| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: http://www.searchnu.com/413 TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.03.2013, 21:40
| #1 |
 |  http://www.searchnu.com/413 Trojaner Hallo und einen schönen Freitagabend, ich habe mir heute Nachmittag den FVL Player bei chip.de runtergeladen und plötzlich hatte ich die oben genannte Seite im System. Kaspersky hat nicht angeschlagen, nur, dass macht mir gerade ganz schön sorge. Spybot ist schon durchgelaufen und hat anscheinend auch einiges gefunden, doch alles, was er beseitigt hat, hatte anscheinend nichts mit dem Virus zu tun, denn der ist immer noch da. Nun habe ich wie vorgeschrieben MBAM durchlaufen lassen. Das ist das Ergebnis: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.01.09 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16484 Cara ***:: CARAS-PC [Administrator] Schutz: Aktiviert 01.03.2013 21:35:51 mbam-log-2013-03-01 (21-35-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229295 Laufzeit: 2 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke schon mal im voraus.  |
|
01.03.2013, 21:45
| #2 |
| /// Malware-holic   | http://www.searchnu.com/413 Trojaner Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
01.03.2013, 22:24
| #3 |
| | http://www.searchnu.com/413 Trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 01.03.2013 22:07:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cara ***\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free 7,75 Gb Paging File | 5,81 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 869,80 Gb Total Space | 743,03 Gb Free Space | 85,43% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 43,45 Gb Free Space | 72,42% Space Free | Partition Type: NTFS Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CARAS-PC | User Name: Cara *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Cara ***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe (ArcSoft, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Program Files (x86)\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Program Files (x86)\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (Buhl Data Service GmbH) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\500a5dd33bb40326f8ca43e385513ec2\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\25163a2014b376f1d6921d5554b5bf4a\IAStorDataMgrSvcInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\5230e7b23985eaebadc20f295c04e412\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\7ac60dc1a979ea56ce302cb6c033be16\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9a4fc56833542881e7e451a099562655\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\115fb9d1fa2cbda89742b1c2a0631396\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uTVMUIEngine.dll () MOD - C:\Program Files (x86)\ArcSoft\ArcSoft TV 5.0\uPiApi.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (RichVideo64) -- C:\Programme\CyberLink\Shared files\RichVideo64.exe () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (srvcPVR) -- C:\Program Files (x86)\Sceneo\AbsolutTV\Services\PVR\PVRService.exe (Buhl Data Service GmbH) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\Drivers\IT9135BDA.sys (ITE ) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\Drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\Drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\Drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (FintekCIR) -- C:\Windows\SysNative\Drivers\FintekCIR.sys (Fintek) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\Drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\Drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\Drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\Drivers\ccdcmbx64.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/413 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms} IE - HKCU\..\SearchScopes\{E66F85F5-4B00-443F-9385-A1ECFE585F29}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.10 FF - prefs.js..extensions.enabledAddons: flvmoviesdownloader%40rzll:1.43 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&apn_uid=1495511273934085&o=APN10649&q=" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/413" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.30 19:21:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.30 19:21:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.30 19:21:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.30 19:21:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.30 19:21:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.29 20:20:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 17:55:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.01 21:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\Extensions [2013.03.01 21:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\Firefox\Profiles\ks1e1b7l.default\extensions [2013.03.01 16:06:03 | 000,014,838 | ---- | M] () (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\firefox\profiles\ks1e1b7l.default\extensions\flvmoviesdownloader@rzll.xpi [2013.01.14 17:58:26 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Cara ***\AppData\Roaming\mozilla\firefox\profiles\ks1e1b7l.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2013.03.01 16:10:51 | 000,002,683 | ---- | M] () -- C:\Users\Cara ***\AppData\Roaming\mozilla\firefox\profiles\ks1e1b7l.default\searchplugins\Search_Results.xml [2013.03.01 21:57:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.29 20:20:49 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.01 16:10:51 | 000,002,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1495511273934085&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/413 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll CHR - plugin: Free Studio (Enabled) = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\np_dvs_plugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Anti-Banner = C:\Users\Cara ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files (x86)\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files (x86)\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [GoogleChromeAutoLaunch_306AC820B1CCA873832B2C520C15C53B] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AAC3010-30EC-4401-B95F-B1E7EEE33FF2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.22 00:48:37 | 000,000,045 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{4552bed9-7f87-11e2-beba-eca86b233bcc}\Shell - "" = AutoRun O33 - MountPoints2\{4552bed9-7f87-11e2-beba-eca86b233bcc}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 20:53:22 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Malwarebytes [2013.03.01 20:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.01 20:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 20:53:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.01 20:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.01 16:54:50 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Media Player Classic [2013.03.01 16:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.03.01 16:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.03.01 16:30:50 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.03.01 16:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.03.01 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Local\Programs [2013.03.01 16:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.01 16:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2013.03.01 16:11:26 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe [2013.03.01 16:11:25 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\FreeFLVConverter [2013.03.01 16:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.03.01 16:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar [2013.03.01 16:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter [2013.03.01 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2013.03.01 15:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.03.01 15:56:02 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.03.01 15:55:58 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\DAEMON Tools Lite [2013.03.01 15:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2013.03.01 15:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.03.01 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\DVDVideoSoft [2013.02.24 22:06:47 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\HandBrake [2013.02.24 22:05:33 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.02.24 22:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.02.24 22:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake [2013.02.23 20:20:31 | 000,000,000 | -HSD | C] -- C:\found.003 [2013.02.23 20:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAYComputer [2013.02.23 20:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\eDocPrintPro [2013.02.23 20:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs [2013.02.23 19:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.23 15:36:34 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\CyberLink [2013.02.23 12:59:45 | 000,000,000 | -HSD | C] -- C:\found.002 [2013.02.20 18:10:09 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\Youcam [2013.02.20 18:00:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2013.02.20 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\Documents\Schule [2013.02.19 17:55:19 | 000,000,000 | -HSD | C] -- C:\found.001 [2013.02.19 17:55:19 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.02.16 21:10:48 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.02.10 21:24:37 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.02.10 21:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.02.10 21:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain [2013.02.03 17:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2013.02.03 17:49:18 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2013.02.03 17:49:18 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2013.02.03 17:49:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2013.02.03 17:47:08 | 000,000,000 | ---D | C] -- C:\videodvdmaker [2013.02.03 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Video DVD Maker FREE [2013.02.03 17:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker [2013.02.03 17:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video DVD Maker [2013.02.02 10:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013.02.02 10:09:41 | 000,000,000 | ---D | C] -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epson Software [2013.02.02 10:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON Software [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.01 21:10:04 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.01 21:09:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.01 20:53:12 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 20:45:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 17:33:59 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.01 17:33:59 | 000,752,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.01 17:33:59 | 000,711,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.01 17:33:59 | 000,156,156 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.01 17:33:59 | 000,132,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.01 17:27:25 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 17:26:58 | 3328,278,528 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 17:26:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.03.01 17:24:58 | 000,000,154 | ---- | M] () -- C:\Windows\wininit.ini [2013.03.01 17:24:40 | 000,000,187 | ---- | M] () -- C:\Quarantine.lst [2013.03.01 16:30:55 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.01 16:19:06 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.01 16:11:27 | 000,001,125 | ---- | M] () -- C:\Users\Cara ***\Desktop\Free FLV Converter.lnk [2013.03.01 15:56:10 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.01 15:56:02 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.02.28 16:49:45 | 000,050,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klwfp.sys [2013.02.25 21:02:57 | 000,000,997 | ---- | M] () -- C:\Users\Cara ***\Desktop\Handbrake.lnk [2013.02.21 12:20:19 | 000,003,391 | ---- | M] () -- C:\Users\Cara ***\AppData\Local\recently-used.xbel [2013.02.18 18:38:45 | 000,446,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 16:19:19 | 000,004,096 | -H-- | M] () -- C:\Users\Cara ***\Desktop\photothumb.db [2013.02.16 16:19:14 | 000,003,072 | -H-- | M] () -- C:\Users\Cara ***\photothumb.db [2013.02.03 17:47:34 | 000,003,584 | ---- | M] () -- C:\Users\Cara ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.02 10:20:15 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.01 21:57:56 | 000,000,187 | ---- | C] () -- C:\Quarantine.lst [2013.03.01 20:53:12 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.01 16:30:55 | 000,002,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.03.01 16:30:55 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.03.01 