| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.03.2013, 16:43
| #1 |
 |  Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Hallo, Ich bin heute zum ersten Mal auf Trojaner-Board.de und brauche auch gleich Hilfe. Auslöser meines Problems war eine Gratissoftware, die ich von chip.de heruntergeladen habe. Während der Installation wollte sich wieder zusätzlich eine von den lästigen Tool-Bars installieren. Ich war der Meinung ich hätte das verhindert, aber kurz darauf bekamm ich von Avira folgende Warnung: Typ: Datei Quelle:C:\Users\***\AppData\Roaming\OpenCandy\3C36B619031F4D689626F0E291522B08\Installer.exe Status: Infiziert Quarantäne-Objekt: 568842f8.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows XP/VISTA Workstation/Windows 7 Suchengine: 8.02.12.10 Virendefinitionsdatei: 7.11.63.170 Meldung: TR/Downloader.Gen Datum/Uhrzeit: 05.03.2013, 13:44 Ich wollte die Datei erst einmal bei Avira hochladen, aber das schlug ständig fehl. Im Netz fand ich dann einige Betreige zu diesem Trojaner, die waren aber aus dem Jahr 2009 und noch älter. Über folgendes Forum kam ich dann auf Trojaner-Board. hxxp://hxxp://www.winboard.org/security-firewall-virenabwehr/112573-virus-tr-downloader-gen.htm Ich habe mir die Beiträge durchgelesen, bin mir aber nicht sicher, ob das für mich auch anwendbar ist bzw. ob Einträge von vor 5 Jahren noch so hilfreich sind. Zudem mache ich das zum ersten Mal, daher möchte ich nicht alles noch schlimmer machen. Zudem befindet sich noch dieser Trojaner Offend.kdv.484085.1 auf meinem Computer, von dem ich auch nicht weiß, um welche Art es sich da handeln soll. Ich habe nun entsprechend den Regeln die drei log files erstellt. OTL (ist zu groß für Anhang) Code:
ATTFilter OTL logfile created on: 05.03.2013 14:54:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,91 Gb Total Physical Memory | 3,66 Gb Available Physical Memory | 61,93% Memory free 11,81 Gb Paging File | 9,09 Gb Available in Paging File | 76,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,66 Gb Total Space | 669,67 Gb Free Space | 73,06% Space Free | Partition Type: NTFS Computer Name: DELL | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.05 14:46:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.02.12 07:48:00 | 003,674,248 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.10 07:53:29 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012.07.02 16:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe PRC - [2012.05.14 15:13:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.14 15:13:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 15:13:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.14 15:13:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.06.29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\StageRemoteService.exe PRC - [2011.06.28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\StageRemote.exe PRC - [2011.06.02 20:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe PRC - [2011.06.02 18:11:20 | 000,725,504 | ---- | M] (DELL COMPUTER INC.) -- C:\Program Files (x86)\DELL\DELLOSD\DELLOSD.exe PRC - [2011.05.27 23:33:46 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe PRC - [2011.04.13 16:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2011.04.01 23:08:30 | 000,660,480 | ---- | M] (DELL) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe PRC - [2011.03.30 20:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.03.30 20:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.03.30 20:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.03.30 20:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- c:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.01.13 01:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe PRC - [2010.12.20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.06 21:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe PRC - [2010.12.01 21:07:46 | 000,176,128 | ---- | M] (Chicony) -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.11.02 04:40:30 | 002,006,664 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe PRC - [2010.11.02 04:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe PRC - [2010.11.02 04:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe PRC - [2010.10.27 03:27:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2010.10.01 22:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe ========== Modules (No Company Name) ========== MOD - [2013.02.18 15:04:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.14 09:03:44 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.14 08:35:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.14 08:35:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.14 08:34:41 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.14 08:34:13 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.14 08:34:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.14 08:34:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.14 08:33:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.14 08:33:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.14 08:33:52 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.02.01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2012.02.01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2012.02.01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.10.05 03:28:51 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.06.29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\StageRemoteService.exe MOD - [2011.06.28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\StageRemote.exe MOD - [2011.06.28 01:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\DataService.dll MOD - [2011.06.25 05:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\de-DE\UI\ManagerUI.dll MOD - [2011.06.25 05:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\sqlite3.dll MOD - [2011.06.02 20:27:58 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2011.01.13 01:17:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\DELL\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe MOD - [2010.12.06 21:37:54 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.11.02 04:40:34 | 000,087,176 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll MOD - [2010.11.02 04:40:30 | 000,057,480 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll MOD - [2010.11.02 04:40:24 | 000,248,968 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll MOD - [2010.03.22 21:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\QtGui4.dll MOD - [2010.03.17 02:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\QtXml4.dll MOD - [2010.03.17 02:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\QtNetwork4.dll MOD - [2010.03.17 02:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\QtCore4.dll MOD - [2010.03.12 01:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010.03.12 01:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010.03.05 21:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010.03.05 21:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\DELL\Stage Remote\plugins\imageformats\qico4.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.02 20:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.05.02 20:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.05.02 20:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.04.21 15:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.04.21 14:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.11.17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.02.28 12:00:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 07:48:08 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.25 20:02:18 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2012.05.14 15:13:19 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.14 15:13:19 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 15:13:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.14 15:13:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.05.27 23:33:46 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe -- (Dell WMI Service) SRV - [2011.03.30 20:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.03.30 20:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.03.30 20:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.12.20 21:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.20 21:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.01 21:07:46 | 000,176,128 | ---- | M] (Chicony) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe -- (OSDSvc) SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.11.02 04:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService) SRV - [2010.10.27 00:26:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.08.26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.05 14:10:55 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.14 15:13:19 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 15:13:19 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:06:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.05 03:28:57 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.05 03:28:57 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.05.21 22:21:58 | 012,229,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.05.17 15:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.05.17 15:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.05.03 20:45:40 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.05.02 14:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.04.21 15:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.04.21 15:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.03.23 00:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.03.16 03:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.03.08 20:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.03.08 20:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.01.20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010.12.29 06:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.27 20:42:12 | 001,800,576 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64) DRV:64bit: - [2010.07.14 02:57:06 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 02:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.09.25 02:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP) DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.10.05 01:49:33 