C68025B435 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:10.0673 4960 DXGKrnl - ok
18:04:10.0736 4960 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:10.0829 4960 EapHost - ok
18:04:10.0954 4960 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:04:11.0079 4960 ebdrv - ok
18:04:11.0251 4960 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:04:11.0282 4960 eeCtrl - ok
18:04:11.0313 4960 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:04:11.0375 4960 EFS - ok
18:04:11.0469 4960 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:04:11.0594 4960 ehRecvr - ok
18:04:11.0609 4960 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:04:11.0656 4960 ehSched - ok
18:04:11.0703 4960 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:04:11.0765 4960 elxstor - ok
18:04:11.0859 4960 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:04:11.0875 4960 EraserUtilRebootDrv - ok
18:04:11.0906 4960 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:04:11.0937 4960 ErrDev - ok
18:04:11.0999 4960 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:04:12.0093 4960 EventSystem - ok
18:04:12.0140 4960 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:04:12.0155 4960 exfat - ok
18:04:12.0202 4960 ezSharedSvc - ok
18:04:12.0233 4960 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:12.0327 4960 fastfat - ok
18:04:12.0405 4960 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:04:12.0499 4960 Fax - ok
18:04:12.0530 4960 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:04:12.0592 4960 fdc - ok
18:04:12.0623 4960 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:12.0686 4960 fdPHost - ok
18:04:12.0701 4960 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:12.0733 4960 FDResPub - ok
18:04:12.0764 4960 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:12.0764 4960 FileInfo - ok
18:04:12.0779 4960 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:12.0857 4960 Filetrace - ok
18:04:12.0904 4960 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:04:12.0935 4960 flpydisk - ok
18:04:12.0967 4960 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:12.0998 4960 FltMgr - ok
18:04:13.0091 4960 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:04:13.0185 4960 FontCache - ok
18:04:13.0232 4960 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:04:13.0263 4960 FontCache3.0.0.0 - ok
18:04:13.0357 4960 [ F80BDC0D9E7B9595E74B434446AD3781 ] FPLService C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
18:04:13.0388 4960 FPLService - ok
18:04:13.0419 4960 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:04:13.0450 4960 FsDepends - ok
18:04:13.0544 4960 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:13.0559 4960 Fs_Rec - ok
18:04:13.0684 4960 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:04:13.0731 4960 fvevol - ok
18:04:13.0762 4960 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:04:13.0778 4960 gagp30kx - ok
18:04:13.0825 4960 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:13.0871 4960 gpsvc - ok
18:04:13.0949 4960 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\Windows\system32\drivers\hardlock.sys
18:04:14.0012 4960 hardlock - ok
18:04:14.0012 4960 hasplms - ok
18:04:14.0074 4960 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:04:14.0168 4960 hcw85cir - ok
18:04:14.0215 4960 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:14.0277 4960 HdAudAddService - ok
18:04:14.0355 4960 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:04:14.0417 4960 HDAudBus - ok
18:04:14.0449 4960 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:04:14.0495 4960 HidBatt - ok
18:04:14.0527 4960 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:04:14.0558 4960 HidBth - ok
18:04:14.0573 4960 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:04:14.0589 4960 HidIr - ok
18:04:14.0620 4960 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:04:14.0698 4960 hidserv - ok
18:04:14.0729 4960 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:14.0745 4960 HidUsb - ok
18:04:14.0776 4960 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:14.0839 4960 hkmsvc - ok
18:04:14.0854 4960 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:04:14.0948 4960 HomeGroupListener - ok
18:04:14.0963 4960 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:04:14.0995 4960 HomeGroupProvider - ok
18:04:15.0041 4960 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:04:15.0041 4960 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
18:04:15.0041 4960 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
18:04:15.0088 4960 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:04:15.0119 4960 HPClientSvc - ok
18:04:15.0213 4960 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:04:15.0244 4960 HPDrvMntSvc.exe - ok
18:04:15.0307 4960 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
18:04:15.0322 4960 hpdskflt - ok
18:04:15.0416 4960 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:04:15.0447 4960 hpqwmiex - ok
18:04:15.0478 4960 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:04:15.0494 4960 HpSAMD - ok
18:04:15.0509 4960 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
18:04:15.0525 4960 hpsrv - ok
18:04:15.0603 4960 [ 491CE9B6321FB74E4B37AF2C47F98434 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:04:15.0619 4960 HPWMISVC - ok
18:04:15.0712 4960 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:15.0821 4960 HTTP - ok
18:04:15.0853 4960 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:04:15.0868 4960 hwpolicy - ok
18:04:15.0899 4960 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:15.0915 4960 i8042prt - ok
18:04:15.0931 4960 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:04:15.0931 4960 iaStor - ok
18:04:16.0040 4960 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:04:16.0071 4960 IAStorDataMgrSvc - ok
18:04:16.0133 4960 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:04:16.0165 4960 iaStorV - ok
18:04:16.0305 4960 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
18:04:16.0430 4960 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
18:04:16.0430 4960 IconMan_R - detected UnsignedFile.Multi.Generic (1)
18:04:16.0508 4960 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:04:16.0555 4960 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:04:16.0555 4960 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:04:16.0633 4960 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:04:16.0695 4960 idsvc - ok
18:04:16.0851 4960 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130228.001\IDSvia64.sys
18:04:16.0882 4960 IDSVia64 - ok
18:04:16.0945 4960 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:04:16.0976 4960 iirsp - ok
18:04:17.0054 4960 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:17.0147 4960 IKEEXT - ok
18:04:17.0210 4960 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:04:17.0241 4960 IntcDAud - ok
18:04:17.0288 4960 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:17.0303 4960 intelide - ok
18:04:17.0569 4960 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
18:04:17.0896 4960 intelkmd - ok
18:04:17.0943 4960 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:17.0990 4960 intelppm - ok
18:04:18.0083 4960 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:18.0177 4960 IPBusEnum - ok
18:04:18.0224 4960 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:18.0302 4960 IpFilterDriver - ok
18:04:18.0349 4960 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:18.0364 4960 iphlpsvc - ok
18:04:18.0380 4960 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:04:18.0427 4960 IPMIDRV - ok
18:04:18.0458 4960 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:04:18.0520 4960 IPNAT - ok
18:04:18.0583 4960 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:18.0598 4960 IRENUM - ok
18:04:18.0598 4960 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:18.0614 4960 isapnp - ok
18:04:18.0629 4960 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:04:18.0629 4960 iScsiPrt - ok
18:04:18.0723 4960 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
18:04:18.0754 4960 jhi_service - ok
18:04:18.0801 4960 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:04:18.0832 4960 kbdclass - ok
18:04:18.0863 4960 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:04:18.0926 4960 kbdhid - ok
18:04:18.0973 4960 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:04:19.0004 4960 KeyIso - ok
18:04:19.0019 4960 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:19.0035 4960 KSecDD - ok
18:04:19.0066 4960 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:04:19.0082 4960 KSecPkg - ok
18:04:19.0113 4960 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:04:19.0160 4960 ksthunk - ok
18:04:19.0207 4960 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:19.0300 4960 KtmRm - ok
18:04:19.0378 4960 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:04:19.0472 4960 LanmanServer - ok
18:04:19.0503 4960 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:19.0581 4960 LanmanWorkstation - ok
18:04:19.0628 4960 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:19.0690 4960 lltdio - ok
18:04:19.0721 4960 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:19.0799 4960 lltdsvc - ok
18:04:19.0831 4960 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:19.0846 4960 lmhosts - ok
18:04:19.0909 4960 [ 519D66259DF1672AABCE9D2E0ACC5552 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:04:19.0940 4960 LMS - ok
18:04:19.0987 4960 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:04:20.0002 4960 LSI_FC - ok
18:04:20.0018 4960 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:04:20.0033 4960 LSI_SAS - ok