16:19:06 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.01 16:12:33 | 000,001,183 | ---- | C] () -- C:\Users\Cara ***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk [2013.03.01 16:11:27 | 000,001,125 | ---- | C] () -- C:\Users\Cara ***\Desktop\Free FLV Converter.lnk [2013.03.01 16:11:25 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx [2013.03.01 16:11:25 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb [2013.03.01 16:11:25 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx [2013.03.01 15:56:10 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.02.24 22:05:33 | 000,000,997 | ---- | C] () -- C:\Users\Cara ***\Desktop\Handbrake.lnk [2013.02.21 12:20:19 | 000,003,391 | ---- | C] () -- C:\Users\Cara ***\AppData\Local\recently-used.xbel [2013.02.17 19:46:47 | 000,446,952 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 21:19:59 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.02.03 17:49:19 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.02.03 17:49:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2013.02.03 17:47:34 | 000,003,584 | ---- | C] () -- C:\Users\Cara ***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.02 10:20:15 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.01.22 21:00:26 | 000,003,072 | -H-- | C] () -- C:\Users\Cara ***\photothumb.db [2013.01.09 20:18:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.01.06 14:50:22 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\midas.dll [2013.01.06 14:50:22 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\UnzDll.dll [2013.01.05 00:39:57 | 000,374,792 | ---- | C] () -- C:\Users\Cara ***\Unbenannt.png [2012.12.31 15:40:55 | 000,000,154 | ---- | C] () -- C:\Windows\wininit.ini [2012.09.19 20:38:17 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.09.19 20:25:55 | 012,432,018 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.19 19:45:02 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.09.19 19:45:01 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.09.19 19:45:00 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.09.18 22:12:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 21:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.01.06 14:39:28 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.01 17:35:03 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DAEMON Tools Lite [2013.01.06 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ [2013.02.03 16:18:13 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DVDVideoSoft [2013.01.04 17:37:29 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.01 16:12:38 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\FreeFLVConverter [2013.02.24 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\HandBrake [2013.01.01 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Origin [2013.01.27 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\PhotoScape [2013.01.02 15:05:13 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Publish Providers [2013.01.04 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Sony [2013.01.06 14:33:43 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\TV-Browser [2013.02.03 17:47:08 | 000,000,000 | ---D | M] -- C:\Users\Cara ***\AppData\Roaming\Video DVD Maker FREE ========== Purity Check ========== ========== Custom Scans ========== < ctivex > [2012.07.26 08:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.12.30 19:00:52 | 000,001,136 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.12.30 19:00:53 | 000,001,140 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.01.02 08:56:08 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < %SYSTEMDRIVE%\*. > [2013.01.11 14:28:30 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.07.26 08:22:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.30 18:55:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.02.19 17:55:19 | 000,000,000 | -HSD | M] -- C:\found.000 [2013.02.19 17:55:19 | 000,000,000 | -HSD | M] -- C:\found.001 [2013.02.23 12:59:45 | 000,000,000 | -HSD | M] -- C:\found.002 [2013.02.23 20:20:31 | 000,000,000 | -HSD | M] -- C:\found.003 [2012.09.19 20:19:34 | 000,000,000 | ---D | M] -- C:\Intel [2012.12.31 10:56:35 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.01.27 11:34:29 | 000,000,000 | ---D | M] -- C:\output [2012.07.26 08:33:46 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.01 16:19:05 | 000,000,000 | R--D | M] -- C:\Program Files [2013.03.01 20:53:11 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.03.01 21:56:49 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.30 18:55:21 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.16 18:40:32 | 000,000,000 | ---D | M] -- C:\sources [2013.03.01 17:55:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.30 18:57:45 | 000,000,000 | R--D | M] -- C:\Users [2013.02.03 17:47:08 | 000,000,000 | ---D | M] -- C:\videodvdmaker [2013.03.01 17:46:35 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2012.07.26 04:21:04 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2012.09.20 06:55:30 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2012.09.20 06:55:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2012.07.26 04:21:04 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2012.07.26 04:21:04 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\drivers\AGP440.sys [2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys [2012.07.26 06:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys < MD5 for: ATAPI.SYS > [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys [2012.07.26 06:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys < MD5 for: EVENTLOG.DLL > [2010.03.13 07:47:22 | 000,006,440 | ---- | M] () MD5=ACD301711FC165ED77A8D364D407BAF9 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2012.10.11 06:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe [2012.10.11 09:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe [2012.07.26 04:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe [2012.07.26 05:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe [2012.10.11 06:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe [2012.10.11 06:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe [2012.10.11 08:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe [2012.10.11 08:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe [2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe < MD5 for: IASTORV.SYS > [2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\drivers\iaStorV.sys [2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys [2012.07.26 06:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys < MD5 for: NETLOGON.DLL > [2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll [2012.07.26 04:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys [2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys [2012.07.26 06:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys < MD5 for: SCECLI.DLL > [2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll [2012.07.26 04:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll [2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll [2012.07.26 04:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll < MD5 for: USER32.DLL > [2012.07.26 04:07:39 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=1D08594400EE1B500B93256795FE30AE -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll [2012.09.20 05:09:35 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=7A4FD11444ABFA9C5D3E17123ABBD8A4 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll [2012.07.26 01:02:48 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=8A93F57772FD24959F76A65FF79D282D -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll [2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\SysNative\user32.dll [2012.09.20 07:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll [2012.09.20 07:32:34 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=AC192A41414561DA0CABD0D36F54FB22 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll [2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\SysWOW64\user32.dll [2012.09.20 05:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll < MD5 for: USERINIT.EXE > [2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe [2012.07.26 04:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe [2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe [2012.07.26 04:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.20 07:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2012.09.20 07:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe [2012.07.26 04:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe [2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe [2012.10.11 06:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe [2012.10.11 06:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe < MD5 for: WS2IFSL.SYS > [2012.07.26 03:29:29 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=58D492F986EC519ECDD54D93618758F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16384_none_a85048395191dc38\ws2ifsl.sys [2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2012.09.20 07:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16420_none_a88d287f5164cc5d\ws2ifsl.sys [2012.09.20 07:08:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FC56FEC8FB233ABC32D110D031CBC8B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.20521_none_a917c5946a81857e\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.03 21:10:37 | 000,014,609 | ---- | M] () -- C:\Users\Cara ***\Ich wurde gezüchtet.docx [2013.02.28 21:49:46 | 002,097,152 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT [2012.12.30 18:57:45 | 001,101,824 | -HS- | M] () -- C:\Users\Cara ***\ntuser.dat.LOG1 [2012.12.30 18:57:45 | 000,000,000 | -HS- | M] () -- C:\Users\Cara ***\ntuser.dat.LOG2 [2012.12.30 23:20:55 | 000,065,536 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TM.blf [2012.12.30 23:20:55 | 000,524,288 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000001.regtrans-ms [2012.12.30 23:20:55 | 000,524,288 | -HS- | M] () -- C:\Users\Cara ***\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000002.regtrans-ms [2012.12.30 18:57:45 | 000,000,020 | -HS- | M] () -- C:\Users\Cara ***\ntuser.ini [2013.02.16 16:19:14 | 000,003,072 | -H-- | M] () -- C:\Users\Cara ***\photothumb.db [2013.03.01 21:34:37 | 000,087,040 | -HS- | M] () -- C:\Users\Cara ***\Thumbs.db [2013.01.05 14:11:00 | 000,374,792 | ---- | M] () -- C:\Users\Cara ***\Unbenannt.png < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD < End of report > |
|
01.03.2013, 22:25
| #4 |
| | http://www.searchnu.com/413 Trojaner OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2013 22:07:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cara ***\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free
7,75 Gb Paging File | 5,81 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 869,80 Gb Total Space | 743,03 Gb Free Space | 85,43% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 43,45 Gb Free Space | 72,42% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: CARAS-PC | User Name: Cara *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B68E4C-A5A4-44CF-BCAC-56EC347915F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08CCA7B2-DDFE-4162-B7CC-A47902E4A755}" = rport=10243 | protocol=6 | dir=out | app=system |
"{22253DD2-6AE1-4F70-9F69-AAE9A2E91770}" = lport=10243 | protocol=6 | dir=in | app=system |
"{29539F34-D694-4CB4-A2F9-4F5CE478D6CE}" = rport=445 | protocol=6 | dir=out | app=system |
"{2AAB4B23-C9D5-45BC-B604-89BE6D2EEB25}" = lport=138 | protocol=17 | dir=in | app=system |
"{3E02AD80-4120-4549-A06E-4C4F90C5F328}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{433DDB45-22BF-41AE-9CEA-430BFA91801F}" = rport=138 | protocol=17 | dir=out | app=system |
"{43C65A05-3749-4D95-871F-83E56DAD4F01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5051AF33-6E8D-4F96-A3B0-7C60C73FBB4A}" = lport=139 | protocol=6 | dir=in | app=system |
"{7156EC06-8F3D-4B6C-B061-728F604055B3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77CB7A88-9433-409C-A515-7DF069EB4A04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87852060-0C45-447B-BF98-FEE670DAFCEC}" = lport=445 | protocol=6 | dir=in | app=system |
"{884E804A-DA3D-4472-A527-D7C52CABECD0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9659E4BB-584B-4890-8D17-9BC3C876AF9F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A572E85A-8514-4AA7-8A5B-903647D2115D}" = lport=137 | protocol=17 | dir=in | app=system |
"{AD11B4DD-5517-42F8-89E4-53B8CBFD654E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEF6312B-00C4-4764-A61D-36C0665C6E07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B57A2703-1254-4E94-AFD3-4E7369347B14}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD384C81-8CA3-4487-8D98-F616C8CA7BEE}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2ACBD46-9764-4B4F-9950-9D5FC1433EBA}" = rport=139 | protocol=6 | dir=out | app=system |