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011.10.05 01:49:33 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ramona\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ramona\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011.10.05 02:11:28 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB13 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Ramona\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ramona\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ramona\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Ramona\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Veoh Web Player = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe\10.14.251.3_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Tanjore Art by Chrome = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfcchohaakhlldlfpkfchmbfdpkiakp\1.1_0\ CHR - Extension: Google Mail = C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision ) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] c:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Chicony_OSD] C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe () O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DELLOSD] C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe () O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [StickyNotesWidget] c:\Program Files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe () O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CF1D737-D90D-40EA-8459-90EA42EEC00D}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D771025A-E767-4605-A3EA-C056DE9DBA76}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.05 14:46:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe [2013.03.05 14:10:55 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.03.05 14:10:55 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\Spyware Terminator [2013.03.05 14:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013.03.05 14:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013.03.05 14:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2013.03.05 13:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.05 13:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.01 12:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.28 12:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.02.28 12:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.02.27 11:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.27 11:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.27 11:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.02.27 11:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.27 11:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.02.27 11:12:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.21 12:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.19 16:53:56 | 000,000,000 | ---D | C] -- C:\Users\Ramona\Desktop\Sonstiges [2013.02.18 10:13:03 | 000,000,000 | ---D | C] -- C:\Users\Ramona\AppData\Roaming\Skype [2013.02.05 11:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.02.05 11:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.02.05 11:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.05 14:57:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.05 14:53:15 | 000,000,000 | ---- | M] () -- C:\Users\Ramona\defogger_reenable [2013.03.05 14:51:33 | 000,377,856 | ---- | M] () -- C:\Users\Ramona\Desktop\gmer_2.1.19155.exe [2013.03.05 14:51:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1814384172-3639678979-3229759531-1001UA.job [2013.03.05 14:51:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1814384172-3639678979-3229759531-1001Core.job [2013.03.05 14:46:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ramona\Desktop\OTL.exe [2013.03.05 14:46:35 | 000,050,477 | ---- | M] () -- C:\Users\Ramona\Desktop\Defogger.exe [2013.03.05 14:10:55 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.03.05 14:10:54 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.03.05 13:49:25 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.05 13:49:25 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.05 13:46:19 | 001,614,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.05 13:46:19 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.05 13:46:19 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.05 13:46:19 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.05 13:46:19 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.05 13:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.05 13:41:49 | 462,233,599 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 12:23:34 | 000,002,048 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.27 11:14:37 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.25 08:52:30 | 000,002,380 | ---- | M] () -- C:\Users\Ramona\Desktop\Google Chrome.lnk [2013.02.18 15:03:31 | 000,462,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.18 10:08:48 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.05 14:53:15 | 000,000,000 | ---- | C] () -- C:\Users\Ramona\defogger_reenable [2013.03.05 14:51:32 | 000,377,856 | ---- | C] () -- C:\Users\Ramona\Desktop\gmer_2.1.19155.exe [2013.03.05 14:46:33 | 000,050,477 | ---- | C] () -- C:\Users\Ramona\Desktop\Defogger.exe [2013.03.05 14:10:54 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013.02.28 12:00:11 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.27 11:14:37 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.19 20:33:23 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.12.19 20:33:22 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.12.19 20:33:22 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini [2011.12.19 20:33:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.12.19 20:33:14 | 000,008,981 | ---- | C] () -- C:\Windows\HL-2030.INI [2011.12.19 20:32:28 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.12.19 20:32:28 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2011.12.19 17:38:57 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.12.19 17:38:57 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_6B071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_5B011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_3B011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_1C011461_61.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2011.10.05 03:19:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2011.10.05 03:19:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2011.10.05 03:19:23 | 000,000,436 | ---- | C] () -- C:\Windows\11317231_1C0F1461_41.bin [2011.10.05 03:19:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2011.10.05 03:19:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_3B0f1461_ca.bin [2011.10.05 03:19:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin [2011.10.05 03:19:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2011.10.05 03:19:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin [2011.10.05 03:19:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2011.10.05 03:19:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2011.10.05 03:19:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2011.10.05 03:19:23 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_0B001461_aa.bin [2011.10.05 03:19:23 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2011.10.05 03:19:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.10.05 03:19:08 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.10.05 03:19:07 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.10.05 03:19:06 | 013,787,648 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.10.05 03:19:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.05 13:35:32 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\DVDVideoSoft [2012.08.24 17:03:24 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.19 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\Fingertapps [2011.12.19 17:17:02 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\Leadertech [2013.03.05 13:35:32 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\OpenCandy [2011.12.21 11:02:12 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\PCDr [2012.01.30 08:49:45 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\SoftGrid Client [2013.03.05 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\Spyware Terminator [2012.01.16 10:54:30 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\TP [2011.12.20 13:53:52 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\Ubisoft [2013.03.05 13:43:42 | 000,000,000 | ---D | M] -- C:\Users\Ramona\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Für jegliche Hilfe bin ich sehr dankbar! Liebe Grüße, Ramona |
|
05.03.2013, 16:47
| #2 |
| /// Malware-holic   | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Hi,
__________________dropper.gen ist eh eine erkennung, für millionen verschiedener schädlinge. otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [FAStartup] File not found
O8:64bit: - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
__________________ |
|
05.03.2013, 17:35
| #3 |
| | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Hallo,
__________________danke für die schnelle Antwort. Ich muss leider noch einmal nachfragen: Wo würde der Benutzername stehen müssen? bei (no name)? Ich habe nämlich wie in der Anleitung gefordert diese Sternchen ein paar mal verwendet. Sorry noch einmal für die blöde Frage. danke |
|
05.03.2013, 18:21
| #4 |
| /// Malware-holic | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) hier garnicht, immer wenn in einem meiner Scripts *** auftaucht bzw das Zeichen was du verwendet hast, dann müsstest du da was einsetzen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2013, 18:31
| #5 |
| | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) ok, danke. So, jetzt habe ich das genau so gemacht. Hier das Textdokument: Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Ramona
->Temp folder emptied: 874202 bytes
->Temporary Internet Files folder emptied: 262090652 bytes
->Java cache emptied: 300876 bytes
->Google Chrome cache emptied: 380572863 bytes
->Apple Safari cache emptied: 1031168 bytes
->Flash cache emptied: 58783 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5490132 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 620,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03052013_182631
Files\Folders moved on Reboot...