18:04:20.0049 4960 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:04:20.0065 4960 LSI_SAS2 - ok
18:04:20.0065 4960 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:04:20.0080 4960 LSI_SCSI - ok
18:04:20.0096 4960 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:20.0143 4960 luafv - ok
18:04:20.0174 4960 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:04:20.0174 4960 MBAMProtector - ok
18:04:20.0283 4960 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:04:20.0314 4960 MBAMScheduler - ok
18:04:20.0377 4960 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:20.0408 4960 MBAMService - ok
18:04:20.0486 4960 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:04:20.0533 4960 Mcx2Svc - ok
18:04:20.0579 4960 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:04:20.0611 4960 megasas - ok
18:04:20.0626 4960 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:04:20.0657 4960 MegaSR - ok
18:04:20.0673 4960 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:04:20.0689 4960 MEIx64 - ok
18:04:20.0704 4960 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:04:20.0782 4960 MMCSS - ok
18:04:20.0798 4960 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:04:20.0845 4960 Modem - ok
18:04:20.0891 4960 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:20.0938 4960 monitor - ok
18:04:21.0001 4960 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:21.0016 4960 mouclass - ok
18:04:21.0063 4960 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:21.0141 4960 mouhid - ok
18:04:21.0188 4960 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:04:21.0203 4960 mountmgr - ok
18:04:21.0281 4960 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:04:21.0297 4960 MozillaMaintenance - ok
18:04:21.0328 4960 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:21.0344 4960 mpio - ok
18:04:21.0375 4960 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:21.0437 4960 mpsdrv - ok
18:04:21.0469 4960 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:21.0531 4960 MpsSvc - ok
18:04:21.0562 4960 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:21.0625 4960 MRxDAV - ok
18:04:21.0640 4960 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:21.0703 4960 mrxsmb - ok
18:04:21.0734 4960 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:21.0749 4960 mrxsmb10 - ok
18:04:21.0765 4960 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:21.0781 4960 mrxsmb20 - ok
18:04:21.0781 4960 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:21.0796 4960 msahci - ok
18:04:21.0812 4960 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:21.0827 4960 msdsm - ok
18:04:21.0843 4960 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:04:21.0890 4960 MSDTC - ok
18:04:21.0921 4960 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:21.0983 4960 Msfs - ok
18:04:22.0030 4960 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:04:22.0077 4960 mshidkmdf - ok
18:04:22.0093 4960 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:22.0093 4960 msisadrv - ok
18:04:22.0124 4960 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:22.0171 4960 MSiSCSI - ok
18:04:22.0171 4960 msiserver - ok
18:04:22.0249 4960 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:22.0327 4960 MSKSSRV - ok
18:04:22.0358 4960 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:22.0436 4960 MSPCLOCK - ok
18:04:22.0451 4960 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:22.0483 4960 MSPQM - ok
18:04:22.0514 4960 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:22.0529 4960 MsRPC - ok
18:04:22.0545 4960 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:04:22.0545 4960 mssmbios - ok
18:04:22.0561 4960 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:22.0654 4960 MSTEE - ok
18:04:22.0654 4960 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:04:22.0670 4960 MTConfig - ok
18:04:22.0701 4960 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:22.0732 4960 Mup - ok
18:04:22.0841 4960 [ 4BA84C832E0741A294C4444556DFE993 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe
18:04:22.0873 4960 N360 - ok
18:04:22.0888 4960 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:04:22.0966 4960 napagent - ok
18:04:23.0044 4960 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:23.0122 4960 NativeWifiP - ok
18:04:23.0263 4960 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130228.024\ENG64.SYS
18:04:23.0294 4960 NAVENG - ok
18:04:23.0372 4960 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130228.024\EX64.SYS
18:04:23.0419 4960 NAVEX15 - ok
18:04:23.0481 4960 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:23.0559 4960 NDIS - ok
18:04:23.0606 4960 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:04:23.0684 4960 NdisCap - ok
18:04:23.0762 4960 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:23.0809 4960 NdisTapi - ok
18:04:23.0824 4960 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:23.0855 4960 Ndisuio - ok
18:04:23.0871 4960 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:23.0918 4960 NdisWan - ok
18:04:23.0949 4960 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:24.0027 4960 NDProxy - ok
18:04:24.0058 4960 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:24.0136 4960 NetBIOS - ok
18:04:24.0183 4960 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:04:24.0245 4960 NetBT - ok
18:04:24.0292 4960 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:04:24.0323 4960 Netlogon - ok
18:04:24.0339 4960 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:04:24.0417 4960 Netman - ok
18:04:24.0448 4960 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:04:24.0511 4960 netprofm - ok
18:04:24.0542 4960 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:24.0557 4960 NetTcpPortSharing - ok
18:04:24.0589 4960 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:04:24.0620 4960 nfrd960 - ok
18:04:24.0682 4960 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:04:24.0729 4960 NlaSvc - ok
18:04:24.0791 4960 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:04:24.0854 4960 Npfs - ok
18:04:24.0869 4960 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:04:24.0901 4960 nsi - ok
18:04:24.0916 4960 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:04:24.0963 4960 nsiproxy - ok
18:04:25.0041 4960 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:04:25.0135 4960 Ntfs - ok
18:04:25.0166 4960 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:04:25.0197 4960 Null - ok
18:04:25.0275 4960 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
18:04:25.0291 4960 nusb3hub - ok
18:04:25.0353 4960 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:04:25.0400 4960 nusb3xhc - ok
18:04:25.0447 4960 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:04:25.0509 4960 NVENETFD - ok
18:04:25.0571 4960 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:04:25.0603 4960 nvraid - ok
18:04:25.0649 4960 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:04:25.0681 4960 nvstor - ok
18:04:25.0727 4960 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:04:25.0743 4960 nv_agp - ok
18:04:25.0759 4960 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:04:25.0774 4960 ohci1394 - ok
18:04:25.0868 4960 OracleJobSchedulerXE - ok
18:04:25.0899 4960 OracleMTSRecoveryService - ok
18:04:25.0899 4960 OracleServiceXE - ok
18:04:25.0915 4960 OracleXEClrAgent - ok
18:04:25.0993 4960 [ 8AF936CE45788974EFFF7D0F19143583 ] OracleXETNSListener C:\MovE\Programme\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
18:04:26.0024 4960 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - warning
18:04:26.0024 4960 OracleXETNSListener - detected UnsignedFile.Multi.Generic (1)
18:04:26.0117 4960 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:26.0149 4960 ose - ok
18:04:26.0351 4960 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:04:26.0414 4960 osppsvc - ok
18:04:26.0445 4960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:04:26.0523 4960 p2pimsvc - ok
18:04:26.0570 4960 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:04:26.0601 4960 p2psvc - ok
18:04:26.0617 4960 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:04:26.0679 4960 Parport - ok
18:04:26.0710 4960 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:04:26.0741 4960 partmgr - ok
18:04:26.0757 4960 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:04:26.0819 4960 PcaSvc - ok
18:04:26.0851 4960 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:04:26.0866 4960 pci - ok
18:04:26.0882 4960 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:04:26.0897 4960 pciide - ok
18:04:26.0897 4960 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:04:26.0913 4960 pcmcia - ok
18:04:26.0913 4960 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:04:26.0929 4960 pcw - ok
18:04:26.0944 4960 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:04:27.0038 4960 PEAUTH - ok
18:04:27.0147 4960 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:04:27.0209 4960 PerfHost - ok
18:04:27.0303 4960 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:04:27.0412 4960 pla - ok
18:04:27.0475 4960 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:04:27.0568 4960 PlugPlay - ok
18:04:27.0599 4960 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:04:27.0646 4960 PNRPAutoReg - ok
18:04:27.0693 4960 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:04:27.0724 4960 PNRPsvc - ok
18:04:27.0755 4960 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:04:27.0802 4960 PolicyAgent - ok
18:04:27.0849 4960 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:04:27.0865 4960 Power - ok
18:04:27.0911 4960 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:04:27.0989 4960 PptpMiniport - ok