"{CA85FFCB-C72D-4085-9D2F-A51EAE9F22FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D46018CA-2265-4036-8EC3-EE1EEC077902}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDD16FF1-68F5-4865-97F0-BEF48E27CE2B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F7B55738-5557-42F5-A9AC-AE58552793E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00655923-5BB7-4785-A85B-BBDEAEDD3972}" = dir=out | name=youcam for medion |
"{02F4B44E-A5B9-407D-8483-E5AB5629736F}" = dir=out | name=ebay |
"{08CCB34F-4B1A-4D26-BAC6-2BD8E009FFC6}" = dir=out | name=meinestadt.de |
"{0F9157C9-91CC-4B34-92DD-CE4D8F8CE79C}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{13AD6058-62CA-4C9D-9DF1-F022671A796E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{18A8E11A-1663-4A94-8514-A705CF7CD211}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{18F30C86-A20E-4F03-827A-7CC9C48D84BA}" = dir=out | name=microsoft minesweeper |
"{1A1B52C9-F888-4445-8374-33D8C7DCFD4A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{1E6E1177-4F17-4039-8488-6B0845A556FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{206712B1-385A-44D6-BC33-1E5A2F486E01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{21908C60-D0C1-4B1C-A1F5-B37CC796F470}" = dir=out | name=windows_ie_ac_001 |
"{223A8DF4-59FA-4606-B75F-62ACD1DA6456}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{23131043-431D-49E0-988E-D2799B9799D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe |
"{244F30BD-C2D8-4DF3-91EB-ACFAF505F643}" = dir=out | name=fresh paint |
"{26F18540-1EFA-4B64-8A13-7B63DC43FEA6}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"{42739A05-414D-46AD-A8D9-BC57BF8BD6A0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{464EBF79-D8E3-4EC5-8938-8C5B54A9BB21}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{4845EAE7-53EE-4020-A15C-144E197403F1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{49239942-B970-464A-8D0D-7FC421669186}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{4FF9DC6D-90B4-44D3-AAA7-54AFFAACF6F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50A79994-D4E8-49FC-A770-4A648BB8A342}" = dir=out | name=accuweather for windows 8 |
"{54746EC3-C44B-4621-83BA-BB2DF0102BE0}" = protocol=6 | dir=out | app=system |
"{57DC203B-657F-4C49-B5E4-4AB9337CA046}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{59688FD3-B8E2-447A-8240-7BC19B739AE3}" = dir=out | name=pinball fx2 |
"{5DD85958-5A3A-4921-8829-7C84B4E85191}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{6066D880-FDD8-4695-A512-4BFF78F46FFB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{609A9BE2-2A08-4CDF-A8CE-90F53943D354}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{64D81E86-A92E-469A-814F-506768C95F67}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{6685F5CD-AB3C-4849-9F13-0A95F45C52BC}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{78B79C5A-BA9E-45B0-BCCA-B0836DEDF8FC}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{7B6FA823-208E-4DD6-96AD-44E0A40BB180}" = dir=out | name=taptiles |
"{7B7FD5F5-9171-4D9E-874D-93BC9775D6D8}" = dir=out | name=powerdvd for medion |
"{7E3B01EA-80A5-40B7-BAB6-A3092BCB287B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{86F290B2-9BEE-4FC3-96EC-4C47D9318D75}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{87BCDC32-57CC-4FD8-BA70-691F76EF33F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{885A02E7-BBA8-40B5-A691-37CBE1C85695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CC4C253-7D8A-4F06-9B97-5952F83A31EC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{8E7E0221-2FCF-4549-8B2A-8786E9D2DA4B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{939D7A78-9F62-47F6-AFA0-24176FB6A52F}" = dir=out | name=microsoft solitaire collection |
"{960AF0F5-1F4C-4736-8A3B-74064D23827B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{991E972C-AAF9-4AAE-AB90-18BB5D28F355}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C702839-9A66-4B66-850D-16B28F324385}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{9DDEA699-D324-4368-A7BF-39B4E4C5A7C4}" = dir=in | name=meinestadt.de |
"{A687B228-C1D1-4730-A75F-DED8F2EFDA85}" = dir=out | name=wordament |
"{A7551765-2F72-49A7-8949-405E08F7D92A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A7BAF8BF-3127-468F-BF65-11623902459C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A82F5FAF-B504-47A1-B3BF-1D6D27A811E3}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{ABE6E34C-914D-4A57-B1E2-F031A8F7F96C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B70D0818-68E4-4D34-B22C-9A3989447BAC}" = dir=in | name=pinball fx2 |
"{B7936BC3-681B-4E7E-B012-5047A24949F9}" = dir=out | name=adera |
"{B794CF27-B5FD-4683-807E-6C987686FC52}" = dir=in | name=music maker jam |
"{B8B27B44-B160-409C-A352-53BAB4F0A351}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{BB2F6AFD-A9B1-4150-A3B5-EF9CB9CFE6AD}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{BE0C00C7-49C6-4E00-8C96-DA829012B3D5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BFF873B4-0DB9-4642-9095-C03D3B162536}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C26D4732-6D30-4129-9944-25259DCADAE2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe |
"{C3D6FA28-042C-4506-84B8-303967556702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4FB41D9-BF1B-45A9-B52C-15708DB80D8A}" = dir=out | name=music maker jam |
"{CACF030E-2393-4F7D-A537-651AAB75FA29}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCF89E1C-EB01-4622-91E3-FF4939F6159B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D00D53B4-E3A5-4A0D-AF40-E4AD759CBA1D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D3A67A2D-4AD0-4CD1-B6D8-D5408B4045EC}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{DB119970-3913-485C-8C68-8F21CAAEB6DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8E111ED-7E25-4D5F-9851-B260C723E28E}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{EAE813AB-0CDE-45CB-84FB-AFA11C0FF5F0}" = dir=in | name=ebay |
"{EC7806DA-EE22-4F01-91BE-355F65C16427}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{ED7E0B58-6BB3-4B6C-A2A6-8C5E7FCFDB98}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{ED97B709-EB5C-47F5-91AD-747605F67DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"{F9EC4D89-E789-4544-A073-E70004684786}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FC75407D-4666-4303-B3CE-FB7441C6A087}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD9A749C-52A0-4764-8E9F-5E8853C86B83}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |
"{FEB4EEA7-DAB5-44C9-97CF-B21B337FD877}" = dir=out | name=microsoft mahjong |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8858A840-1D35-11E2-A8C7-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"EPSON XP-205 207 Series" = Druckerdeinstallation für EPSON XP-205 207 Series
"GIMP-2_is1" = GIMP 2.8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{034BEE25-A986-455F-BA79-48CF3A47B221}" = Windows Live UX Platform Language Pack
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema 10
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common
"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{62FF5AAC-013B-42EB-9A06-81914AB132D5}" = Photo Common
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{63B1E33F-F243-4656-A600-125D6963B43A}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7B732519-F534-4CD1-B0D3-FB2C70781444}" = Fintek_CIR
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}" = ArcSoft TV 5.0
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials
"{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack
"{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}" = QuickLaunch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{ACE848B7-145C-4230-9B95-BA9C98A51AA6}" = Fotogalerii
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E2A88871-27CB-4643-AF5B-123F897D5C67}" = Alcor Micro USB Card Reader Driver
"{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy 1.5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E630D30A-79EE-407A-8F51-9D57D1F45230}" = gs_x86
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}" = Mediathek
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F5212949-60B3-43FC-A178-4A7B0BEDAD69}" = eDocPrintPro v3.17.0
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FC78A8EE-2C7F-44A7-A2D8-9676577F9CE2}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo AppLauncher (Medion)_is1" = Ashampoo AppLauncher (Medion) v.1.0.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0
"DVBViewer Pro Demo_is1" = DVBViewer Pro DEMO
"EPSON Scanner" = EPSON Scan
"Free Audio CD Burner_is1" = Free Audio CD Burner version 2.0.22.1212
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.22.128
"Free Studio_is1" = Free Studio version 2013
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = Medion Home Cinema 10
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E2A88871-27CB-4643-AF5B-123F897D5C67}" = Alcor Micro USB Card Reader Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IT9130 DriverInstaller_12.2.3.1" = IT9130 Driver v12.2.3.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"tvbrowser" = TV-Browser 3.2.1
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.02.2013 04:59:54 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505ab405 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ea485
ID
des fehlerhaften Prozesses: 0x2148 Startzeit der fehlerhaften Anwendung: 0x01ce012390d26cda
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e8a3b48f-6d16-11e2-beaa-eca86b233bcc
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 02.02.2013 05:09:34 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 02.02.2013 05:09:36 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 02.02.2013 05:09:36 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 03.02.2013 03:45:49 | Computer Name = Caras-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Cara
***\AppData\Local\Temp\SoftwareUpdate_Temp\EPSONDC4A38 (XP-205 207 Series)\Download
Navigator\Download_Navigator_Installer\Setup.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 03.02.2013 13:42:08 | Computer Name = Caras-PC | Source = Application Hang | ID = 1002
Description = Programm dvd.exe, Version 3.32.0.80 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 28c Startzeit:
01ce022e18055016 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Video DVD Maker\dvd.exe
Berichts-ID:
04860f8d-6e29-11e2-bead-eca86b233bcc Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 08.02.2013 16:36:56 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505ab405 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ea485
ID
des fehlerhaften Prozesses: 0x34c Startzeit der fehlerhaften Anwendung: 0x01ce0549928c1b98
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 4722f988-722f-11e2-beaf-eca86b233bcc
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 10.02.2013 06:47:21 | Computer Name = Caras-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.02.2013 03:12:44 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731,
Zeitstempel: 0x4d9440c5 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000020 ID des fehlerhaften
Prozesses: 0x6a0 Startzeit der fehlerhaften Anwendung: 0x01ce04a5f242e3ec Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 41e2b6a3-7808-11e2-beaf-eca86b233bcc
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.02.2013 08:01:31 | Computer Name = Caras-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
Zeitstempel: 0x50763312 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505ab405 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000ea485
ID
des fehlerhaften Prozesses: 0xc88 Startzeit der fehlerhaften Anwendung: 0x01ce09f7580422be
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 9964b110-7830-11e2-beaf-eca86b233bcc
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ Spybot - Search and Destroy Events ]
Error - 01.03.2013 12:24:58 | Computer Name = Caras-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 20.02.2013 13:05:11 | Computer Name = Caras-PC | Source = Ntfs | ID = 131
Description = Die Dateisystemstruktur auf Volume "C:" kann nicht korrigiert werden.
Führen
Sie das Hilfsprogramm CHKDSK auf Volume "C:" aus.
Error - 20.02.2013 13:08:26 | Computer Name = Caras-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?02.?2013 um 17:25:46 unerwartet heruntergefahren.
Error - 20.02.2013 13:09:04 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen
Fehler beendet: %%2147749126
Error - 20.02.2013 13:09:04 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 20.02.2013 13:09:28 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 20.02.2013 13:09:28 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 20.02.2013 13:09:28 | Computer Name = Caras-PC | Source = DCOM | ID = 10005
Description =
Error - 20.02.2013 13:13:14 | Computer Name = Caras-PC | Source = Ntfs | ID = 55
Description = In der Dateisystemstruktur auf Volume "C:" wurde eine Beschädigung
erkannt. Die Masterdateitabelle (MFT) beinhaltet einen beschädigten Dateidatensatz.