C:\Users\Ramona\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
05.03.2013, 18:39
| #6 |
| /// Malware-holic | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Hi, und sogar richtig gemacht :-) Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) |
|
05.03.2013, 18:49
| #7 |
| | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Super, das freut mich. Habe den Scan durchgeführt. Es war kein Logfile zum speichern, aber ich habe den Report: Code:
ATTFilter 18:44:04.0641 10388 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:44:04.0795 10388 ============================================================
18:44:04.0795 10388 Current date / time: 2013/03/05 18:44:04.0795
18:44:04.0795 10388 SystemInfo:
18:44:04.0795 10388
18:44:04.0795 10388 OS Version: 6.1.7601 ServicePack: 1.0
18:44:04.0795 10388 Product type: Workstation
18:44:04.0795 10388 ComputerName: RAMONA-DELL
18:44:04.0795 10388 UserName: Ramona
18:44:04.0795 10388 Windows directory: C:\Windows
18:44:04.0795 10388 System windows directory: C:\Windows
18:44:04.0795 10388 Running under WOW64
18:44:04.0795 10388 Processor architecture: Intel x64
18:44:04.0795 10388 Number of processors: 4
18:44:04.0795 10388 Page size: 0x1000
18:44:04.0795 10388 Boot type: Normal boot
18:44:04.0795 10388 ============================================================
18:44:05.0236 10388 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:44:05.0240 10388 ============================================================
18:44:05.0240 10388 \Device\Harddisk0\DR0:
18:44:05.0240 10388 MBR partitions:
18:44:05.0240 10388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
18:44:05.0240 10388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
18:44:05.0240 10388 ============================================================
18:44:05.0261 10388 C: <-> \Device\Harddisk0\DR0\Partition2
18:44:05.0261 10388 ============================================================
18:44:05.0261 10388 Initialize success
18:44:05.0261 10388 ============================================================
18:44:39.0251 10808 ============================================================
18:44:39.0251 10808 Scan started
18:44:39.0251 10808 Mode: Manual; SigCheck; TDLFS;
18:44:39.0252 10808 ============================================================
18:44:39.0394 10808 ================ Scan system memory ========================
18:44:39.0394 10808 System memory - ok
18:44:39.0394 10808 ================ Scan services =============================
18:44:39.0502 10808 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:44:39.0605 10808 1394ohci - ok
18:44:39.0637 10808 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:44:39.0652 10808 ACPI - ok
18:44:39.0665 10808 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:44:39.0720 10808 AcpiPmi - ok
18:44:39.0811 10808 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:44:39.0828 10808 AdobeARMservice - ok
18:44:39.0929 10808 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:44:39.0948 10808 AdobeFlashPlayerUpdateSvc - ok
18:44:39.0981 10808 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:44:40.0016 10808 adp94xx - ok
18:44:40.0021 10808 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:44:40.0041 10808 adpahci - ok
18:44:40.0056 10808 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:44:40.0071 10808 adpu320 - ok
18:44:40.0086 10808 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:44:40.0178 10808 AeLookupSvc - ok
18:44:40.0225 10808 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:44:40.0241 10808 AERTFilters - ok
18:44:40.0274 10808 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:44:40.0335 10808 AFD - ok
18:44:40.0348 10808 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:44:40.0371 10808 agp440 - ok
18:44:40.0387 10808 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:44:40.0440 10808 ALG - ok
18:44:40.0444 10808 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:44:40.0464 10808 aliide - ok
18:44:40.0475 10808 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:44:40.0487 10808 amdide - ok
18:44:40.0501 10808 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:44:40.0538 10808 AmdK8 - ok
18:44:40.0558 10808 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:44:40.0596 10808 AmdPPM - ok
18:44:40.0623 10808 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:44:40.0647 10808 amdsata - ok
18:44:40.0663 10808 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:44:40.0688 10808 amdsbs - ok
18:44:40.0698 10808 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:44:40.0718 10808 amdxata - ok
18:44:40.0752 10808 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
18:44:40.0804 10808 AMPPAL - ok
18:44:40.0811 10808 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
18:44:40.0828 10808 AMPPALP - ok
18:44:40.0895 10808 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 c:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:44:40.0937 10808 AMPPALR3 - ok
18:44:40.0992 10808 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
18:44:41.0015 10808 AntiVirMailService - ok
18:44:41.0054 10808 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:44:41.0069 10808 AntiVirSchedulerService - ok
18:44:41.0084 10808 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:44:41.0098 10808 AntiVirService - ok
18:44:41.0119 10808 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
18:44:41.0132 10808 AntiVirWebService - ok
18:44:41.0143 10808 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:44:41.0250 10808 AppID - ok
18:44:41.0279 10808 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:44:41.0346 10808 AppIDSvc - ok
18:44:41.0369 10808 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:44:41.0412 10808 Appinfo - ok
18:44:41.0479 10808 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:44:41.0496 10808 Apple Mobile Device - ok
18:44:41.0507 10808 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:44:41.0531 10808 arc - ok
18:44:41.0536 10808 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:44:41.0554 10808 arcsas - ok
18:44:41.0649 10808 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:44:41.0671 10808 aspnet_state - ok
18:44:41.0689 10808 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:44:41.0727 10808 AsyncMac - ok
18:44:41.0759 10808 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:44:41.0781 10808 atapi - ok
18:44:41.0805 10808 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:44:41.0856 10808 AudioEndpointBuilder - ok
18:44:41.0865 10808 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:44:41.0900 10808 AudioSrv - ok
18:44:41.0953 10808 [ 1D56DCD05784B1F1D9C6E2F529043279 ] AVer7231_x64 C:\Windows\system32\DRIVERS\AVer7231_x64.sys
18:44:42.0036 10808 AVer7231_x64 - ok
18:44:42.0057 10808 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:44:42.0078 10808 avgntflt - ok