18:04:28.0052 4960 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:04:28.0083 4960 Processor - ok
18:04:28.0145 4960 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:04:28.0208 4960 ProfSvc - ok
18:04:28.0239 4960 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:04:28.0255 4960 ProtectedStorage - ok
18:04:28.0301 4960 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:04:28.0348 4960 Psched - ok
18:04:28.0457 4960 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:04:28.0535 4960 ql2300 - ok
18:04:28.0551 4960 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:04:28.0551 4960 ql40xx - ok
18:04:28.0598 4960 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:04:28.0613 4960 QWAVE - ok
18:04:28.0629 4960 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:04:28.0676 4960 QWAVEdrv - ok
18:04:28.0754 4960 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
18:04:28.0785 4960 RapiMgr - ok
18:04:28.0801 4960 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:04:28.0847 4960 RasAcd - ok
18:04:28.0894 4960 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:04:28.0941 4960 RasAgileVpn - ok
18:04:28.0972 4960 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:04:29.0035 4960 RasAuto - ok
18:04:29.0050 4960 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:04:29.0097 4960 Rasl2tp - ok
18:04:29.0128 4960 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:04:29.0159 4960 RasMan - ok
18:04:29.0191 4960 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:04:29.0269 4960 RasPppoe - ok
18:04:29.0284 4960 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:04:29.0362 4960 RasSstp - ok
18:04:29.0393 4960 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:04:29.0440 4960 rdbss - ok
18:04:29.0471 4960 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:04:29.0534 4960 rdpbus - ok
18:04:29.0549 4960 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:04:29.0627 4960 RDPCDD - ok
18:04:29.0643 4960 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:04:29.0674 4960 RDPENCDD - ok
18:04:29.0690 4960 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:04:29.0705 4960 RDPREFMP - ok
18:04:29.0737 4960 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:04:29.0799 4960 RDPWD - ok
18:04:29.0815 4960 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:04:29.0830 4960 rdyboost - ok
18:04:29.0861 4960 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:04:29.0955 4960 RemoteAccess - ok
18:04:29.0986 4960 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:04:30.0049 4960 RemoteRegistry - ok
18:04:30.0080 4960 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:04:30.0173 4960 RpcEptMapper - ok
18:04:30.0189 4960 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:04:30.0236 4960 RpcLocator - ok
18:04:30.0283 4960 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:04:30.0329 4960 RpcSs - ok
18:04:30.0423 4960 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
18:04:30.0454 4960 RSPCIESTOR - ok
18:04:30.0485 4960 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:04:30.0532 4960 rspndr - ok
18:04:30.0563 4960 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:04:30.0579 4960 RTL8167 - ok
18:04:30.0595 4960 [ F33E70E48A54A7A1BFBEEB4F3B273E4A ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
18:04:30.0610 4960 RTL8192Ce - ok
18:04:30.0626 4960 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:04:30.0626 4960 SamSs - ok
18:04:30.0641 4960 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:04:30.0657 4960 sbp2port - ok
18:04:30.0673 4960 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:04:30.0704 4960 SCardSvr - ok
18:04:30.0719 4960 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:04:30.0782 4960 scfilter - ok
18:04:30.0829 4960 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:04:30.0922 4960 Schedule - ok
18:04:30.0953 4960 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:04:30.0985 4960 SCPolicySvc - ok
18:04:31.0047 4960 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:04:31.0109 4960 sdbus - ok
18:04:31.0141 4960 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:04:31.0187 4960 SDRSVC - ok
18:04:31.0234 4960 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:04:31.0312 4960 secdrv - ok
18:04:31.0343 4960 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:04:31.0406 4960 seclogon - ok
18:04:31.0437 4960 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:04:31.0499 4960 SENS - ok
18:04:31.0515 4960 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:04:31.0546 4960 SensrSvc - ok
18:04:31.0593 4960 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:04:31.0655 4960 Serenum - ok
18:04:31.0671 4960 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:04:31.0718 4960 Serial - ok
18:04:31.0765 4960 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:04:31.0811 4960 sermouse - ok
18:04:31.0843 4960 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:04:31.0905 4960 SessionEnv - ok
18:04:31.0905 4960 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:04:31.0921 4960 sffdisk - ok
18:04:31.0936 4960 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:04:31.0983 4960 sffp_mmc - ok
18:04:31.0999 4960 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:04:32.0045 4960 sffp_sd - ok
18:04:32.0077 4960 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:04:32.0092 4960 sfloppy - ok
18:04:32.0139 4960 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:04:32.0217 4960 SharedAccess - ok
18:04:32.0248 4960 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:04:32.0295 4960 ShellHWDetection - ok
18:04:32.0373 4960 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:04:32.0404 4960 SiSRaid2 - ok
18:04:32.0420 4960 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:04:32.0451 4960 SiSRaid4 - ok
18:04:32.0529 4960 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:04:32.0560 4960 SkypeUpdate - ok
18:04:32.0607 4960 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:04:32.0685 4960 Smb - ok
18:04:32.0747 4960 [ D48F87803F3965EE04D9BCB318791AAB ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
18:04:32.0779 4960 SMR311 - ok
18:04:32.0825 4960 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:04:32.0872 4960 SNMPTRAP - ok
18:04:32.0888 4960 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:04:32.0903 4960 spldr - ok
18:04:32.0950 4960 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:04:32.0966 4960 Spooler - ok
18:04:33.0091 4960 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:04:33.0262 4960 sppsvc - ok
18:04:33.0293 4960 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:04:33.0325 4960 sppuinotify - ok
18:04:33.0434 4960 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\N360x64\1402010.016\SRTSP64.SYS
18:04:33.0481 4960 SRTSP - ok
18:04:33.0496 4960 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1402010.016\SRTSPX64.SYS
18:04:33.0512 4960 SRTSPX - ok
18:04:33.0527 4960 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:04:33.0574 4960 srv - ok
18:04:33.0605 4960 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:04:33.0699 4960 srv2 - ok
18:04:33.0730 4960 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:04:33.0761 4960 SrvHsfHDA - ok
18:04:33.0793 4960 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:04:33.0871 4960 SrvHsfV92 - ok
18:04:33.0902 4960 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:04:33.0917 4960 SrvHsfWinac - ok
18:04:33.0964 4960 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:04:33.0995 4960 srvnet - ok
18:04:34.0027 4960 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:04:34.0073 4960 SSDPSRV - ok
18:04:34.0089 4960 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:04:34.0120 4960 SstpSvc - ok
18:04:34.0183 4960 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
18:04:34.0214 4960 STacSV - ok
18:04:34.0245 4960 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:04:34.0276 4960 stexstor - ok
18:04:34.0370 4960 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
18:04:34.0448 4960 STHDA - ok
18:04:34.0510 4960 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:04:34.0573 4960 stisvc - ok
18:04:34.0604 4960 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:04:34.0604 4960 swenum - ok
18:04:34.0651 4960 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:04:34.0713 4960 swprv - ok
18:04:34.0760 4960 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS
18:04:34.0775 4960 SymDS - ok
18:04:34.0853 4960 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS
18:04:34.0900 4960 SymEFA - ok
18:04:34.0947 4960 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:04:34.0947 4960 SymEvent - ok
18:04:34.0978 4960 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS
18:04:34.0994 4960 SymIRON - ok
18:04:35.0009 4960 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS
18:04:35.0009 4960 SymNetS - ok
18:04:35.0103 4960 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:04:35.0134 4960 SynTP - ok
18:04:35.0181 4960 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:04:35.0259 4960 SysMain - ok
18:04:35.0290 4960 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:04:35.0337 4960 TabletInputService - ok
18:04:35.0368 4960 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:04:35.0415 4960 TapiSrv - ok
18:04:35.0415 4960 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:04:35.0446 4960 TBS - ok
18:04:35.0493 4960 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:04:35.0571 4960 Tcpip - ok
18:04:35.0665 4960 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:04:35.0727 4960 TCPIP6 - ok
18:04:35.0758 4960 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:04:35.0758 4960 tcpipreg - ok
18:04:35.0805 4960 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:04:35.0836 4960 TDPIPE - ok