Die Dateireferenznummer ist 0x200000002ff73. Der Name der Datei ist "\Users\Cara
***\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1".
Error - 21.02.2013 06:05:01 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Spooler erreicht.
Error - 21.02.2013 06:05:34 | Computer Name = Caras-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Spooler erreicht.
< End of report >
|
|
01.03.2013, 23:33
| #5 |
| /// Malware-holic | http://www.searchnu.com/413 Trojaner Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
:files
:Commands
[emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.03.2013, 09:02
| #6 |
| | http://www.searchnu.com/413 Trojaner Ich habe nur meinen Nachnamen unkenntlich gemacht, mein Vorname steht in den Log Files noch. Muss ich jetzt noch irgendwo was eintragen? All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Cara ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Cara *** ->Temp folder emptied: 1522978 bytes ->Temporary Internet Files folder emptied: 130 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 4892561 bytes ->Google Chrome cache emptied: 202351181 bytes ->Flash cache emptied: 711 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 30517 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 267051 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 199,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03022013_121921 Files\Folders moved on Reboot... C:\Users\Cara ***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File\Folder C:\Windows\temp\JET78BA.tmp not found! C:\Windows\temp\winstore.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
03.03.2013, 19:05
| #7 |
| /// Malware-holic | http://www.searchnu.com/413 Trojaner Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2013, 20:59
| #8 |
| | http://www.searchnu.com/413 Trojaner 20:56:24.0425 1664 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:56:24.0425 1664 UEFI system 20:56:24.0684 1664 ============================================================ 20:56:24.0684 1664 Current date / time: 2013/03/03 20:56:24.0684 20:56:24.0684 1664 SystemInfo: 20:56:24.0685 1664 20:56:24.0685 1664 OS Version: 6.2.9200 ServicePack: 0.0 20:56:24.0685 1664 Product type: Workstation 20:56:24.0685 1664 ComputerName: CARAS-PC 20:56:24.0685 1664 UserName: Cara *** 20:56:24.0685 1664 Windows directory: C:\Windows 20:56:24.0685 1664 System windows directory: C:\Windows 20:56:24.0685 1664 Running under WOW64 20:56:24.0685 1664 Processor architecture: Intel x64 20:56:24.0685 1664 Number of processors: 4 20:56:24.0685 1664 Page size: 0x1000 20:56:24.0685 1664 Boot type: Normal boot 20:56:24.0685 1664 ============================================================ 20:56:26.0019 1664 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:56:26.0026 1664 ============================================================ 20:56:26.0026 1664 \Device\Harddisk0\DR0: 20:56:26.0026 1664 GPT partitions: 20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E8DC0810-8C35-47FC-BD45-40058A12B232}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF9800 20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {92981727-7F96-4B1A-BDE0-A9052C4DF3FB}, Name: EFI system partition, StartLBA 0xFA000, BlocksNum 0x32000 20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {E86DF529-7F37-44AA-B12E-9F3FC077E4A8}, Name: Microsoft reserved partition, StartLBA 0x12C000, BlocksNum 0x40000 20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {16A5EBBD-2180-449F-A8A9-4C7B9F66B248}, Name: Basic data partition, StartLBA 0x16C000, BlocksNum 0x200000 20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7E7B1267-E59D-42F4-8C33-AF6E337CB23C}, Name: Basic data partition, StartLBA 0x36C000, BlocksNum 0x6CB9A000 20:56:26.0026 1664 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AB3FA474-4F8A-48AE-A473-C5A89893B3AD}, Name: Basic data partition, StartLBA 0x6CF06000, BlocksNum 0x7800D8F 20:56:26.0026 1664 MBR partitions: 20:56:26.0026 1664 ============================================================ 20:56:26.0045 1664 C: <-> \Device\Harddisk0\DR0\Partition5 20:56:26.0206 1664 D: <-> \Device\Harddisk0\DR0\Partition6 20:56:26.0206 1664 ============================================================ 20:56:26.0206 1664 Initialize success 20:56:26.0206 1664 ============================================================ 20:56:53.0779 4452 ============================================================ 20:56:53.0779 4452 Scan started 20:56:53.0779 4452 Mode: Manual; SigCheck; TDLFS; 20:56:53.0779 4452 ============================================================ 20:56:55.0904 4452 ================ Scan system memory ======================== 20:56:55.0904 4452 System memory - ok 20:56:55.0904 4452 ================ Scan services ============================= 20:56:56.0091 4452 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys 20:56:56.0310 4452 1394ohci - ok 20:56:56.0310 4452 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys 20:56:56.0310 4452 3ware - ok 20:56:56.0341 4452 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:56:56.0357 4452 ACPI - ok 20:56:56.0373 4452 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys 20:56:56.0388 4452 acpiex - ok 20:56:56.0404 4452 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys 20:56:56.0451 4452 acpipagr - ok 20:56:56.0466 4452 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys 20:56:56.0482 4452 AcpiPmi - ok 20:56:56.0498 4452 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys 20:56:56.0529 4452 acpitime - ok 20:56:56.0638 4452 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:56:56.0654 4452 AdobeFlashPlayerUpdateSvc - ok 20:56:56.0685 4452 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:56:56.0701 4452 adp94xx - ok 20:56:56.0701 4452 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:56:56.0716 4452 adpahci - ok 20:56:56.0716 4452 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:56:56.0732 4452 adpu320 - ok 20:56:56.0748 4452 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:56:56.0779 4452 AeLookupSvc - ok 20:56:56.0810 4452 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys 20:56:56.0841 4452 Afc - ok 20:56:56.0873 4452 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys 20:56:56.0919 4452 AFD - ok 20:56:56.0935 4452 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:56:56.0951 4452 agp440 - ok 20:56:56.0966 4452 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe 20:56:57.0013 4452 ALG - ok 20:56:57.0044 4452 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll 20:56:57.0091 4452 AllUserInstallAgent - ok 20:56:57.0123 4452 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys 20:56:57.0138 4452 AmdK8 - ok 20:56:57.0294 4452 [ 8DC532B5BF820E48194C6AFC8862FCBC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:56:57.0560 4452 amdkmdag - ok 20:56:57.0576 4452 [ AA48FEABA50C2DED9C485DFDBA044E40 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:56:57.0607 4452 amdkmdap - ok 20:56:57.0623 4452 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys 20:56:57.0654 4452 AmdPPM - ok 20:56:57.0685 4452 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:56:57.0685 4452 amdsata - ok 20:56:57.0701 4452 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:56:57.0716 4452 amdsbs - ok 20:56:57.0716 4452 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:56:57.0732 4452 amdxata - ok 20:56:57.0748 4452 [ 582AF0A7617E5FFB1D8AB4E2DD074937 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 20:56:57.0748 4452 AmUStor - ok 20:56:57.0748 4452 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys 20:56:57.0826 4452 AppID - ok 20:56:57.0841 4452 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:56:57.0873 4452 AppIDSvc - ok 20:56:57.0888 4452 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll 20:56:57.0935 4452 Appinfo - ok 20:56:57.0935 4452 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys 20:56:57.0951 4452 arc - ok 20:56:57.0982 4452 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:56:57.0982 4452 arcsas - ok 20:56:57.0982 4452 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:56:58.0029 4452 AsyncMac - ok 20:56:58.0060 4452 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys 20:56:58.0076 4452 atapi - ok 20:56:58.0138 4452 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll 20:56:58.0154 4452 AudioEndpointBuilder - ok 20:56:58.0185 4452 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:56:58.0232 4452 Audiosrv - ok 20:56:58.0326 4452 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe 20:56:58.0341 4452 AVP - ok 20:56:58.0357 4452 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:56:58.0404 4452 AxInstSV - ok 20:56:58.0435 4452 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:56:58.0466 4452 b06bdrv - ok 20:56:58.0482 4452 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys 20:56:58.0513 4452 BasicDisplay - ok 20:56:58.0529 4452 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys 20:56:58.0560 4452 BasicRender - ok 20:56:58.0607 4452 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe 20:56:58.0623 4452 BBSvc - ok 20:56:58.0638 4452 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe 20:56:58.0638 4452 BBUpdate - ok 20:56:58.0669 4452 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll 20:56:58.0701 4452 BDESVC - ok 20:56:58.0732 4452 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys 20:56:58.0779 4452 Beep - ok 20:56:58.0810 4452 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll 20:56:58.0841 4452 BFE - ok 20:56:58.0873 4452 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll 20:56:59.0279 4452 BITS - ok 20:56:59.0310 4452 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:56:59.0341 4452 bowser - ok 20:56:59.0373 4452 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll 20:56:59.0404 4452 BrokerInfrastructure - ok 20:56:59.0420 4452 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll 20:56:59.0451 4452 Browser - ok 20:56:59.0466 4452 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys 20:56:59.0498 4452 BthAvrcpTg - ok 20:56:59.0513 4452 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys 20:56:59.0545 4452 BthHFEnum - ok 20:56:59.0545 4452 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys 20:56:59.0576 4452 bthhfhid - ok 20:56:59.0576 4452 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys 20:56:59.0623 4452 BTHMODEM - ok 20:56:59.0638 4452 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll 20:56:59.0654 4452 bthserv - ok 20:56:59.0685 4452 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:56:59.0716 4452 cdfs - ok 20:56:59.0716 4452 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys 20:56:59.0779 4452 cdrom - ok 20:56:59.0810 4452 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll 20:56:59.0857 4452 CertPropSvc - ok 20:56:59.0873 4452 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys 20:56:59.0904 4452 circlass - ok 20:56:59.0904 4452 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys 20:56:59.0920 4452 CLFS - ok 20:56:59.0951 4452 [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 20:56:59.0951 4452 CLVirtualDrive - ok 20:56:59.0966 4452 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys 20:56:59.0998 4452 CmBatt - ok 20:57:00.0060 4452 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys 20:57:00.0076 4452 CNG - ok 20:57:00.0107 4452 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys 20:57:00.0138 4452 CompositeBus - ok 20:57:00.0138 4452 COMSysApp - ok 20:57:00.0170 4452 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys 20:57:00.0185 4452 condrv - ok 20:57:00.0248 4452 [ 812F0775A29FD72B86742B9279BBD355 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 20:57:00.0279 4452 cphs - ok 20:57:00.0310 4452 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:57:00.0341 4452 CryptSvc - ok 20:57:00.0388 4452 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe 20:57:00.0404 4452 CyberLink PowerDVD 10 MS Monitor Service - ok 20:57:00.0404 4452 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe 20:57:00.0420 4452 CyberLink PowerDVD 10 MS Service - ok 20:57:00.0451 4452 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys 20:57:00.0466 4452 dam - ok 20:57:00.0513 4452 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll 20:57:00.0560 4452 DcomLaunch - ok 20:57:00.0591 4452 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll 20:57:00.0654 4452 defragsvc - ok 20:57:00.0685 4452 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll 20:57:00.0716 4452 DeviceAssociationService - ok 20:57:00.0748 4452 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll 20:57:00.0779 4452 DeviceInstall - ok 20:57:00.0795 4452 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys 20:57:00.0826 4452 Dfsc - ok 20:57:00.0857 4452 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll 20:57:00.0888 4452 Dhcp - ok 20:57:00.0888 4452 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys 20:57:00.0904 4452 discache - ok 