18:44:42.0101 10808 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:44:42.0119 10808 avipbb - ok
18:44:42.0128 10808 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:44:42.0143 10808 avkmgr - ok
18:44:42.0154 10808 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:44:42.0191 10808 AxInstSV - ok
18:44:42.0209 10808 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:44:42.0252 10808 b06bdrv - ok
18:44:42.0282 10808 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:44:42.0317 10808 b57nd60a - ok
18:44:42.0335 10808 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:44:42.0383 10808 BDESVC - ok
18:44:42.0390 10808 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:44:42.0446 10808 Beep - ok
18:44:42.0481 10808 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:44:42.0544 10808 BFE - ok
18:44:42.0579 10808 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:44:42.0631 10808 BITS - ok
18:44:42.0653 10808 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:44:42.0676 10808 blbdrive - ok
18:44:42.0751 10808 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor c:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:44:42.0779 10808 Bluetooth Device Monitor - ok
18:44:42.0807 10808 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service c:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:44:42.0830 10808 Bluetooth Media Service - ok
18:44:42.0859 10808 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service c:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:44:42.0878 10808 Bluetooth OBEX Service - ok
18:44:42.0901 10808 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:44:42.0914 10808 Bonjour Service - ok
18:44:42.0929 10808 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:44:42.0974 10808 bowser - ok
18:44:42.0999 10808 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:44:43.0032 10808 BrFiltLo - ok
18:44:43.0036 10808 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:44:43.0055 10808 BrFiltUp - ok
18:44:43.0098 10808 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:44:43.0121 10808 Browser - ok
18:44:43.0139 10808 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:44:43.0205 10808 Brserid - ok
18:44:43.0210 10808 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:44:43.0238 10808 BrSerWdm - ok
18:44:43.0241 10808 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:44:43.0263 10808 BrUsbMdm - ok
18:44:43.0266 10808 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:44:43.0283 10808 BrUsbSer - ok
18:44:43.0330 10808 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:44:43.0388 10808 BthEnum - ok
18:44:43.0392 10808 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:44:43.0415 10808 BTHMODEM - ok
18:44:43.0428 10808 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:44:43.0451 10808 BthPan - ok
18:44:43.0483 10808 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:44:43.0521 10808 BTHPORT - ok
18:44:43.0563 10808 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:44:43.0602 10808 bthserv - ok
18:44:43.0612 10808 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr c:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:44:43.0622 10808 BTHSSecurityMgr - ok
18:44:43.0629 10808 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:44:43.0646 10808 BTHUSB - ok
18:44:43.0660 10808 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
18:44:43.0686 10808 btmaux - ok
18:44:43.0708 10808 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
18:44:43.0756 10808 btmhsf - ok
18:44:43.0785 10808 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:44:43.0840 10808 cdfs - ok
18:44:43.0866 10808 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:44:43.0884 10808 cdrom - ok
18:44:43.0899 10808 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:44:43.0953 10808 CertPropSvc - ok
18:44:43.0976 10808 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:44:44.0003 10808 circlass - ok
18:44:44.0036 10808 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:44:44.0061 10808 CLFS - ok
18:44:44.0112 10808 [ 730BF325E4CC1E3935B81943AC6DA216 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
18:44:44.0173 10808 CLKMSVC10_9EC60124 - ok
18:44:44.0209 10808 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:44.0230 10808 clr_optimization_v2.0.50727_32 - ok
18:44:44.0261 10808 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:44:44.0283 10808 clr_optimization_v2.0.50727_64 - ok
18:44:44.0342 10808 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:44:44.0359 10808 clr_optimization_v4.0.30319_32 - ok
18:44:44.0367 10808 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:44:44.0384 10808 clr_optimization_v4.0.30319_64 - ok
18:44:44.0395 10808 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:44:44.0415 10808 CmBatt - ok
18:44:44.0418 10808 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:44:44.0430 10808 cmdide - ok
18:44:44.0472 10808 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:44:44.0515 10808 CNG - ok
18:44:44.0523 10808 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:44:44.0536 10808 Compbatt - ok
18:44:44.0553 10808 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:44:44.0581 10808 CompositeBus - ok
18:44:44.0587 10808 COMSysApp - ok
18:44:44.0594 10808 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:44:44.0608 10808 crcdisk - ok
18:44:44.0639 10808 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:44:44.0670 10808 CryptSvc - ok
18:44:44.0693 10808 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:44:44.0740 10808 CtClsFlt - ok
18:44:44.0797 10808 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:44:44.0824 10808 cvhsvc - ok
18:44:44.0858 10808 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:44:44.0914 10808 DcomLaunch - ok
18:44:44.0941 10808 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:44:44.0981 10808 defragsvc - ok
18:44:45.0022 10808 [ BC37CF3B9154AFA6A269CA6FB1931C0F ] Dell WMI Service C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
18:44:45.0038 10808 Dell WMI Service ( UnsignedFile.Multi.Generic ) - warning
18:44:45.0038 10808 Dell WMI Service - detected UnsignedFile.Multi.Generic (1)
18:44:45.0057 10808 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:44:45.0120 10808 DfsC - ok
18:44:45.0142 10808 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:44:45.0200 10808 Dhcp - ok
18:44:45.0218 10808 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:44:45.0272 10808 discache - ok
18:44:45.0303 10808 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:44:45.0325 10808 Disk - ok
18:44:45.0344 10808 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:44:45.0388 10808 Dnscache - ok
18:44:45.0399 10808 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:44:45.0450 10808 dot3svc - ok