18:04:35.0867 4960 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:04:35.0883 4960 TDTCP - ok
18:04:35.0883 4960 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:04:35.0914 4960 tdx - ok
18:04:35.0930 4960 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:04:35.0945 4960 TermDD - ok
18:04:35.0992 4960 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:04:36.0101 4960 TermService - ok
18:04:36.0117 4960 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:04:36.0133 4960 Themes - ok
18:04:36.0164 4960 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:04:36.0195 4960 THREADORDER - ok
18:04:36.0195 4960 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:04:36.0257 4960 TrkWks - ok
18:04:36.0320 4960 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:04:36.0382 4960 TrustedInstaller - ok
18:04:36.0382 4960 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:36.0429 4960 tssecsrv - ok
18:04:36.0507 4960 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:04:36.0554 4960 TsUsbFlt - ok
18:04:36.0569 4960 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:04:36.0585 4960 TsUsbGD - ok
18:04:36.0725 4960 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
18:04:36.0772 4960 TuneUp.UtilitiesSvc - ok
18:04:36.0835 4960 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
18:04:36.0850 4960 TuneUpUtilitiesDrv - ok
18:04:36.0897 4960 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:04:36.0975 4960 tunnel - ok
18:04:37.0006 4960 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:04:37.0037 4960 uagp35 - ok
18:04:37.0069 4960 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:04:37.0131 4960 udfs - ok
18:04:37.0178 4960 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:04:37.0193 4960 UI0Detect - ok
18:04:37.0209 4960 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:04:37.0209 4960 uliagpkx - ok
18:04:37.0240 4960 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:04:37.0271 4960 umbus - ok
18:04:37.0303 4960 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:04:37.0365 4960 UmPass - ok
18:04:37.0505 4960 [ 1B71370AEC1115F80D9A4A209317C968 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:04:37.0615 4960 UNS - ok
18:04:37.0646 4960 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:04:37.0693 4960 upnphost - ok
18:04:37.0739 4960 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:37.0802 4960 usbccgp - ok
18:04:37.0849 4960 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:04:37.0880 4960 usbcir - ok
18:04:37.0911 4960 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:04:37.0973 4960 usbehci - ok
18:04:38.0020 4960 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
18:04:38.0067 4960 usbhub - ok
18:04:38.0114 4960 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:04:38.0176 4960 usbohci - ok
18:04:38.0254 4960 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:04:38.0301 4960 usbprint - ok
18:04:38.0363 4960 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:04:38.0395 4960 usbscan - ok
18:04:38.0473 4960 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:38.0551 4960 USBSTOR - ok
18:04:38.0566 4960 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:04:38.0613 4960 usbuhci - ok
18:04:38.0660 4960 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:04:38.0691 4960 usbvideo - ok
18:04:38.0753 4960 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
18:04:38.0831 4960 usb_rndisx - ok
18:04:38.0863 4960 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:04:38.0925 4960 UxSms - ok
18:04:38.0987 4960 [ 5BF180F7F7C2F68ED6D5777840270BCE ] UxTuneUp C:\Windows\System32\uxtuneup.dll
18:04:39.0003 4960 UxTuneUp - ok
18:04:39.0019 4960 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:04:39.0034 4960 VaultSvc - ok
18:04:39.0065 4960 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:04:39.0081 4960 vdrvroot - ok
18:04:39.0097 4960 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:04:39.0159 4960 vds - ok
18:04:39.0190 4960 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:39.0221 4960 vga - ok
18:04:39.0237 4960 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:04:39.0268 4960 VgaSave - ok
18:04:39.0284 4960 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:04:39.0299 4960 vhdmp - ok
18:04:39.0315 4960 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:04:39.0315 4960 viaide - ok
18:04:39.0346 4960 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:04:39.0346 4960 volmgr - ok
18:04:39.0377 4960 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:04:39.0424 4960 volmgrx - ok
18:04:39.0424 4960 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:04:39.0455 4960 volsnap - ok
18:04:39.0502 4960 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:04:39.0533 4960 vsmraid - ok
18:04:39.0596 4960 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:04:39.0689 4960 VSS - ok
18:04:39.0721 4960 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:04:39.0783 4960 vwifibus - ok
18:04:39.0799 4960 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:04:39.0845 4960 vwififlt - ok
18:04:39.0923 4960 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:04:39.0955 4960 vwifimp - ok
18:04:40.0001 4960 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:04:40.0048 4960 W32Time - ok
18:04:40.0079 4960 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:04:40.0111 4960 WacomPen - ok
18:04:40.0142 4960 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:04:40.0220 4960 WANARP - ok
18:04:40.0235 4960 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:04:40.0267 4960 Wanarpv6 - ok
18:04:40.0313 4960 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:04:40.0423 4960 wbengine - ok
18:04:40.0438 4960 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:04:40.0469 4960 WbioSrvc - ok
18:04:40.0563 4960 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
18:04:40.0594 4960 WcesComm - ok
18:04:40.0625 4960 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:04:40.0672 4960 wcncsvc - ok
18:04:40.0688 4960 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:04:40.0766 4960 WcsPlugInService - ok
18:04:40.0828 4960 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:04:40.0859 4960 Wd - ok
18:04:40.0891 4960 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:04:40.0922 4960 Wdf01000 - ok
18:04:40.0937 4960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:04:41.0062 4960 WdiServiceHost - ok
18:04:41.0078 4960 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:04:41.0109 4960 WdiSystemHost - ok
18:04:41.0156 4960 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:04:41.0218 4960 WebClient - ok
18:04:41.0249 4960 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:04:41.0327 4960 Wecsvc - ok
18:04:41.0343 4960 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:04:41.0374 4960 wercplsupport - ok
18:04:41.0390 4960 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:04:41.0421 4960 WerSvc - ok
18:04:41.0437 4960 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:04:41.0452 4960 WfpLwf - ok
18:04:41.0499 4960 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:04:41.0515 4960 WIMMount - ok
18:04:41.0530 4960 WinDefend - ok
18:04:41.0546 4960 WinHttpAutoProxySvc - ok
18:04:41.0608 4960 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:04:41.0671 4960 Winmgmt - ok
18:04:41.0749 4960 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:04:41.0858 4960 WinRM - ok
18:04:41.0905 4960 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
18:04:41.0967 4960 WinUsb - ok
18:04:42.0014 4960 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:04:42.0092 4960 Wlansvc - ok
18:04:42.0154 4960 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:04:42.0185 4960 wlcrasvc - ok
18:04:42.0279 4960 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:04:42.0326 4960 wlidsvc - ok
18:04:42.0373 4960 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:04:42.0419 4960 WmiAcpi - ok
18:04:42.0482 4960 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:04:42.0544 4960 wmiApSrv - ok
18:04:42.0591 4960 WMPNetworkSvc - ok
18:04:42.0653 4960 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:04:42.0700 4960 WPCSvc - ok
18:04:42.0716 4960 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:04:42.0731 4960 WPDBusEnum - ok
18:04:42.0747 4960 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:04:42.0778 4960 ws2ifsl - ok
18:04:42.0794 4960 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:04:42.0841 4960 wscsvc - ok
18:04:42.0841 4960 WSearch - ok
18:04:42.0934 4960 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:04:43.0012 4960 wuauserv - ok
18:04:43.0043 4960 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:04:43.0090 4960 WudfPf - ok
18:04:43.0184 4960 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:43.0246 4960 WUDFRd - ok
18:04:43.0293 4960 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:04:43.0340 4960 wudfsvc - ok
18:04:43.0387 4960 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
18:04:43.0433 4960 WwanSvc - ok
18:04:43.0465 4960 ================ Scan global ===============================
18:04:43.0496 4960 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:04:43.0527 4960 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:04:43.0527 4960 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:04:43.0574 4960 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:04:43.0589 4960 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:04:43.0589 4960 [Global] - ok
18:04:43.0589 4960 ================ Scan MBR ==================================
18:04:43.0605 4960 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:04:44.0073 4960 \Device\Harddisk0\DR0 - ok