20:57:00.0904 4452 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys 20:57:00.0920 4452 disk - ok 20:57:00.0920 4452 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys 20:57:00.0951 4452 dmvsc - ok 20:57:00.0966 4452 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:57:00.0998 4452 Dnscache - ok 20:57:01.0013 4452 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll 20:57:01.0045 4452 dot3svc - ok 20:57:01.0060 4452 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll 20:57:01.0091 4452 DPS - ok 20:57:01.0107 4452 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:57:01.0138 4452 drmkaud - ok 20:57:01.0170 4452 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll 20:57:01.0185 4452 DsmSvc - ok 20:57:01.0217 4452 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\System32\drivers\dtsoftbus01.sys 20:57:01.0217 4452 dtsoftbus01 - ok 20:57:01.0263 4452 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:57:01.0310 4452 DXGKrnl - ok 20:57:01.0342 4452 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll 20:57:01.0357 4452 Eaphost - ok 20:57:01.0420 4452 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:57:01.0482 4452 ebdrv - ok 20:57:01.0498 4452 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe 20:57:01.0529 4452 EFS - ok 20:57:01.0545 4452 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys 20:57:01.0560 4452 EhStorClass - ok 20:57:01.0560 4452 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys 20:57:01.0576 4452 EhStorTcgDrv - ok 20:57:01.0592 4452 [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe 20:57:01.0607 4452 EpsonScanSvc - ok 20:57:01.0638 4452 [ 194E8100D57FC13BEF88129BAAD07E46 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE 20:57:01.0654 4452 EPSON_PM_RPCV4_04 - ok 20:57:01.0670 4452 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys 20:57:01.0701 4452 ErrDev - ok 20:57:01.0732 4452 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll 20:57:01.0779 4452 EventSystem - ok 20:57:01.0779 4452 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys 20:57:01.0810 4452 exfat - ok 20:57:01.0826 4452 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:57:01.0842 4452 fastfat - ok 20:57:01.0857 4452 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe 20:57:01.0888 4452 Fax - ok 20:57:01.0888 4452 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys 20:57:01.0920 4452 fdc - ok 20:57:01.0935 4452 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll 20:57:01.0982 4452 fdPHost - ok 20:57:01.0982 4452 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll 20:57:02.0013 4452 FDResPub - ok 20:57:02.0045 4452 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll 20:57:02.0060 4452 fhsvc - ok 20:57:02.0092 4452 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:57:02.0107 4452 FileInfo - ok 20:57:02.0123 4452 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:57:02.0154 4452 Filetrace - ok 20:57:02.0170 4452 [ B2BFF2B5FAE0460C29BD96B369FE6720 ] FintekCIR C:\Windows\system32\DRIVERS\FintekCIR.sys 20:57:02.0170 4452 FintekCIR - ok 20:57:02.0185 4452 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys 20:57:02.0217 4452 flpydisk - ok 20:57:02.0217 4452 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:57:02.0232 4452 FltMgr - ok 20:57:02.0279 4452 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll 20:57:02.0326 4452 FontCache - ok 20:57:02.0388 4452 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:57:02.0388 4452 FontCache3.0.0.0 - ok 20:57:02.0404 4452 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:57:02.0420 4452 FsDepends - ok 20:57:02.0451 4452 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:57:02.0467 4452 Fs_Rec - ok 20:57:02.0498 4452 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:57:02.0529 4452 fvevol - ok 20:57:02.0545 4452 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys 20:57:02.0560 4452 FxPPM - ok 20:57:02.0576 4452 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:57:02.0592 4452 gagp30kx - ok 20:57:02.0607 4452 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys 20:57:02.0638 4452 gencounter - ok 20:57:02.0654 4452 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys 20:57:02.0670 4452 GPIOClx0101 - ok 20:57:02.0701 4452 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll 20:57:02.0732 4452 gpsvc - ok 20:57:02.0779 4452 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:57:02.0795 4452 gupdate - ok 20:57:02.0795 4452 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:57:02.0810 4452 gupdatem - ok 20:57:02.0826 4452 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:57:02.0842 4452 gusvc - ok 20:57:02.0857 4452 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:57:02.0888 4452 HdAudAddService - ok 20:57:02.0920 4452 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys 20:57:02.0951 4452 HDAudBus - ok 20:57:02.0982 4452 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys 20:57:03.0013 4452 HidBatt - ok 20:57:03.0013 4452 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys 20:57:03.0045 4452 HidBth - ok 20:57:03.0076 4452 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys 20:57:03.0107 4452 hidi2c - ok 20:57:03.0123 4452 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys 20:57:03.0138 4452 HidIr - ok 20:57:03.0170 4452 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll 20:57:03.0185 4452 hidserv - ok 20:57:03.0217 4452 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys 20:57:03.0248 4452 HidUsb - ok 20:57:03.0263 4452 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:57:03.0295 4452 hkmsvc - ok 20:57:03.0310 4452 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:57:03.0326 4452 HomeGroupListener - ok 20:57:03.0357 4452 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:57:03.0373 4452 HomeGroupProvider - ok 20:57:03.0388 4452 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:57:03.0404 4452 HpSAMD - ok 20:57:03.0435 4452 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:57:03.0467 4452 HTTP - ok 20:57:03.0498 4452 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:57:03.0513 4452 hwpolicy - ok 20:57:03.0529 4452 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys 20:57:03.0545 4452 hyperkbd - ok 20:57:03.0560 4452 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys 20:57:03.0576 4452 HyperVideo - ok 20:57:03.0592 4452 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys 20:57:03.0654 4452 i8042prt - ok 20:57:03.0670 4452 [ 6C024B3AE192D72B216166802AF345DD ] iaStorA C:\Windows\system32\drivers\iaStorA.sys 20:57:03.0701 4452 iaStorA - ok 20:57:03.0732 4452 [ 7F7A03D03FA18A0DB2DAC37A8D620E7F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 20:57:03.0748 4452 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - warning 20:57:03.0748 4452 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic (1) 20:57:03.0779 4452 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:57:03.0779 4452 iaStorV - ok 20:57:03.0920 4452 [ B9857625DF8B539ABCB90E15B5716568 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:57:04.0107 4452 igfx - ok 20:57:04.0123 4452 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:57:04.0139 4452 iirsp - ok 20:57:04.0185 4452 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll 20:57:04.0217 4452 IKEEXT - ok 20:57:04.0295 4452 [ DC052337C24A87AA1ACC8FCE4F2D5C7F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:57:04.0357 4452 IntcAzAudAddService - ok 20:57:04.0389 4452 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 20:57:04.0435 4452 IntcDAud - ok 20:57:04.0482 4452 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 20:57:04.0498 4452 Intel(R) Capability Licensing Service Interface - ok 20:57:04.0514 4452 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys 20:57:04.0529 4452 intelide - ok 20:57:04.0545 4452 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys 20:57:04.0576 4452 intelppm - ok 20:57:04.0576 4452 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:57:04.0623 4452 IpFilterDriver - ok 20:57:04.0654 4452 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:57:04.0685 4452 iphlpsvc - ok 20:57:04.0701 4452 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys 20:57:04.0732 4452 IPMIDRV - ok 20:57:04.0732 4452 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:57:04.0748 4452 IPNAT - ok 20:57:04.0779 4452 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:57:04.0873 4452 IRENUM - ok 20:57:04.0873 4452 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:57:04.0889 4452 isapnp - ok 20:57:04.0904 4452 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys 20:57:04.0920 4452 iScsiPrt - ok 20:57:04.0935 4452 [ C432B06321E82DDB5549C60ECCA9CCCA ] IT9135BDA C:\Windows\System32\Drivers\IT9135BDA.sys 20:57:04.0982 4452 IT9135BDA - ok 20:57:05.0014 4452 [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 20:57:05.0029 4452 jhi_service - ok 20:57:05.0045 4452 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys 20:57:05.0060 4452 kbdclass - ok 20:57:05.0076 4452 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys 20:57:05.0107 4452 kbdhid - ok 20:57:05.0123 4452 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys 20:57:05.0154 4452 kdnic - ok 20:57:05.0170 4452 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe 20:57:05.0185 4452 KeyIso - ok 20:57:05.0201 4452 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys 20:57:05.0217 4452 kl1 - ok 20:57:05.0217 4452 [ F2EB9202FCCC81E0902D3C5A70037A44 ] klelam C:\Windows\system32\DRIVERS\klelam.sys 20:57:05.0217 4452 klelam - ok 20:57:05.0232 4452 [ 5D0104D068AA740A4CD75158652EA986 ] KLIF C:\Windows\system32\DRIVERS\klif.sys 20:57:05.0248 4452 KLIF - ok 20:57:05.0279 4452 [ 1B5B924D27399F41DECD1CC6D706429F ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 20:57:05.0295 4452 KLIM6 - ok 20:57:05.0295 4452 [ A0B1AE842D7C7F2FDF530A7049CB988D ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 20:57:05.0295 4452 klkbdflt - ok 20:57:05.0295 4452 [ A8FFD74947077D8BD9A80936EC24514D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 20:57:05.0310 4452 klmouflt - ok 20:57:05.0326 4452 [ FE0F2B2F8B0EA185B572BD3082593600 ] klwfp C:\Windows\system32\DRIVERS\klwfp.sys 20:57:05.0326 4452 klwfp - ok 20:57:05.0326 4452 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys 20:57:05.0342 4452 kneps - ok 20:57:05.0357 4452 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:57:05.0373 4452 KSecDD - ok 20:57:05.0404 4452 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:57:05.0420 4452 KSecPkg - ok 20:57:05.0451 4452 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:57:05.0467 4452 ksthunk - ok 20:57:05.0498 4452 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll 20:57:05.0529 4452 KtmRm - ok 20:57:05.0545 4452 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll 20:57:05.0576 4452 LanmanServer - ok 20:57:05.0592 4452 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:57:05.0623 4452 LanmanWorkstation - ok 20:57:05.0639 4452 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:57:05.0654 4452 lltdio - ok 20:57:05.0685 4452 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:57:05.0732 4452 lltdsvc - ok 20:57:05.0748 4452 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:57:05.0779 4452 lmhosts - ok 20:57:05.0810 4452 [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:57:05.0810 4452 LMS - ok 20:57:05.0842 4452 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:57:05.0857 4452 LSI_SAS - ok 20:57:05.0857 4452 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:57:05.0857 4452 LSI_SAS2 - ok 20:57:05.0873 4452 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:57:05.0873 4452 LSI_SCSI - ok 20:57:05.0889 4452 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys 20:57:05.0889 4452 LSI_SSS - ok 20:57:05.0920 4452 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll 20:57:05.0936 4452 LSM - ok 20:57:05.0967 4452 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys 20:57:05.0998 4452 luafv - ok 20:57:06.0014 4452 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 20:57:06.0014 4452 MBAMProtector - ok 20:57:06.0029 4452 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 20:57:06.0045 4452 MBAMScheduler - ok 20:57:06.0076 4452 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 20:57:06.0092 4452 MBAMService - ok 20:57:06.0092 4452 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys 20:57:06.0107 4452 megasas - ok 20:57:06.0123 4452 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:57:06.0123 4452 MegaSR - ok 20:57:06.0139 4452 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys 20:57:06.0154 4452 MEIx64 - ok 20:57:06.0201 4452 Microsoft SharePoint Workspace Audit Service - ok 20:57:06.0217 4452 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll 20:57:06.0232 4452 MMCSS - ok 20:57:06.0264 4452 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys 20:57:06.0326 4452 Modem - ok 20:57:06.0357 4452 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:57:06.0389 