18:44:45.0464 10808 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:44:45.0500 10808 DPS - ok
18:44:45.0522 10808 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:44:45.0551 10808 drmkaud - ok
18:44:45.0575 10808 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:44:45.0617 10808 DXGKrnl - ok
18:44:45.0630 10808 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:44:45.0671 10808 EapHost - ok
18:44:45.0717 10808 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:44:45.0799 10808 ebdrv - ok
18:44:45.0824 10808 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:44:45.0846 10808 EFS - ok
18:44:45.0921 10808 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:44:45.0983 10808 ehRecvr - ok
18:44:45.0989 10808 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:44:46.0027 10808 ehSched - ok
18:44:46.0049 10808 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:44:46.0080 10808 elxstor - ok
18:44:46.0102 10808 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:44:46.0120 10808 ErrDev - ok
18:44:46.0151 10808 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:44:46.0220 10808 EventSystem - ok
18:44:46.0292 10808 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:44:46.0330 10808 EvtEng - ok
18:44:46.0346 10808 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:44:46.0381 10808 exfat - ok
18:44:46.0406 10808 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
18:44:46.0421 10808 FACAP - ok
18:44:46.0482 10808 [ 69CE05BE48CD9FB80B108BE872BE3A74 ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
18:44:46.0535 10808 FAService ( UnsignedFile.Multi.Generic ) - warning
18:44:46.0535 10808 FAService - detected UnsignedFile.Multi.Generic (1)
18:44:46.0547 10808 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:44:46.0590 10808 fastfat - ok
18:44:46.0623 10808 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:44:46.0662 10808 Fax - ok
18:44:46.0675 10808 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:44:46.0708 10808 fdc - ok
18:44:46.0726 10808 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:44:46.0771 10808 fdPHost - ok
18:44:46.0781 10808 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:44:46.0834 10808 FDResPub - ok
18:44:46.0846 10808 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:44:46.0860 10808 FileInfo - ok
18:44:46.0871 10808 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:44:46.0924 10808 Filetrace - ok
18:44:46.0935 10808 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:44:46.0950 10808 flpydisk - ok
18:44:46.0969 10808 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:44:46.0998 10808 FltMgr - ok
18:44:47.0044 10808 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:44:47.0089 10808 FontCache - ok
18:44:47.0117 10808 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:44:47.0133 10808 FontCache3.0.0.0 - ok
18:44:47.0143 10808 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:44:47.0165 10808 FsDepends - ok
18:44:47.0189 10808 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:44:47.0208 10808 Fs_Rec - ok
18:44:47.0218 10808 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:44:47.0239 10808 fvevol - ok
18:44:47.0248 10808 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:44:47.0264 10808 gagp30kx - ok
18:44:47.0316 10808 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:44:47.0340 10808 GamesAppService - ok
18:44:47.0368 10808 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:44:47.0386 10808 GEARAspiWDM - ok
18:44:47.0425 10808 Giraffic - ok
18:44:47.0472 10808 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:44:47.0525 10808 gpsvc - ok
18:44:47.0535 10808 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:44:47.0572 10808 hcw85cir - ok
18:44:47.0594 10808 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:44:47.0625 10808 HDAudBus - ok
18:44:47.0637 10808 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:44:47.0664 10808 HidBatt - ok
18:44:47.0671 10808 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:44:47.0691 10808 HidBth - ok
18:44:47.0705 10808 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:44:47.0722 10808 HidIr - ok
18:44:47.0734 10808 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:44:47.0768 10808 hidserv - ok
18:44:47.0788 10808 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:44:47.0803 10808 HidUsb - ok
18:44:47.0812 10808 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:44:47.0860 10808 hkmsvc - ok
18:44:47.0879 10808 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:44:47.0898 10808 HomeGroupListener - ok
18:44:47.0922 10808 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:44:47.0956 10808 HomeGroupProvider - ok
18:44:47.0977 10808 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:44:48.0001 10808 HpSAMD - ok
18:44:48.0019 10808 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:44:48.0085 10808 HTTP - ok
18:44:48.0104 10808 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:44:48.0116 10808 hwpolicy - ok
18:44:48.0126 10808 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:44:48.0144 10808 i8042prt - ok
18:44:48.0170 10808 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
18:44:48.0183 10808 iaStor - ok
18:44:48.0207 10808 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:44:48.0237 10808 iaStorV - ok
18:44:48.0256 10808 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
18:44:48.0288 10808 iBtFltCoex - ok
18:44:48.0332 10808 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:44:48.0374 10808 idsvc - ok
18:44:48.0558 10808 [ 58E04D9412F8668863A391232035CBE8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:44:48.0862 10808 igfx - ok
18:44:48.0873 10808 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:44:48.0887 10808 iirsp - ok
18:44:48.0916 10808 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:44:48.0969 10808 IKEEXT - ok
18:44:48.0984 10808 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
18:44:49.0017 10808 Impcd - ok
18:44:49.0047 10808 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
18:44:49.0068 10808 intaud_WaveExtensible - ok
18:44:49.0118 10808 [ 230836EEFCE6D6DE9947384FC5B3FAC0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:44:49.0165 10808 IntcAzAudAddService - ok
18:44:49.0176 10808 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:44:49.0189 10808 intelide - ok
18:44:49.0218 10808 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:44:49.0246 10808 intelppm - ok
18:44:49.0277 10808 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:44:49.0329 10808 IPBusEnum - ok
18:44:49.0343 10808 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:44:49.0380 10808 IpFilterDriver - ok
18:44:49.0416 10808 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:44:49.0457 10808 iphlpsvc - ok
18:44:49.0462 10808 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:44:49.0489 10808 IPMIDRV - ok