18:04:44.0073 4960 ================ Scan VBR ==================================
18:04:44.0089 4960 [ 287736A23F12D0FC31A1E362A561F6DF ] \Device\Harddisk0\DR0\Partition1
18:04:44.0089 4960 \Device\Harddisk0\DR0\Partition1 - ok
18:04:44.0120 4960 [ 11FAB060B9F55A3EEC4E1CE7CAE4C252 ] \Device\Harddisk0\DR0\Partition2
18:04:44.0120 4960 \Device\Harddisk0\DR0\Partition2 - ok
18:04:44.0167 4960 [ 0789D748314B2E0BD634E5FF5B983BEB ] \Device\Harddisk0\DR0\Partition3
18:04:44.0167 4960 \Device\Harddisk0\DR0\Partition3 - ok
18:04:44.0182 4960 [ FD57C39544156C0F13377E0FD8333415 ] \Device\Harddisk0\DR0\Partition4
18:04:44.0182 4960 \Device\Harddisk0\DR0\Partition4 - ok
18:04:44.0182 4960 ============================================================
18:04:44.0182 4960 Scan finished
18:04:44.0182 4960 ============================================================
18:04:44.0213 1092 Detected object count: 4
18:04:44.0213 1092 Actual detected object count: 4
18:06:52.0570 1092 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:52.0570 1092 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:06:52.0586 1092 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:52.0586 1092 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:06:52.0586 1092 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:52.0586 1092 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:06:52.0586 1092 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:52.0586 1092 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:29.0283 1704 Deinitialize success
|
|
03.03.2013, 20:31
| #6 |
| /// Malware-holic | Performer-Virus Hi, Scan mit Combofix
__________________ --> Performer-Virus |
|
04.03.2013, 22:31
| #7 |
| | Performer-Virus Hi, ich habe den Scan mit Combofix gemäß den Anweisungen durchgeführt. Es lief alles ohne Schwierigkeiten. Auch der Neustart ging problemlos vonstatten. Das Logfile sieht wie folgt aus: Code:
ATTFilter ComboFix 13-03-04.01 - HP 04.03.2013 21:51:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6092.4392 [GMT 1:00]
ausgeführt von:: c:\users\HP\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HP\AppData\Roaming\convert\convert.exe
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-04 bis 2013-03-04 ))))))))))))))))))))))))))))))
.
.
2013-03-04 20:58 . 2013-03-04 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 13:29 . 2013-03-01 13:29 -------- d-----w- C:\_OTL
2013-02-27 05:00 . 2013-02-27 05:01 -------- d-----w- c:\windows\system32\drivers\N360x64\1403000.024
2013-02-26 18:58 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-26 13:50 . 2013-02-26 13:50 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2013-02-26 13:50 . 2013-02-26 13:50 -------- d-----w- c:\programdata\Malwarebytes
2013-02-26 13:50 . 2013-02-26 18:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-26 13:49 . 2013-02-26 13:49 -------- d-----w- c:\users\HP\AppData\Local\Programs
2013-02-25 18:25 . 2013-02-25 18:25 95392 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-02-14 00:02 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 00:02 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 17:14 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 17:14 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 17:14 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 17:14 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 17:14 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 17:14 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 17:14 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 17:14 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 17:14 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 17:14 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 17:14 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:14 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 13:40 . 2013-02-13 13:40 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-13 13:40 . 2013-02-13 13:40 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-13 13:40 . 2013-02-13 13:40 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-13 13:40 . 2013-02-13 13:40 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-13 13:40 . 2013-02-13 13:40 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-13 13:40 . 2013-02-13 13:40 188320 ----a-w- c:\windows\system32\java.exe
2013-02-13 13:40 . 2013-02-13 13:40 -------- d-----w- c:\program files\Java
2013-02-04 09:29 . 2013-02-04 09:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 22:01 . 2012-06-09 20:32 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 22:01 . 2011-11-10 11:12 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 00:06 . 2012-06-09 13:30 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-04 09:29 . 2012-10-21 19:02 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-04 09:29 . 2012-10-21 19:02 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-16 02:21 . 2012-06-09 18:19 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-16 02:21 . 2012-06-09 18:19 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-08 20:33 . 2013-01-08 20:33 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-01-04 04:43 . 2013-02-13 17:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 14:53 . 2013-01-03 19:40 19632 ----a-w- c:\windows\system32\roboot64.exe
2012-12-16 17:11 . 2012-12-22 00:41 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 00:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 00:41 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 00:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 07:51 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 07:51 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 07:51 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 07:51 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 07:51 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 07:51 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 07:51 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 07:51 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 07:51 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 07:51 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 07:51 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 07:51 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 07:51 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 07:51 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 07:51 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 07:51 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 07:51 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 07:51 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 07:51 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 07:51 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 07:51 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 07:51 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 07:51 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 07:51 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 07:51 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 07:51 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 07:51 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 07:51 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 07:51 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 07:51 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 07:51 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 07:51 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
.
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 OracleXETNSListener;OracleXETNSListener;c:\move\Programme\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]
R3 ALSysIO;ALSysIO;c:\users\HP\AppData\Local\Temp\ALSysIO64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\move\programme\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [2013-02-25 95392]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-01-08 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-01 204288]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 OracleServiceXE;OracleServiceXE;c:\move\programme\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-01-08 138912]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-11 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-11 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-19 1145448]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-02-09 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 22:01]
.
2013-02-17 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ab42a898-6897-4e77-a8cf-dc8c114f4f5c&affid=110774&searchtype=hp&babsrc=lnkry_nt
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ab42a898-6897-4e77-a8cf-dc8c114f4f5c&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ab42a898-6897-4e77-a8cf-dc8c114f4f5c&affid=110774&searchtype=ds&babsrc=lnkry&q=
FF - ExtSQL: 2013-01-08 21:33; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2013-01-08 21:33; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQUI6Ig1n&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d8d867d7000000000000ac8112db79bc
FF - user.js: extensions.incredibar_i.instlDay - 15708
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1420:40
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQUI6Ig1n
FF - user.js: extensions.incredibar_i.upn2n - 92544209844177173
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd - t213
FF - user.js: browser.sessionstore.resume_session_once - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-04 22:00:27
ComboFix-quarantined-files.txt 2013-03-04 21:00
.
Vor Suchlauf: 11 Verzeichnis(se), 311.084.097.536 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 310.908.801.024 Bytes frei
.