4452 monitor - ok 20:57:06.0404 4452 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys 20:57:06.0420 4452 mouclass - ok 20:57:06.0436 4452 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys 20:57:06.0451 4452 mouhid - ok 20:57:06.0467 4452 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:57:06.0482 4452 mountmgr - ok 20:57:06.0514 4452 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:57:06.0545 4452 MozillaMaintenance - ok 20:57:06.0545 4452 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:57:06.0576 4452 mpsdrv - ok 20:57:06.0623 4452 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:57:06.0670 4452 MpsSvc - ok 20:57:06.0686 4452 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:57:06.0717 4452 MRxDAV - ok 20:57:06.0748 4452 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:57:06.0764 4452 mrxsmb - ok 20:57:06.0779 4452 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:57:06.0795 4452 mrxsmb10 - ok 20:57:06.0795 4452 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:57:06.0826 4452 mrxsmb20 - ok 20:57:06.0857 4452 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys 20:57:06.0889 4452 MsBridge - ok 20:57:06.0904 4452 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe 20:57:06.0920 4452 MSDTC - ok 20:57:06.0936 4452 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:57:06.0998 4452 Msfs - ok 20:57:07.0014 4452 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys 20:57:07.0029 4452 msgpiowin32 - ok 20:57:07.0061 4452 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:57:07.0076 4452 mshidkmdf - ok 20:57:07.0092 4452 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys 20:57:07.0123 4452 mshidumdf - ok 20:57:07.0139 4452 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:57:07.0154 4452 msisadrv - ok 20:57:07.0201 4452 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:57:07.0232 4452 MSiSCSI - ok 20:57:07.0232 4452 msiserver - ok 20:57:07.0248 4452 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:57:07.0264 4452 MSKSSRV - ok 20:57:07.0279 4452 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys 20:57:07.0311 4452 MsLldp - ok 20:57:07.0311 4452 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:57:07.0342 4452 MSPCLOCK - ok 20:57:07.0357 4452 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:57:07.0373 4452 MSPQM - ok 20:57:07.0389 4452 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:57:07.0404 4452 MsRPC - ok 20:57:07.0420 4452 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys 20:57:07.0436 4452 mssmbios - ok 20:57:07.0436 4452 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:57:07.0467 4452 MSTEE - ok 20:57:07.0467 4452 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys 20:57:07.0498 4452 MTConfig - ok 20:57:07.0514 4452 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys 20:57:07.0529 4452 Mup - ok 20:57:07.0545 4452 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys 20:57:07.0561 4452 mvumis - ok 20:57:07.0592 4452 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll 20:57:07.0623 4452 napagent - ok 20:57:07.0639 4452 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:57:07.0654 4452 NativeWifiP - ok 20:57:07.0686 4452 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll 20:57:07.0717 4452 NcaSvc - ok 20:57:07.0717 4452 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll 20:57:07.0748 4452 NcdAutoSetup - ok 20:57:07.0779 4452 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:57:07.0811 4452 NDIS - ok 20:57:07.0842 4452 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:57:07.0857 4452 NdisCap - ok 20:57:07.0873 4452 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys 20:57:07.0904 4452 NdisImPlatform - ok 20:57:07.0936 4452 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:57:07.0967 4452 NdisTapi - ok 20:57:07.0998 4452 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:57:08.0029 4452 Ndisuio - ok 20:57:08.0045 4452 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:57:08.0061 4452 NdisWan - ok 20:57:08.0061 4452 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys 20:57:08.0076 4452 NDISWANLEGACY - ok 20:57:08.0092 4452 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:57:08.0107 4452 NDProxy - ok 20:57:08.0123 4452 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys 20:57:08.0154 4452 Ndu - ok 20:57:08.0154 4452 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:57:08.0186 4452 NetBIOS - ok 20:57:08.0186 4452 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:57:08.0217 4452 NetBT - ok 20:57:08.0232 4452 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe 20:57:08.0248 4452 Netlogon - ok 20:57:08.0264 4452 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll 20:57:08.0279 4452 Netman - ok 20:57:08.0326 4452 [ C166E3CD90AB0781ECDF10EC765B083A ] netprofm C:\Windows\System32\netprofmsvc.dll 20:57:08.0357 4452 netprofm - ok 20:57:08.0389 4452 [ BE0F20C494EBCB1899346FE973AD5EBE ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 20:57:08.0451 4452 netr28x - ok 20:57:08.0467 4452 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:57:08.0498 4452 NetTcpPortSharing - ok 20:57:08.0529 4452 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:57:08.0529 4452 nfrd960 - ok 20:57:08.0561 4452 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:57:08.0592 4452 NlaSvc - ok 20:57:08.0623 4452 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys 20:57:08.0670 4452 nmwcd - ok 20:57:08.0701 4452 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys 20:57:08.0733 4452 nmwcdc - ok 20:57:08.0764 4452 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:57:08.0779 4452 Npfs - ok 20:57:08.0795 4452 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys 20:57:08.0842 4452 npsvctrig - ok 20:57:08.0858 4452 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll 20:57:08.0873 4452 nsi - ok 20:57:08.0889 4452 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:57:08.0904 4452 nsiproxy - ok 20:57:08.0951 4452 [ 11D7A4A4A1DA60F394F53B413DCDF0DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:57:08.0998 4452 Ntfs - ok 20:57:09.0014 4452 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys 20:57:09.0029 4452 Null - ok 20:57:09.0029 4452 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:57:09.0045 4452 nvraid - ok 20:57:09.0045 4452 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:57:09.0061 4452 nvstor - ok 20:57:09.0061 4452 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:57:09.0076 4452 nv_agp - ok 20:57:09.0123 4452 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:57:09.0123 4452 ose - ok 20:57:09.0248 4452 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:57:09.0358 4452 osppsvc - ok 20:57:09.0389 4452 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:57:09.0404 4452 p2pimsvc - ok 20:57:09.0420 4452 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll 20:57:09.0451 4452 p2psvc - ok 20:57:09.0483 4452 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys 20:57:09.0498 4452 Parport - ok 20:57:09.0514 4452 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:57:09.0514 4452 partmgr - ok 20:57:09.0545 4452 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:57:09.0576 4452 PcaSvc - ok 20:57:09.0592 4452 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys 20:57:09.0592 4452 pci - ok 20:57:09.0608 4452 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys 20:57:09.0623 4452 pciide - ok 20:57:09.0639 4452 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:57:09.0654 4452 pcmcia - ok 20:57:09.0654 4452 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys 20:57:09.0670 4452 pcw - ok 20:57:09.0686 4452 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys 20:57:09.0701 4452 pdc - ok 20:57:09.0701 4452 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:57:09.0733 4452 PEAUTH - ok 20:57:09.0779 4452 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:57:09.0811 4452 PerfHost - ok 20:57:09.0858 4452 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll 20:57:09.0904 4452 pla - ok 20:57:09.0920 4452 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:57:09.0936 4452 PlugPlay - ok 20:57:09.0951 4452 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:57:09.0967 4452 PNRPAutoReg - ok 20:57:09.0983 4452 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:57:09.0998 4452 PNRPsvc - ok 20:57:10.0014 4452 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:57:10.0045 4452 PolicyAgent - ok 20:57:10.0076 4452 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll 20:57:10.0092 4452 Power - ok 20:57:10.0123 4452 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:57:10.0139 4452 PptpMiniport - ok 20:57:10.0217 4452 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll 20:57:10.0264 4452 PrintNotify - ok 20:57:10.0295 4452 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys 20:57:10.0295 4452 Processor - ok 20:57:10.0326 4452 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll 20:57:10.0342 4452 ProfSvc - ok 20:57:10.0373 4452 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:57:10.0389 4452 Psched - ok 20:57:10.0420 4452 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll 20:57:10.0436 4452 QWAVE - ok 20:57:10.0451 4452 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:57:10.0483 4452 QWAVEdrv - ok 20:57:10.0483 4452 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:57:10.0514 4452 RasAcd - ok 20:57:10.0514 4452 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:57:10.0545 4452 RasAgileVpn - ok 20:57:10.0561 4452 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll 20:57:10.0592 4452 RasAuto - ok 20:57:10.0623 4452 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:57:10.0654 4452 Rasl2tp - ok 20:57:10.0686 4452 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll 20:57:10.0733 4452 RasMan - ok 20:57:10.0733 4452 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:57:10.0733 4452 RasPppoe - ok 20:57:10.0748 4452 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:57:10.0764 4452 RasSstp - ok 20:57:10.0764 4452 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:57:10.0779 4452 rdbss - ok 20:57:10.0795 4452 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys 20:57:10.0826 4452 rdpbus - ok 20:57:10.0842 4452 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 20:57:10.0858 4452 RDPDR - ok 20:57:10.0905 4452 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 20:57:10.0905 4452 RdpVideoMiniport - ok 20:57:10.0920 4452 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:57:10.0951 4452 RDPWD - ok 20:57:10.0967 4452 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:57:10.0998 4452 rdyboost - ok 20:57:11.0014 4452 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:57:11.0045 4452 RemoteAccess - ok 20:57:11.0061 4452 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:57:11.0092 4452 RemoteRegistry - ok 20:57:11.0139 4452 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe 20:57:11.0155 4452 RichVideo64 - ok 20:57:11.0170 4452 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:57:11.0201 4452 RpcEptMapper - ok 20:57:11.0217 4452 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe 20:57:11.0248 4452 RpcLocator - ok 20:57:11.0280 4452 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll 20:57:11.0295 4452 RpcSs - ok 20:57:11.0311 4452 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:57:11.0326 4452 rspndr - ok 20:57:11.0358 4452 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys 20:57:11.0389 4452 RTL8168 - ok 20:57:11.0405 4452 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys 20:57:11.0420 4452 s3cap - ok 20:57:11.0436 4452 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe 20:57:11.0436 4452 SamSs - ok 20:57:11.0467 4452 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:57:11.0467 4452 sbp2port - ok 20:57:11.0498 4452 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:57:11.0514 4452 SCardSvr - ok 20:57:11.0545 4452 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:57:11.0576 4452 scfilter - ok 20:57:11.0608 4452 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll 20:57:11.0655 4452 Schedule - ok 20:57:11.0686 4452 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:57:11.0701 4452 SCPolicySvc - ok 20:57:11.0717 4452 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\Windows\System32\drivers\sdbus.sys 20:57:11.0733 4452 sdbus - ok 20:57:11.0748 4452 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:57:11.0780 4452 SDRSVC - ok 20:57:11.0858 4452 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 20:57:11.0889 4452 SDScannerService - ok 20:57:11.0920 4452 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys 20:57:11.0920 4452 sdstor - ok 20:57:11.0951 4452 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 20:57:11.0983 4452 SDUpdateService - ok 20:57:12.0014 4452 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 20:57:12.0014 4452 SDWSCService - ok 20:57:12.0045 4452 