18:44:49.0504 10808 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:44:49.0561 10808 IPNAT - ok
18:44:49.0604 10808 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:44:49.0630 10808 iPod Service - ok
18:44:49.0643 10808 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:44:49.0677 10808 IRENUM - ok
18:44:49.0680 10808 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:44:49.0693 10808 isapnp - ok
18:44:49.0719 10808 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:44:49.0739 10808 iScsiPrt - ok
18:44:49.0757 10808 [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
18:44:49.0769 10808 itecir - ok
18:44:49.0783 10808 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
18:44:49.0796 10808 iwdbus - ok
18:44:49.0814 10808 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:44:49.0828 10808 kbdclass - ok
18:44:49.0845 10808 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:44:49.0868 10808 kbdhid - ok
18:44:49.0896 10808 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:44:49.0916 10808 KeyIso - ok
18:44:49.0932 10808 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:44:49.0947 10808 KSecDD - ok
18:44:49.0959 10808 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:44:49.0976 10808 KSecPkg - ok
18:44:49.0985 10808 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:44:50.0022 10808 ksthunk - ok
18:44:50.0043 10808 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:44:50.0090 10808 KtmRm - ok
18:44:50.0125 10808 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:44:50.0189 10808 LanmanServer - ok
18:44:50.0196 10808 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:44:50.0248 10808 LanmanWorkstation - ok
18:44:50.0278 10808 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:44:50.0318 10808 lltdio - ok
18:44:50.0344 10808 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:44:50.0393 10808 lltdsvc - ok
18:44:50.0406 10808 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:44:50.0440 10808 lmhosts - ok
18:44:50.0464 10808 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:44:50.0476 10808 LMS - ok
18:44:50.0499 10808 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:44:50.0520 10808 LSI_FC - ok
18:44:50.0523 10808 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:44:50.0539 10808 LSI_SAS - ok
18:44:50.0543 10808 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:44:50.0557 10808 LSI_SAS2 - ok
18:44:50.0561 10808 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:44:50.0576 10808 LSI_SCSI - ok
18:44:50.0590 10808 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:44:50.0633 10808 luafv - ok
18:44:50.0752 10808 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
18:44:50.0783 10808 McComponentHostService - ok
18:44:50.0807 10808 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:44:50.0832 10808 Mcx2Svc - ok
18:44:50.0836 10808 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:44:50.0853 10808 megasas - ok
18:44:50.0858 10808 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:44:50.0877 10808 MegaSR - ok
18:44:50.0914 10808 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:44:50.0933 10808 MEIx64 - ok
18:44:50.0985 10808 Microsoft SharePoint Workspace Audit Service - ok
18:44:51.0011 10808 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:44:51.0066 10808 MMCSS - ok
18:44:51.0069 10808 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:44:51.0108 10808 Modem - ok
18:44:51.0121 10808 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:44:51.0135 10808 monitor - ok
18:44:51.0147 10808 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:44:51.0161 10808 mouclass - ok
18:44:51.0187 10808 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:44:51.0209 10808 mouhid - ok
18:44:51.0226 10808 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:44:51.0240 10808 mountmgr - ok
18:44:51.0244 10808 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:44:51.0262 10808 mpio - ok
18:44:51.0269 10808 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:44:51.0303 10808 mpsdrv - ok
18:44:51.0324 10808 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:44:51.0373 10808 MpsSvc - ok
18:44:51.0378 10808 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:44:51.0402 10808 MRxDAV - ok
18:44:51.0422 10808 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:44:51.0449 10808 mrxsmb - ok
18:44:51.0477 10808 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:44:51.0514 10808 mrxsmb10 - ok
18:44:51.0524 10808 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:44:51.0545 10808 mrxsmb20 - ok
18:44:51.0558 10808 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:44:51.0573 10808 msahci - ok
18:44:51.0586 10808 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:44:51.0603 10808 msdsm - ok
18:44:51.0614 10808 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:44:51.0640 10808 MSDTC - ok
18:44:51.0654 10808 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:44:51.0710 10808 Msfs - ok
18:44:51.0724 10808 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:44:51.0778 10808 mshidkmdf - ok
18:44:51.0789 10808 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:44:51.0801 10808 msisadrv - ok
18:44:51.0819 10808 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:44:51.0876 10808 MSiSCSI - ok
18:44:51.0880 10808 msiserver - ok
18:44:51.0894 10808 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:44:51.0940 10808 MSKSSRV - ok
18:44:51.0948 10808 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:44:51.0989 10808 MSPCLOCK - ok
18:44:52.0011 10808 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:44:52.0044 10808 MSPQM - ok
18:44:52.0053 10808 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:44:52.0074 10808 MsRPC - ok
18:44:52.0086 10808 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:44:52.0097 10808 mssmbios - ok
18:44:52.0104 10808 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:44:52.0140 10808 MSTEE - ok
18:44:52.0159 10808 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:44:52.0174 10808 MTConfig - ok
18:44:52.0187 10808 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:44:52.0201 10808 Mup - ok
18:44:52.0224 10808 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:44:52.0246 10808 MyWiFiDHCPDNS - ok
18:44:52.0267 10808 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:44:52.0302 10808 napagent - ok
18:44:52.0321 10808 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:44:52.0348 10808 NativeWifiP - ok
18:44:52.0423 10808 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
18:44:52.0440 10808 NAUpdate - ok
18:44:52.0468 10808 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:44:52.0492 10808 NDIS - ok
18:44:52.0504 10808 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:44:52.0544 10808 NdisCap - ok
18:44:52.0558 10808 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:44:52.0590 10808 NdisTapi - ok