- - End Of File - - FEB2B674A26679F6B66FC91A5456446A
Looking for performer virus Anti-Malware automatisch bereich einstellungen? You Have (1) Speed Test Optimize & Boost PC in 1 Click. Fast, Easy, 5 Star User Rated! SpeedAnalysis.net Try now Dies ist eine von etwa 4-5 Varainten, die jeweils als Text erscheinen. Gruß und vielen Dank für Deine Mühen |
|
05.03.2013, 14:52
| #8 |
| /// Malware-holic | Performer-Virus Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 06:09
| #9 |
| | Performer-Virus Hi, ich habe die uninstallList erstellt, so gut ich konnte. Leider bin ich alles andere als ein Computerexperte, so dass ich sehr oft mit dem Name des Programms nichts anfangen konnte und unbekannt schreiben musste. Ich hoffe, Du kannst dennoch etwas mit meiner Liste anfangen. Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 notwendig Adobe Reader X (10.1.6) MUI Adobe Systems Incorporated 25.02.2013 481MB 10.1.6 notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 26.12.2011 11.6.1.629 unbekannt AMD Catalyst Install Manager Advanced Micro Devices, Inc. 26.12.2011 22,6MB 3.0.838.0 unbekannt BerichtsGenerator GDS 13.06.2012 34,1MB 1.1.1 notwendig calibre Kovid Goyal 15.01.2013 137MB 0.9.14 notwendig calibre 64bit Kovid Goyal 06.01.2013 162MB 0.9.13 notwendig CCleaner Piriform 25.02.2013 3.28 notwendig CDBurnerXP CDBurnerXP 09.06.2012 12,7MB 4.4.0.2838 unnötig Cisco EAP-FAST Module Cisco Systems, Inc. 26.12.2011 1,55MB 2.2.14 unbekannt Cisco LEAP Module Cisco Systems, Inc. 26.12.2011 644KB 1.0.19 unbekannt Cisco PEAP Module Cisco Systems, Inc. 26.12.2011 1,23MB 1.1.6 unbekannt CyberLink YouCam CyberLink Corp. 26.12.2011 217MB 3.5.0.4528 notwendig DivX-Setup DivX, LLC 17.12.2012 2.6.1.22 unnötig Dropbox Dropbox, Inc. 25.01.2013 1.6.16 notwendig EasyCash&Tax 1.56 tm 10.11.2012 notwendig Evernote v. 4.2.3 Evernote Corp. 10.11.2011 139MB 4.2.3.22 unnötig FormsForWeb® Filler 3.2.2 Lucom GmbH 05.11.2012 11,4MB 3.2.2 notwendig HP 3D DriveGuard Hewlett-Packard Company 14.06.2012 6,99MB 4.1.16.1 unbekannt HP CoolSense Hewlett-Packard Company 10.11.2011 1,29MB 2.10.3 unbekannt HP Documentation Hewlett-Packard 26.12.2011 334MB 1.1.0.0 unbekannt HP Launch Box Hewlett-Packard Company 10.11.2011 3,17MB 1.0.12 unbekannt HP On Screen Display Hewlett-Packard Company 10.11.2011 1,48MB 1.3.5 unbekannt HP Power Manager Hewlett-Packard Company 26.12.2011 3,65MB 1.4.4 unbekannt HP Quick Launch Hewlett-Packard Company 10.11.2011 7,11MB 2.5.2 unbekannt HP QuickWeb Hewlett-Packard Company 26.12.2011 3,35MB 3.1.1.10197 notwendig HP Security Assistant Hewlett-Packard 10.11.2011 2,66MB 1.0.11 notwendig HP Setup Hewlett-Packard Company 10.11.2011 50,3MB 9.0.15076.3891 notwendig HP Setup Manager Hewlett-Packard Company 26.12.2011 8,69MB 1.2.14901.3869 notwendig HP SimplePass 2012 Hewlett-Packard 26.12.2011 60,8MB 5.3.1.7 unbekannt HP Software Framework Hewlett-Packard Company 14.06.2012 4,72MB 4.5.10.1 unbekannt HP Support Assistant Hewlett-Packard Company 19.11.2012 91,5MB 7.0.39.15 notwendig IDT Audio IDT 26.12.2011 1.0.6345.0 notwendig Intel(R) Control Center Intel Corporation 01.06.2012 1.2.1.1007 unbekannt Intel(R) Display Audio Driver Intel Corporation 01.06.2012 6.14.00.3074 unbekannt Intel(R) Identity Protection Technology 1.1.2.0 Intel Corporation 26.12.2011 1,13MB 1.1.2.0 unbekannt Intel(R) Management Engine Components Intel Corporation 01.06.2012 7.0.0.1144 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 01.06.2012 10.6.0.1002 unbekannt Internet Explorer Toolbar 4.6 by SweetPacks SweetIM Technologies Ltd. 18.06.2012 4,27MB 4.6.0003 unbekannt Java 7 Update 13 Oracle 04.02.2013 129MB 7.0.130 notwendig Java 7 Update 13 (64-bit) Oracle 13.02.2013 128MB 7.0.130 notwendig JDownloader 0.9 AppWork GmbH 09.06.2012 0.9 notwendig loadtbs-3.0 10.11.2012 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 26.02.2013 18,4MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 10.06.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 10.06.2012 2,93MB 4.0.30319 unbekannt Microsoft Office Home and Student 2010 Microsoft Corporation 09.06.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 10.06.2012 40,3MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.11.2011 1,69MB 3.1.0000 unbekannt Microsoft SQL Server Compact 3.5 SP1 (Deutsch) Microsoft Corporation 13.06.2012 2,86MB 3.5.5692.0 unbekannt Microsoft SQL Server Compact 3.5 SP1 x64 (Deutsch) Microsoft Corporation 13.06.2012 3,96MB 3.5.5692.0 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.06.2012 298KB 8.0.61001 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 26.12.2011 620KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.11.2011 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 26.12.2011 784KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10.06.2012 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 26.12.2011 594KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.12.2011 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10.06.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 14.06.2012 12,3MB 10.0.30319 unbekannt MovE Desktop Geo Daten Service GmbH 13.06.2012 18,8MB 1.7.0 notwendig MovE Sync Geo Daten Service GmbH 13.06.2012 60,8MB 1.7.0 notwendig Mozilla Firefox 15.0.1 (x86 de) Mozilla 16.09.2012 46,6MB 15.0.1 notwendig Mozilla Firefox 19.0 (x86 de) Mozilla 20.02.2013 52,2MB 19.0 notwendig Mozilla Maintenance Service Mozilla 16.09.2012 327KB 15.0.1 unbekannt Norton 360 Symantec Corporation 08.01.2013 20.2.1.22 notwendig Oracle Data Provider for .NET Help Oracle Corporation 13.06.2012 1,03MB 10.2.000 motwendig Oracle Database 10g Express Edition Oracle Corporation 13.06.2012 1,57GB 10.2.1015 notwendig PDFCreator Frank Heindörfer, Philip Chinery 18.06.2012 1.4.1 notwendig Realtek Ethernet Controller Driver Realtek 26.12.2011 7.41.216.2011 notwendig Realtek PCIE Card Reader Realtek Semiconductor Corp. 26.12.2011 6.1.7601.83 notwendig REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 26.12.2011 1.00.11.0706 notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 26.12.2011 821KB 2.1.19.0 unbekannt RINNTECH ARBOTAX 2.34 RINNTECH 16.10.2012 2.34 notwendig Skype™ 5.10 Skype Technologies S.A. 13.09.2012 19,4MB 5.10.116 unnötig Synaptics TouchPad Driver Synaptics Incorporated 26.12.2011 46,4MB 15.3.11.0 notwendig TuneUp Utilities 2012 TuneUp Software 09.06.2012 12.0.3600.73 notwendig Validity WBF DDK Validity Sensors, Inc. 26.12.2011 23,5MB 4.3.205.0 notwendig VIP Access SDK (1.0.1.2) Symantec Inc. 01.06.2012 1.0.1.2 notwendig VLC media player 2.0.5 VideoLAN 19.01.2013 2.0.5 notwendig Winamp Nullsoft, Inc 01.01.2013 5.623 notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 09.06.2012 75,0KB 1.0.0.1 unbekannt Windows Live Essentials Microsoft Corporation 14.08.2012 15.4.3555.0308 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 10.11.2011 5,57MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 10.11.2011 5,57MB 15.4.5722.2 unbekannt Windows Mobile-Gerätecenter Microsoft Corporation 13.06.2012 27,4MB 6.1.6965.0 notwendig Windows Mobile-Gerätecenter: Treiberupdate Microsoft Corporation 13.06.2012 44,3MB 6.1.6965.0 notwendig WinRAR 4.11 (64-Bit) win.rar GmbH 09.06.2012 4.11.0 notwendig Wenn Du noch Fragen oder Vorschläge zu einzelnen Programmen hast, teile mir das bitte mit. |
|
06.03.2013, 13:52
| #10 |
| /// Malware-holic | Performer-Virus deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave CDBurnerXP DivX Evernote Internet Explorer Toolbar Java : beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: loadtbs TuneUp : verzichte auf solchen unsinn, die meisten Funktionen hat windows integriert, und der rest ist Quark, wie zb registry defragmentieren, braucht kein Mensch! außerdem können einige Funktionen dem PC schaden Windows Live : alle für dich unnötigen Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2013, 09:00
| #11 |
| | Performer-Virus Hi, ich habe sämtliche Schritte aus Deiner letzten Antwort sorgfältig abgearbeitet. Das lief auch weitgehend ohne Problem, das Fenster öffnet sich allerding noch immer. Nur beim Löschen von loadtbs trat die folgende Fehlermeldung auf: "Zugriffsverletzung bei Adresse 0045EB03 in Modul ùninstall.exe`. Lesen von Adresse 00000000" Ich habe es dann nach der Anwendung von AdwCleaner nochmals probiert. Dann wurde mir gemeldet, dass beim Löschen ein Fehler aufgetreten sei, das Programm möglicherweise bereits gelöscht wurde. Ist das Programm jetz gelöscht? Wenn nicht, wie kann ich es erfolgreich löschen (ich weiß nichtmal, wo es sich auf meinem Computer versteckt). Der AdwCleaner brachte das nachfolgende Resultat (nur ein Neustart): Code:
ATTFilter # AdwCleaner v2.114 - Datei am 07/03/2013 um 08:41:18 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : HP - HP-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HP\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\searchplugins\Web Search.xml
Ordner Gelöscht : C:\Program Files (x86)\file scout
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\HP\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\jetpack
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\HP\AppData\Roaming\PerformerSoft
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ab42a898-6897-4e77-a8cf-dc8c114f4f5c&affid=110774&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ab42a898-6897-4e77-a8cf-dc8c114f4f5c&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=ab42a898-6897-4e77-a8cf-dc8c114f4f5c&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (de)
Datei : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\prefs.js
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\g36cyt7s.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("extensions.incredibar.actvtyRptTime", "1359994967252");
Gelöscht : user_pref("extensions.incredibar.admin", false);
Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Gelöscht : user_pref("extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("extensions.incredibar.dfltLng", "EN");
Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("extensions.incredibar.dfltlng", "en");
Gelöscht : user_pref("extensions.incredibar.dfltsrch", "false");
Gelöscht : user_pref("extensions.incredibar.did", "10665");
Gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar.hdrMd5", "95F60A5029FC2B8DDF27E8D56A4ADBAF");