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:57:12.0061 4452 secdrv - ok 20:57:12.0092 4452 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll 20:57:12.0123 4452 seclogon - ok 20:57:12.0139 4452 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll 20:57:12.0170 4452 SENS - ok 20:57:12.0186 4452 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:57:12.0186 4452 SensrSvc - ok 20:57:12.0201 4452 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys 20:57:12.0217 4452 SerCx - ok 20:57:12.0248 4452 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys 20:57:12.0264 4452 Serenum - ok 20:57:12.0264 4452 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys 20:57:12.0280 4452 Serial - ok 20:57:12.0295 4452 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys 20:57:12.0373 4452 sermouse - ok 20:57:12.0420 4452 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll 20:57:12.0436 4452 SessionEnv - ok 20:57:12.0451 4452 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys 20:57:12.0467 4452 sfloppy - ok 20:57:12.0498 4452 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:57:12.0530 4452 SharedAccess - ok 20:57:12.0561 4452 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:57:12.0592 4452 ShellHWDetection - ok 20:57:12.0608 4452 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:57:12.0623 4452 SiSRaid2 - ok 20:57:12.0623 4452 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:57:12.0639 4452 SiSRaid4 - ok 20:57:12.0655 4452 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:57:12.0670 4452 SkypeUpdate - ok 20:57:12.0686 4452 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:57:12.0717 4452 SNMPTRAP - ok 20:57:12.0733 4452 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys 20:57:12.0748 4452 spaceport - ok 20:57:12.0748 4452 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys 20:57:12.0764 4452 SpbCx - ok 20:57:12.0780 4452 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe 20:57:12.0811 4452 Spooler - ok 20:57:12.0873 4452 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe 20:57:12.0967 4452 sppsvc - ok 20:57:12.0983 4452 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:57:13.0014 4452 srv - ok 20:57:13.0030 4452 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:57:13.0061 4452 srv2 - ok 20:57:13.0155 4452 [ 5A73F1714761B818D4C101B5CE2373CD ] srvcPVR C:\Program Files (x86)\Sceneo\AbsolutTV\Services\PVR\PVRService.exe 20:57:13.0202 4452 srvcPVR ( UnsignedFile.Multi.Generic ) - warning 20:57:13.0202 4452 srvcPVR - detected UnsignedFile.Multi.Generic (1) 20:57:13.0217 4452 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:57:13.0248 4452 srvnet - ok 20:57:13.0264 4452 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:57:13.0295 4452 SSDPSRV - ok 20:57:13.0311 4452 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:57:13.0327 4452 SstpSvc - ok 20:57:13.0358 4452 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:57:13.0358 4452 stexstor - ok 20:57:13.0389 4452 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll 20:57:13.0405 4452 stisvc - ok 20:57:13.0420 4452 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys 20:57:13.0436 4452 storahci - ok 20:57:13.0483 4452 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 20:57:13.0498 4452 storflt - ok 20:57:13.0530 4452 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll 20:57:13.0577 4452 StorSvc - ok 20:57:13.0592 4452 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys 20:57:13.0608 4452 storvsc - ok 20:57:13.0623 4452 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll 20:57:13.0655 4452 svsvc - ok 20:57:13.0670 4452 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys 20:57:13.0686 4452 swenum - ok 20:57:13.0702 4452 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll 20:57:13.0733 4452 swprv - ok 20:57:13.0748 4452 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll 20:57:13.0780 4452 SysMain - ok 20:57:13.0795 4452 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll 20:57:13.0827 4452 SystemEventsBroker - ok 20:57:13.0858 4452 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll 20:57:13.0873 4452 TabletInputService - ok 20:57:13.0905 4452 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll 20:57:13.0936 4452 TapiSrv - ok 20:57:13.0967 4452 [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:57:14.0014 4452 Tcpip - ok 20:57:14.0030 4452 [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:57:14.0061 4452 TCPIP6 - ok 20:57:14.0092 4452 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:57:14.0123 4452 tcpipreg - ok 20:57:14.0123 4452 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:57:14.0155 4452 tdx - ok 20:57:14.0155 4452 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys 20:57:14.0170 4452 terminpt - ok 20:57:14.0202 4452 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll 20:57:14.0217 4452 TermService - ok 20:57:14.0248 4452 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll 20:57:14.0280 4452 Themes - ok 20:57:14.0295 4452 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll 20:57:14.0311 4452 THREADORDER - ok 20:57:14.0342 4452 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll 20:57:14.0373 4452 TimeBroker - ok 20:57:14.0405 4452 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys 20:57:14.0420 4452 TPM - ok 20:57:14.0436 4452 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll 20:57:14.0452 4452 TrkWks - ok 20:57:14.0498 4452 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:57:14.0514 4452 TrustedInstaller - ok 20:57:14.0545 4452 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:57:14.0545 4452 TsUsbFlt - ok 20:57:14.0561 4452 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys 20:57:14.0577 4452 TsUsbGD - ok 20:57:14.0592 4452 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:57:14.0608 4452 tunnel - ok 20:57:14.0623 4452 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:57:14.0623 4452 uagp35 - ok 20:57:14.0639 4452 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys 20:57:14.0639 4452 UASPStor - ok 20:57:14.0655 4452 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys 20:57:14.0670 4452 UCX01000 - ok 20:57:14.0686 4452 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:57:14.0702 4452 udfs - ok 20:57:14.0717 4452 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:57:14.0748 4452 UI0Detect - ok 20:57:14.0764 4452 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:57:14.0764 4452 uliagpkx - ok 20:57:14.0858 4452 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys 20:57:14.0889 4452 umbus - ok 20:57:14.0905 4452 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys 20:57:14.0936 4452 UmPass - ok 20:57:14.0967 4452 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll 20:57:15.0014 4452 UmRdpService - ok 20:57:15.0045 4452 [ DBE2E6388379D5CC78099650541E9566 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:57:15.0061 4452 UNS - ok 20:57:15.0092 4452 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll 20:57:15.0123 4452 upnphost - ok 20:57:15.0139 4452 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 20:57:15.0170 4452 upperdev - ok 20:57:15.0186 4452 [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:57:15.0217 4452 usbaudio - ok 20:57:15.0233 4452 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys 20:57:15.0248 4452 usbccgp - ok 20:57:15.0248 4452 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys 20:57:15.0264 4452 usbcir - ok 20:57:15.0280 4452 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys 20:57:15.0295 4452 usbehci - ok 20:57:15.0311 4452 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys 20:57:15.0327 4452 usbhub - ok 20:57:15.0358 4452 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys 20:57:15.0373 4452 USBHUB3 - ok 20:57:15.0373 4452 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys 20:57:15.0389 4452 usbohci - ok 20:57:15.0420 4452 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys 20:57:15.0436 4452 usbprint - ok 20:57:15.0452 4452 [ 72334EC4B3FD4EB270623E32E701B57D ] usbser C:\Windows\system32\drivers\usbser.sys 20:57:15.0483 4452 usbser - ok 20:57:15.0499 4452 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 20:57:15.0530 4452 UsbserFilt - ok 20:57:15.0545 4452 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS 20:57:15.0545 4452 USBSTOR - ok 20:57:15.0577 4452 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys 20:57:15.0592 4452 usbuhci - ok 20:57:15.0623 4452 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 20:57:15.0639 4452 usbvideo - ok 20:57:15.0670 4452 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS 20:57:15.0686 4452 USBXHCI - ok 20:57:15.0686 4452 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe 20:57:15.0702 4452 VaultSvc - ok 20:57:15.0733 4452 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:57:15.0733 4452 vdrvroot - ok 20:57:15.0764 4452 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe 20:57:15.0795 4452 vds - ok 20:57:15.0811 4452 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys 20:57:15.0827 4452 VerifierExt - ok 20:57:15.0842 4452 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys 20:57:15.0858 4452 vhdmp - ok 20:57:15.0858 4452 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys 20:57:15.0858 4452 viaide - ok 20:57:15.0874 4452 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys 20:57:15.0874 4452 vmbus - ok 20:57:15.0874 4452 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys 20:57:15.0889 4452 VMBusHID - ok 20:57:15.0936 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll 20:57:15.0952 4452 vmicheartbeat - ok 20:57:15.0967 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll 20:57:15.0967 4452 vmickvpexchange - ok 20:57:15.0983 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll 20:57:15.0983 4452 vmicrdv - ok 20:57:15.0999 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll 20:57:15.0999 4452 vmicshutdown - ok 20:57:16.0014 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll 20:57:16.0014 4452 vmictimesync - ok 20:57:16.0014 4452 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll 20:57:16.0030 4452 vmicvss - ok 20:57:16.0061 4452 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:57:16.0061 4452 volmgr - ok 20:57:16.0061 4452 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:57:16.0077 4452 volmgrx - ok 20:57:16.0092 4452 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:57:16.0092 4452 volsnap - ok 20:57:16.0108 4452 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys 20:57:16.0124 4452 vpci - ok 20:57:16.0124 4452 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:57:16.0139 4452 vsmraid - ok 20:57:16.0170 4452 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe 20:57:16.0233 4452 VSS - ok 20:57:16.0233 4452 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys 20:57:16.0249 4452 VSTXRAID - ok 20:57:16.0264 4452 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 20:57:16.0280 4452 vwifibus - ok 20:57:16.0295 4452 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:57:16.0311 4452 vwififlt - ok 20:57:16.0311 4452 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 20:57:16.0342 4452 vwifimp - ok 20:57:16.0358 4452 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll 20:57:16.0389 4452 W32Time - ok 20:57:16.0405 4452 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys 20:57:16.0405 4452 WacomPen - ok 20:57:16.0436 4452 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:57:16.0452 4452 Wanarp - ok 20:57:16.0467 4452 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:57:16.0467 4452 Wanarpv6 - ok 20:57:16.0499 4452 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe 20:57:16.0545 4452 wbengine - ok 20:57:16.0561 4452 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:57:16.0592 4452 WbioSrvc - ok 20:57:16.0592 4452 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll 20:57:16.0608 4452 Wcmsvc - ok 20:57:16.0639 4452 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:57:16.0655 4452 wcncsvc - ok 20:57:16.0686 4452 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:57:16.0702 4452 WcsPlugInService - ok 20:57:16.0733 4452 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys 20:57:16.0733 4452 Wd - ok 20:57:16.0749 4452 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys 20:57:16.0749 4452 WdBoot - ok 20:57:16.0780 4452 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:57:16.0795 4452 Wdf01000 - ok 20:57:16.0811 4452 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys 20:57:16.0811 4452 WdFilter - ok 20:57:16.0842 4452 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:57:16.0858 4452 WdiServiceHost - ok 20:57:16.0858 4452 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:57:16.0874 4452 WdiSystemHost - ok 20:57:16.0889 4452 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll 20:57:16.0920 4452 WebClient - ok 20:57:16.0936 4452 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:57:16.0952 4452 Wecsvc - ok 20:57:16.0967 4452 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:57:17.0014 4452 wercplsupport - ok 20:57:17.0030 4452 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll 20:57:17.0045 4452 WerSvc - ok 20:57:17.0077 4452 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys 20:57:17.0092 4452 WFPLWFS - ok 20:57:17.0124 4452 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll 20:57:17.0139 4452 WiaRpc - ok 20:57:17.0155 4452 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:57:17.0155 4452 WIMMount - ok 20:57:17.0186 4452 WinDefend - ok 20:57:17.0233 4452 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll 20:57:17.0249 4452 WinHttpAutoProxySvc - ok 20:57:17.0311 4452 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:57:17.0342 4452 Winmgmt - ok 20:57:17.0389 4452 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll 20:57:17.0452 4452 WinRM - ok 20:57:17.0483 4452 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:57:17.0514 4452 WinUsb - ok 20:57:17.0545 4452 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll 20:57:17.0592 4452 WlanSvc - ok 20:57:17.0624 4452 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll 20:57:17.0671 4452 wlidsvc - ok 20:57:17.0702 4452 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys 20:57:17.0702 4452 WmiAcpi - ok 20:57:17.0733 4452 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:57:17.0749 4452 wmiApSrv - ok 20:57:17.0780 4452 WMPNetworkSvc - ok 20:57:17.0796 4452 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys 20:57:17.0827 4452 wpcfltr - ok 20:57:17.0858 4452 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:57:17.0874 4452 WPCSvc - ok 20:57:17.0889 4452 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:57:17.0921 4452 WPDBusEnum - ok 20:57:17.0936 4452 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys 20:57:17.0952 4452 WpdUpFltr - ok 20:57:17.0967 4452 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:57:17.0999 4452 ws2ifsl - ok 20:57:18.0014 4452 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll 20:57:18.0030 4452 wscsvc - ok 20:57:18.0061 4452 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys 20:57:18.0077 4452 WSDPrintDevice - ok 20:57:18.0092 4452 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\System32\drivers\WSDScan.sys 20:57:18.0124 4452 WSDScan - ok 20:57:18.0124 4452 WSearch - ok 20:57:18.0186 4452 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll 20:57:18.0233 4452 WSService - ok 20:57:18.0280 4452 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll 20:57:18.0358 4452 wuauserv - ok 20:57:18.0374 4452 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:57:18.0389 4452 WudfPf - ok 20:57:18.0405 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys 20:57:18.0421 4452 WUDFRd - ok 20:57:18.0421 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys 20:57:18.0436 4452 WUDFSensorLP - ok 20:57:18.0467 4452 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:57:18.0483 4452 wudfsvc - ok 20:57:18.0483 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys 20:57:18.0499 4452 WUDFWpdFs - ok 20:57:18.0499 4452 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys 20:57:18.0514 4452 WUDFWpdMtp - ok 20:57:18.0546 4452 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll 20:57:18.0561 4452 WwanSvc - ok 20:57:18.0577 4452 ================ Scan global =============================== 20:57:18.0608 4452 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll 20:57:18.0639 4452 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll 20:57:18.0655 4452 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll 20:57:18.0686 4452 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe 20:57:18.0686 4452 [Global] - ok 20:57:18.0686 4452 ================ Scan MBR ================================== 20:57:18.0702 4452 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 20:57:18.0764 4452 \Device\Harddisk0\DR0 - ok 20:57:18.0764 4452 ================ Scan VBR ================================== 20:57:18.0764 4452 [ 34CE1BCAC45C56D9F7BAFD48EDB7C575 ] \Device\Harddisk0\DR0\Partition1 20:57:18.0764 4452 \Device\Harddisk0\DR0\Partition1 - ok 20:57:18.0811 4452 [ BB638046B5045681E05FD2454FBB5943 ] \Device\Harddisk0\DR0\Partition2 20:57:18.0811 4452 \Device\Harddisk0\DR0\Partition2 - ok 20:57:18.0811 4452 [ 9D327BA77F9A4BB193707A464C3EE21D ] \Device\Harddisk0\DR0\Partition3 20:57:18.0811 4452 \Device\Harddisk0\DR0\Partition3 - ok 20:57:18.0827 4452 [ 39F6509B51FBCCD9C4D860897621ABB8 ] \Device\Harddisk0\DR0\Partition4 20:57:18.0827 4452 \Device\Harddisk0\DR0\Partition4 - ok 20:57:18.0843 4452 [ D05D5C4D54B3C1DF55828FCA60EB5E09 ] \Device\Harddisk0\DR0\Partition5 20:57:18.0843 4452 \Device\Harddisk0\DR0\Partition5 - ok 20:57:18.0874 4452 [ 2BF83185E0C5635C3292EA62D7E7DA32 ] \Device\Harddisk0\DR0\Partition6 20:57:18.0874 4452 \Device\Harddisk0\DR0\Partition6 - ok 20:57:18.0874 4452 ============================================================ 20:57:18.0874 4452 Scan finished 20:57:18.0874 4452 ============================================================ 20:57:18.0889 4608 Detected object count: 2 20:57:18.0889 4608 Actual detected object count: 2 20:57:50.0428 4608 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:57:50.0429 4608 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:57:50.0429 4608 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user 20:57:50.0429 4608 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
03.03.2013, 21:22
| #9 |
| /// Malware-holic | http://www.searchnu.com/413 Trojaner Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2013, 21:36
| #10 |
| | http://www.searchnu.com/413 Trojaner Ich habe Windows 8. Er zeigt mir an, dass er auf meinem BEtriebssystem nicht funktioniert. |
|
03.03.2013, 21:37
| #11 |
| /// Malware-holic | http://www.searchnu.com/413 Trojaner sorry bitte mal Malwarebytes updaten und vollständigen Scan ausführen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 21:40
| #12 |
| | http://www.searchnu.com/413 Trojaner Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.04.09 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16484 Cara ***:: CARAS-PC [Administrator] Schutz: Deaktiviert 04.03.2013 20:50:27 mbam-log-2013-03-04 (20-50-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 477670 Laufzeit: 46 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Kein Fund allerdings befinden sich immer noch Dateien in der Quarantäne von Spybot. Und wie mache ich das mit dem CODE Format. Am Anfang hat es ja geklappt nur jetzt nicht mehr. |
|
04.03.2013, 22:10
| #13 |
| /// Malware-holic | http://www.searchnu.com/413 Trojaner klick auf antworten und da kannst du die codetaks einsehen Code:
ATTFilter
CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:22
| #14 |
| | http://www.searchnu.com/413 Trojaner 7-Zip 9.22 (x64 edition) Igor Pavlov 18.01.2013 4,75MB 9.22.00.0 unnötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 28.02.2013 6,00MB 11.6.602.171 notwendig Alcor Micro USB Card Reader Driver Alcor Micro Corp. 19.09.2012 9.1716.6366.1700 unbekannt ArcSoft TV 5.0 ArcSoft 02.11.2012 67,1MB 5.0.8.133 notwendig Ashampoo AppLauncher (Medion) v.1.0.0 Ashampoo GmbH & Co. KG 19.09.2012 310MB 1.0.0 unbekannt Bing Bar Microsoft Corporation 11.01.2013 464KB 7.1.391.0 unbekannt CCleaner Piriform 25.02.2013 3.28 notwendig CyberLink PhotoDirector 3 CyberLink Corp. 19.09.2012 211MB 3.0.3124 unbekannt CyberLink PhotoNow CyberLink Corp. 19.09.2012 21,7MB 1.1.7717 unbekannt CyberLink PowerRecover CyberLink Corp. 02.11.2012 5.7.0.0913 unbekannt D-i-v-X AVI Codec Pack Pro 2.4.0 D-i-v-X AVI Codec Pack Pro 04.01.2013 unnötig DAEMON Tools Lite DT Soft Ltd 01.03.2013 4.46.1.0327 notwendig Die Sims™ 3 Electronic Arts 17.01.2013 1.47.6 unnötig Download Navigator SEIKO EPSON CORPORATION 02.02.2013 6,15MB 3.4.1 unbekannt Druckerdeinstallation für EPSON XP-205 207 Series SEIKO EPSON Corporation 18.01.2013 unbekannt DVBViewer Pro DEMO CM&V 06.01.2013 9,42MB 4.8.1 unbekannt eDocPrintPro v3.17.0 MAY-Computer 23.02.2013 8,44MB 3.17.0 notwendig Epson Connect Printer Setup SEIKO EPSON CORPORATION 02.02.2013 8,32MB 1.1.1 notwendig EPSON Scan Seiko Epson Corporation 02.02.2013 notwendig Fintek_CIR Fintek_Inc 19.09.2012 2.00.0000 unbekannt Free Audio CD Burner version 2.0.22.1212 DVDVideoSoft Ltd. 23.01.2013 62,7MB 2.0.22.1212 unnötig Free FLV Converter V 7.5.0 Koyote Soft 01.03.2013 17,6MB 7.5.0.0 unnötig (von denen kommt der Virus) Free MP4 Video Converter version 5.0.22.128 DVDVideoSoft Ltd. 29.01.2013 73,6MB 5.0.22.128 unnötig Free Studio version 2013 DVDVideoSoft Ltd. 29.01.2013 413MB 6.0.0.128 unnötig Free YouTube Download version 3.1.42.1212 DVDVideoSoft Ltd. 31.12.2012 67,8MB 3.1.42.1212 unnötig Free YouTube to MP3 Converter version 3.11.37.1212 DVDVideoSoft Ltd. 04.01.2013 72,7MB 3.11.37.1212 unnötig GIMP 2.8.2 The GIMP Team 04.01.2013 234MB 2.8.2 notwendig Google Chrome Google Inc. 30.12.2012 25.0.1364.97 notwendig Google Drive Google, Inc. 16.01.2013 16,2MB 1.7.4018.3496 unnötig gs_x86 MAY-Computer 23.02.2013 33,6MB 9.00 unbekannt HandBrake 0.9.8 24.02.2013 0.9.8 unnötig Intel(R) Management Engine Components Intel Corporation 10.10.2012 8.1.0.1252 Intel(R) Processor Graphics Intel Corporation 10.10.2012 9.17.10.2843 Intel(R) Rapid Storage Technology Intel Corporation 10.10.2012 11.5.4.1001 Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 10.10.2012 2.0.0.37149 alle vier unbekannt IT9130 Driver v12.2.3.1 02.11.2012 unbekannt Java 7 Update 15 Oracle 23.02.2013 129MB 7.0.150 notwendig K-Lite Codec Pack 5.2.0 (Full) 03.02.2013 5.2.0 unnötig Kaspersky Internet Security 2013 Kaspersky Lab 16.09.2012 13.0.1.4190 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 01.03.2013 18,5MB 1.70.0.1100 notwendig Mediathek Medion 16.09.2012 2,06MB 1.4.0 notwendig Medion Home Cinema 10 CyberLink Corp. 02.11.2012 1,66GB 10.0 unnötig Microsoft Office Professional Plus 2010 Microsoft Corporation 31.12.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 16.09.2012 40,4MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 16.09.2012 1,92MB 3.1.0000unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.09.2012 4,84MB 8.0.56336unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 19.09.2012 13,2MB 9.0.30729unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 31.12.2012 13,2MB 9.0.30729.6161unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 06.01.2013 5,95MB 9.0.21022unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.09.2012 10,2MB 9.0.30729unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.09.2012 8,69MB 9.0.30729.4148unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 31.12.2012 10,1MB 9.0.30729.6161unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 19.09.2012 13,8MB 10.0.40219unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.09.2012 11,1MB 10.0.40219unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 31.12.2012 1,76MB 3.0.5305.0unbekannt Mozilla Firefox 18.0 (x86 de) Mozilla 14.01.2013 43,2MB 18.0 unnötig Mozilla Maintenance Service Mozilla 14.01.2013 330KB 18.0 unbekannt Nokia Connectivity Cable Driver 13.01.2013 7.1.32.69 unbekannt Origin Electronic Arts, Inc. 31.12.2012 9.1.3.2637 unnötig PhotoScape 05.01.2013 notwendig Picasa 3 Google, Inc. 27.01.2013 3.8 notwedig PowerDirector CyberLink Corp. 10.10.2012 297MB 9.0.0.3815c unbekannt PowerRecover CyberLink Corp. 10.10.2012 5.7.0.0913 unbekannt QuickLaunch Lenovo Group Limited 19.09.2012 2,28MB 1.00.0019 unbekannt Ralink RT2860 Wireless LAN Card Ralink 19.09.2012 1.2.0.40 unbekannt Realtek Ethernet Controller Driver Realtek 19.09.2012 8.3.730.2012 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.09.2012 6.0.1.6710 unbekannt Sceneo AbsolutTV 06.01.2013 unnötig Skype™ 6.1 Skype Technologies S.A. 29.01.2013 21,1MB 6.1.129 notwenig Spybot - Search & Destroy Safer-Networking Ltd. 01.03.2013 135MB 2.0.12 unnötig System Requirements Lab Detection Husdawg, LLC 01.01.2013 631KB 1.0.5.0 unnötig TV-Browser 3.2.1 TV-Browser Team 06.01.2013 3.2.1 unnötig Vegas Pro 12.0 (64-bit) Sony 02.01.2013 563MB 12.0.394 unnötig Video DVD Maker v3.32.0.80 03.02.2013 unnötig VLC media player 2.0.5 VideoLAN 30.12.2012 2.0.5 notwendig Windows Live Essentials Microsoft Corporation 08.10.2012 16.4.3505.0912 unnötig |
|
04.03.2013, 22:25
| #15 |
| /// Malware-holic | http://www.searchnu.com/413 Trojaner deinstaliere: 7-Zip Ashampoo Bing CyberLink : alle Die Sims™ Download Navigator DVBViewer Free : alle Google Drive HandBrake K-Lite Origin PowerDirector PowerRecover Sceneo Spybot TV-Browser Vegas Video DVD Windows Live Öffne CCleaner analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu http://www.searchnu.com/413 Trojaner |
| administrator, anti-malware, autostart, beseitigt, bösartige, chip.de, dateien, ergebnis, explorer, heute, mbam, minute, nichts, player, plötzlich, registrierung, schei, schöne, schönen, seite, speicher, test, troja, trojaner, version, virus |
WARNUNG an die MITLESER: 
Linear-Darstellung