18:44:52.0622 10808 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:44:52.0654 10808 Ndisuio - ok
18:44:52.0703 10808 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:44:52.0770 10808 NdisWan - ok
18:44:52.0786 10808 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:44:52.0820 10808 NDProxy - ok
18:44:52.0830 10808 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:44:52.0877 10808 NetBIOS - ok
18:44:52.0889 10808 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:44:52.0926 10808 NetBT - ok
18:44:52.0934 10808 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:44:52.0948 10808 Netlogon - ok
18:44:52.0985 10808 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:44:53.0033 10808 Netman - ok
18:44:53.0051 10808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:53.0071 10808 NetMsmqActivator - ok
18:44:53.0075 10808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:53.0086 10808 NetPipeActivator - ok
18:44:53.0105 10808 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:44:53.0147 10808 netprofm - ok
18:44:53.0150 10808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:53.0161 10808 NetTcpActivator - ok
18:44:53.0164 10808 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:53.0175 10808 NetTcpPortSharing - ok
18:44:53.0316 10808 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
18:44:53.0514 10808 NETwNs64 - ok
18:44:53.0535 10808 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:44:53.0551 10808 nfrd960 - ok
18:44:53.0588 10808 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:44:53.0613 10808 NlaSvc - ok
18:44:53.0681 10808 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
18:44:53.0736 10808 NOBU - ok
18:44:53.0765 10808 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:44:53.0800 10808 Npfs - ok
18:44:53.0812 10808 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:44:53.0843 10808 nsi - ok
18:44:53.0854 10808 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:44:53.0894 10808 nsiproxy - ok
18:44:53.0944 10808 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:44:54.0033 10808 Ntfs - ok
18:44:54.0040 10808 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:44:54.0078 10808 Null - ok
18:44:54.0272 10808 [ 75E1C886976F75D2280BF918C0A5FED1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:44:54.0447 10808 nvlddmkm - ok
18:44:54.0480 10808 [ 0E2F2E6CB74D9E6016FE081B78C3B360 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
18:44:54.0498 10808 nvpciflt - ok
18:44:54.0522 10808 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:44:54.0546 10808 nvraid - ok
18:44:54.0555 10808 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:44:54.0573 10808 nvstor - ok
18:44:54.0602 10808 [ 44B39A37D7C384C9E529A37EADBFEAD8 ] NVSvc C:\Windows\system32\nvvsvc.exe
18:44:54.0622 10808 NVSvc - ok
18:44:54.0678 10808 [ D97CEF25C45BDD7E28D498D49626DA35 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:44:54.0734 10808 nvUpdatusService - ok
18:44:54.0778 10808 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:44:54.0804 10808 nv_agp - ok
18:44:54.0813 10808 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:44:54.0842 10808 ohci1394 - ok
18:44:54.0872 10808 [ FBE1D971EB64ABF4CE37B519307C94F1 ] OSDSvc C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
18:44:54.0884 10808 OSDSvc ( UnsignedFile.Multi.Generic ) - warning
18:44:54.0884 10808 OSDSvc - detected UnsignedFile.Multi.Generic (1)
18:44:54.0919 10808 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:44:54.0936 10808 ose - ok
18:44:55.0038 10808 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:44:55.0155 10808 osppsvc - ok
18:44:55.0184 10808 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:44:55.0233 10808 p2pimsvc - ok
18:44:55.0255 10808 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:44:55.0286 10808 p2psvc - ok
18:44:55.0301 10808 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:44:55.0327 10808 Parport - ok
18:44:55.0351 10808 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:44:55.0376 10808 partmgr - ok
18:44:55.0385 10808 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:44:55.0427 10808 PcaSvc - ok
18:44:55.0444 10808 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:44:55.0464 10808 pci - ok
18:44:55.0482 10808 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:44:55.0497 10808 pciide - ok
18:44:55.0509 10808 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:44:55.0530 10808 pcmcia - ok
18:44:55.0543 10808 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:44:55.0558 10808 pcw - ok
18:44:55.0575 10808 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:44:55.0626 10808 PEAUTH - ok
18:44:55.0678 10808 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:44:55.0706 10808 PerfHost - ok
18:44:55.0742 10808 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:44:55.0829 10808 pla - ok
18:44:55.0893 10808 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:44:55.0945 10808 PlugPlay - ok
18:44:55.0952 10808 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:44:55.0980 10808 PNRPAutoReg - ok
18:44:55.0991 10808 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:44:56.0007 10808 PNRPsvc - ok
18:44:56.0023 10808 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:44:56.0076 10808 PolicyAgent - ok
18:44:56.0103 10808 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:44:56.0145 10808 Power - ok
18:44:56.0158 10808 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:44:56.0200 10808 PptpMiniport - ok
18:44:56.0215 10808 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:44:56.0239 10808 Processor - ok
18:44:56.0259 10808 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:44:56.0297 10808 ProfSvc - ok
18:44:56.0306 10808 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:44:56.0326 10808 ProtectedStorage - ok
18:44:56.0346 10808 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:44:56.0385 10808 Psched - ok
18:44:56.0400 10808 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:44:56.0413 10808 PxHlpa64 - ok
18:44:56.0453 10808 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:44:56.0543 10808 ql2300 - ok
18:44:56.0548 10808 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:44:56.0565 10808 ql40xx - ok
18:44:56.0619 10808 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:44:56.0659 10808 QWAVE - ok
18:44:56.0668 10808 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:44:56.0688 10808 QWAVEdrv - ok
18:44:56.0691 10808 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:44:56.0728 10808 RasAcd - ok
18:44:56.0762 10808 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:44:56.0817 10808 RasAgileVpn - ok
18:44:56.0827 10808 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:44:56.0863 10808 RasAuto - ok
18:44:56.0876 10808 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:44:56.0917 10808 Rasl2tp - ok