Gelöscht : user_pref("extensions.incredibar.hmpg", false);
Gelöscht : user_pref("extensions.incredibar.hrdid", "d8d867d7000000000000ac8112db79bc");
Gelöscht : user_pref("extensions.incredibar.id", "d8d867d7000000000000ac8112db79bc");
Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar.instlDay", "15708");
Gelöscht : user_pref("extensions.incredibar.instlRef", "");
Gelöscht : user_pref("extensions.incredibar.instlday", "15708");
Gelöscht : user_pref("extensions.incredibar.instlref", "");
Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", false);
Gelöscht : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Gelöscht : user_pref("extensions.incredibar.keywordurl", "");
Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:40:53");
Gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("extensions.incredibar.newTab", false);
Gelöscht : user_pref("extensions.incredibar.newtab", "false");
Gelöscht : user_pref("extensions.incredibar.newtaburl", "");
Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.incredibar.ppd", "t213");
Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar.productid", "26");
Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Gelöscht : user_pref("extensions.incredibar.sg", "none");
Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar.smplgrp", "none");
Gelöscht : user_pref("extensions.incredibar.srch", "");
Gelöscht : user_pref("extensions.incredibar.srchprvdr", "");
Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQUI6Ig1n&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.tlbrid", "base");
Gelöscht : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQUI6Ig1n&loc=IB_T[...]
Gelöscht : user_pref("extensions.incredibar.upn2", "6PQUI6Ig1n");
Gelöscht : user_pref("extensions.incredibar.upn2n", "92544209844177173");
Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:40:53");
Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:40:53");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10665");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "d8d867d7000000000000ac8112db79bc");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15708");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "t213");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQUI6Ig1n&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6PQUI6Ig1n");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92544209844177173");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:40:53");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&u[...]
*************************
AdwCleaner[S1].txt - [10527 octets] - [07/03/2013 08:41:18]
########## EOF - C:\AdwCleaner[S1].txt - [10588 octets] ##########
|
|
07.03.2013, 10:43
| #12 |
| /// Malware-holic | Performer-Virus Hi, deinstalation mit Rewo: Revo Uninstaller - Download - Filepony neustarten. Hitmanpro laden, doppelklicken, lizenz, Testlizenz. scan, nichts anhaken (löschen) auf weiter. Log als XML exportieren und posten, bzw packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2013, 12:22
| #13 |
| | Performer-Virus Hi, nun ist auch loadtbs erfolgreich gelöscht und der Scan mit HitmanPro durchgeführt. Das Ergebnis hänge ich an. Leider ist immer noch alles beim Alten. Sogar in dem kleinen Fenster zum Hochladen der Anhänge hat sich ein Extra-Fenster geöffnet. |
|
08.03.2013, 17:19
| #14 |
| /// Malware-holic | Performer-Virus neues otl log bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2013, 12:39
| #15 |
| | Performer-Virus Hi, ich habe einen neuen Quickscan mit OTL durchgeführt. Diesmmal gab es allerdings nur eine Log-Datei. Die Extra-Seite wurde nicht erstellt. Ich vermute, dass das normal ist. Sollte ich mich da irren, tele mir bitte mit, was ich falsch gemacht habe. Code:
ATTFilter OTL logfile created on: 09.03.2013 12:19:28 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 70,28% Memory free 11,90 Gb Paging File | 9,27 Gb Available in Paging File | 77,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 440,75 Gb Total Space | 292,10 Gb Free Space | 66,27% Space Free | Partition Type: NTFS Drive D: | 20,84 Gb Total Space | 1,91 Gb Free Space | 9,17% Space Free | Partition Type: NTFS Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,22% Space Free | Partition Type: FAT32 Computer Name: HP-HP | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.02.26 20:01:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccsvchst.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.10.08 04:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe PRC - [2011.09.28 15:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.08.26 03:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe PRC - [2011.08.26 03:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe PRC - [2011.08.26 03:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011.08.09 17:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.08.09 17:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.07.11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011.07.11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2010.04.23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2006.02.01 23:49:14 | 000,204,800 | ---- | M] () -- C:\MovE\Programme\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE PRC - [2006.02.01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\MovE\Programme\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 06:22:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.14 06:22:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 13:20:52 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll MOD - [2013.01.10 13:20:52 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll MOD - [2013.01.10 08:06:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 08:05:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 08:05:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 08:05:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 08:05:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 08:04:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 08:04:38 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll MOD - [2011.11.10 20:41:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.06.27 14:03:28 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV:64bit: - [2011.10.01 07:06:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.05.27 11:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV - [2013.03.07 11:55:58 | 000,108,904 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler) SRV - [2013.03.07 08:04:52 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012.09.06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.08.26 03:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService) SRV - [2011.08.09 17:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.08.09 17:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.07.11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011.06.29 02:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.06.02 14:11:26 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.02.24 00:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010.10.11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.02.01 23:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\MovE\Programme\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent) SRV - [2006.02.01 23:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\MovE\Programme\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener) SRV - [2006.02.01 23:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\MovE\Programme\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService) SRV - [2006.02.01 23:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\move\programme\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE) SRV - [2006.02.01 23:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\move\programme\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.25 19:25:33 | 000,095,392 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR311.SYS -- (SMR311) DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.sys -- (SymDS) DRV:64bit: - [2013.01.08 21:33:38 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2012.06.06 13:33:48 | 000,296,576 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2012.04.16 11:37:58 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 13:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2011.11.10 20:55:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.11.10 20:55:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.10.01 09:58:34 | 009,981,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.01 06:28:46 | 000,310,272 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.28 14:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2011.08.25 13:07:48 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2011.08.09 17:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.07.19 01:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2011.06.11 02:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.06.11 02:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.06.10 03:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.02 14:11:26 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.05.31 01:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.05.27 11:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.05.27 11:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.02.17 03:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.07.28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.13 10:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV - [2013.02.26 19:51:36 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130308.017\ex64.sys -- (NAVEX15) DRV - [2013.02.26 19:51:36 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130308.017\eng64.sys -- (NAVENG) DRV - [2013.01.16 03:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.01.08 21:58:05 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.01.08 21:58:05 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.01.08 19:40:38 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130308.001\IDSviA64.sys -- (IDSVia64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{B36BF164-41D9-4944-8E81-8E722003E7B7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{B36BF164-41D9-4944-8E81-8E722003E7B7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{B36BF164-41D9-4944-8E81-8E722003E7B7}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{FC22A904-11ED-4F94-94D1-A54D98DF6D9A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=D8C6F167-3B64-4CBC-B021-1C683CFDC29C&apn_sauid=70E66EAD-D012-4D14-8154-F4ACE65C54DD IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox" FF - prefs.js..extensions.enabledAddons: aWQzX%40a6z4gWdPu8FF.com:11 FF - prefs.js..extensions.enabledAddons: info%40sharkcube.com:0.1 FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.4.6 FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2 FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.8.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.0.26 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013.01.08 21:33:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013.03.09 05:53:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 17:30:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 17:30:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 17:30:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 17:30:10 | 000,000,000 | ---D | M] [2012.06.09 14:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Extensions [2013.03.08 18:06:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\g36cyt7s.default\extensions [2013.02.24 08:11:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\g36cyt7s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.06 05:46:39 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\g36cyt7s.default\extensions\printPages2Pdf@reinhold.ripper [2013.03.08 18:06:07 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\extensions\artur.dubovoy@gmail.com.xpi [2012.10.04 16:58:15 | 000,003,684 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\extensions\aWQzX@a6z4gWdPu8FF.com.xpi [2012.06.09 16:16:31 | 000,020,272 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\extensions\info@sharkcube.com.xpi [2012.06.09 16:16:32 | 000,079,135 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2012.06.09 16:16:32 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2013.02.14 09:54:05 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.18 16:06:38 | 000,002,273 | ---- | M] () -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\searchplugins\englische-ergebnisse.xml [2013.01.18 16:06:38 | 000,010,563 | ---- | M] () -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\searchplugins\gmx-suche.xml [2013.01.18 16:06:38 | 000,002,432 | ---- | M] () -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\searchplugins\lastminute.xml [2013.03.08 18:06:22 | 000,002,482 | ---- | M] () -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\searchplugins\safesearch.xml [2013.01.18 16:06:38 | 000,005,545 | ---- | M] () -- C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\g36cyt7s.default\searchplugins\webde-suche.xml [2013.03.08 17:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.08 17:30:09 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2013.03.09 05:53:01 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\COFFPLGN [2013.01.08 21:33:52 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPLGN [2013.03.08 17:30:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.04 21:58:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D4A8561-1A8E-49E9-8381-A7F63651F229}: DhcpNameServer = 80.69.100.182 80.69.100.174 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CD491D-1F89-4044-9EA1-6A43220C7E22}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 17:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.07 11:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013.03.07 11:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.03.07 11:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.03.07 11:26:33 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.03.07 11:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2013.03.07 08:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.07 08:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.05 19:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.04 22:15:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.04 21:49:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.04 21:49:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.04 21:49:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.04 21:40:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.04 21:40:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.04 21:29:52 | 005,036,013 | R--- | C] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe [2013.03.01 17:59:38 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HP\Desktop\tdsskiller.exe [2013.03.01 14:29:51 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.26 20:01:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2013.02.26 19:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.26 19:58:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.26 14:50:25 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes [2013.02.26 14:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.26 14:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.26 14:49:50 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs [2013.02.25 19:25:33 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS ========== Files - Modified Within 30 Days ========== [2013.03.09 11:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.09 08:21:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.09 06:02:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 06:02:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 05:52:14 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys [2013.03.07 11:55:58 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.03.07 11:26:33 | 000,001,228 | ---- | M] () -- C:\Users\HP\Desktop\Revo Uninstaller.lnk [2013.03.07 08:38:26 | 000,597,667 | ---- | M] () -- C:\Users\HP\Desktop\adwcleaner.exe [2013.03.06 05:40:02 | 001,876,517 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB [2013.03.06 05:39:40 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021 [2013.03.05 19:25:25 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.04 21:58:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.04 21:30:03 | 005,036,013 | R--- | M] (Swearware) -- C:\Users\HP\Desktop\ComboFix.exe [2013.03.03 09:52:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.03 09:52:47 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.03 09:52:47 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.03 09:52:47 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.03 09:52:47 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 17:59:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HP\Desktop\tdsskiller.exe [2013.02.26 20:03:09 | 000,376,832 | ---- | M] () -- C:\Users\HP\Desktop\gmer_2.1.19081.exe [2013.02.26 20:01:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe [2013.02.26 19:59:56 | 000,050,477 | ---- | M] () -- C:\Users\HP\Desktop\Defogger.exe [2013.02.26 19:58:14 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.26 17:16:37 | 000,000,000 | ---- | M] () -- C:\Users\HP\defogger_reenable [2013.02.25 19:25:33 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS [2013.02.23 11:39:19 | 000,003,352 | ---- | M] () -- C:\bootsqm.dat [2013.02.17 21:40:54 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHP.job [2013.02.17 11:56:16 | 000,001,304 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.02.16 18:42:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.14 18:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini [2013.02.14 06:20:50 | 000,342,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.07 11:55:58 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013.03.07 11:26:33 | 000,001,228 | ---- | C] () -- C:\Users\HP\Desktop\Revo Uninstaller.lnk [2013.03.07 08:38:21 | 000,597,667 | ---- | C] () -- C:\Users\HP\Desktop\adwcleaner.exe [2013.03.07 08:08:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.07 08:04:53 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.05 19:25:25 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.04 21:49:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.04 21:49:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.04 21:49:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.04 21:49:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.04 21:49:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.26 20:03:09 | 000,376,832 | ---- | C] () -- C:\Users\HP\Desktop\gmer_2.1.19081.exe [2013.02.26 19:59:56 | 000,050,477 | ---- | C] () -- C:\Users\HP\Desktop\Defogger.exe [2013.02.26 19:58:14 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.26 17:16:37 | 000,000,000 | ---- | C] () -- C:\Users\HP\defogger_reenable [2013.02.23 11:39:19 | 000,003,352 | ---- | C] () -- C:\bootsqm.dat [2013.02.16 18:42:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.11.10 11:55:06 | 000,000,316 | ---- | C] () -- C:\Windows\EasyCT.INI [2011.12.26 05:21:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.26 05:17:28 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.12.26 05:12:49 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.26 05:11:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.26 05:11:32 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.26 05:11:31 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.12.26 05:11:30 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.26 05:11:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.26 05:11:28 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.12.26 05:07:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.11.10 12:33:09 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.09.30 22:42:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.06 12:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011.06.10 03:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:0E08FC17 < End of report > |
|
| Themen zu Performer-Virus |
| anti-malware, automatisch, bereich, einstellungen, ergebnis, folge, frage, geblockt, gesucht, google, internetseite, leute, log-datei, nicht mehr, norton, norton 360, problem, quarantäne, rechner, scan, seite, seiten, system, treiber, trojaner/virus, öffnet |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