18:44:56.0945 10808 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:44:56.0986 10808 RasMan - ok
18:44:56.0994 10808 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:44:57.0035 10808 RasPppoe - ok
18:44:57.0051 10808 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:44:57.0088 10808 RasSstp - ok
18:44:57.0104 10808 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:44:57.0149 10808 rdbss - ok
18:44:57.0160 10808 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:44:57.0178 10808 rdpbus - ok
18:44:57.0191 10808 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:44:57.0224 10808 RDPCDD - ok
18:44:57.0244 10808 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:44:57.0282 10808 RDPENCDD - ok
18:44:57.0295 10808 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:44:57.0327 10808 RDPREFMP - ok
18:44:57.0360 10808 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:44:57.0407 10808 RDPWD - ok
18:44:57.0428 10808 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:44:57.0446 10808 rdyboost - ok
18:44:57.0502 10808 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:44:57.0533 10808 RegSrvc - ok
18:44:57.0546 10808 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:44:57.0583 10808 RemoteAccess - ok
18:44:57.0591 10808 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:44:57.0635 10808 RemoteRegistry - ok
18:44:57.0655 10808 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:44:57.0697 10808 RFCOMM - ok
18:44:57.0761 10808 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
18:44:57.0816 10808 RoxMediaDB12OEM - ok
18:44:57.0839 10808 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
18:44:57.0850 10808 RoxWatch12 - ok
18:44:57.0862 10808 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:44:57.0915 10808 RpcEptMapper - ok
18:44:57.0955 10808 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:44:57.0981 10808 RpcLocator - ok
18:44:57.0995 10808 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:44:58.0030 10808 RpcSs - ok
18:44:58.0055 10808 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:44:58.0090 10808 rspndr - ok
18:44:58.0115 10808 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
18:44:58.0131 10808 RSUSBVSTOR - ok
18:44:58.0154 10808 [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:44:58.0175 10808 RTL8167 - ok
18:44:58.0187 10808 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:44:58.0207 10808 SamSs - ok
18:44:58.0218 10808 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:44:58.0236 10808 sbp2port - ok
18:44:58.0250 10808 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:44:58.0299 10808 SCardSvr - ok
18:44:58.0314 10808 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:44:58.0364 10808 scfilter - ok
18:44:58.0392 10808 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:44:58.0455 10808 Schedule - ok
18:44:58.0468 10808 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:44:58.0499 10808 SCPolicySvc - ok
18:44:58.0506 10808 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:44:58.0545 10808 SDRSVC - ok
18:44:58.0558 10808 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:44:58.0601 10808 secdrv - ok
18:44:58.0622 10808 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:44:58.0655 10808 seclogon - ok
18:44:58.0673 10808 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:44:58.0718 10808 SENS - ok
18:44:58.0751 10808 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:44:58.0799 10808 SensrSvc - ok
18:44:58.0821 10808 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:44:58.0851 10808 Serenum - ok
18:44:58.0863 10808 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:44:58.0880 10808 Serial - ok
18:44:58.0897 10808 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:44:58.0927 10808 sermouse - ok
18:44:58.0949 10808 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:44:59.0006 10808 SessionEnv - ok
18:44:59.0009 10808 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:44:59.0025 10808 sffdisk - ok
18:44:59.0032 10808 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:44:59.0050 10808 sffp_mmc - ok
18:44:59.0053 10808 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:44:59.0077 10808 sffp_sd - ok
18:44:59.0079 10808 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:44:59.0095 10808 sfloppy - ok
18:44:59.0131 10808 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:44:59.0161 10808 Sftfs - ok
18:44:59.0210 10808 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:44:59.0235 10808 sftlist - ok
18:44:59.0249 10808 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:44:59.0265 10808 Sftplay - ok
18:44:59.0284 10808 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:44:59.0296 10808 Sftredir - ok
18:44:59.0348 10808 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
18:44:59.0403 10808 SftService - ok
18:44:59.0425 10808 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:44:59.0436 10808 Sftvol - ok
18:44:59.0450 10808 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:44:59.0461 10808 sftvsa - ok
18:44:59.0480 10808 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:44:59.0521 10808 SharedAccess - ok
18:44:59.0533 10808 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:44:59.0571 10808 ShellHWDetection - ok
18:44:59.0583 10808 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:44:59.0598 10808 SiSRaid2 - ok
18:44:59.0609 10808 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:44:59.0625 10808 SiSRaid4 - ok
18:44:59.0645 10808 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:44:59.0692 10808 SkypeUpdate - ok
18:44:59.0710 10808 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:44:59.0766 10808 Smb - ok
18:44:59.0799 10808 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:44:59.0833 10808 SNMPTRAP - ok
18:44:59.0854 10808 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
18:44:59.0874 10808 speedfan - ok
18:44:59.0887 10808 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:44:59.0906 10808 spldr - ok
18:44:59.0941 10808 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:44:59.0970 10808 Spooler - ok
18:45:00.0020 10808 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:45:00.0124 10808 sppsvc - ok
18:45:00.0156 10808 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:45:00.0191 10808 sppuinotify - ok
18:45:00.0231 10808 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\Windows\system32\DRIVERS\stflt.sys
18:45:00.0250 10808 sp_rsdrv2 - ok
18:45:00.0276 10808 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:45:00.0325 10808 srv - ok
18:45:00.0342 10808 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:45:00.0386 10808 srv2 - ok
18:45:00.0405 10808 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:45:00.0431 10808 srvnet - ok
18:45:00.0445 10808 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:45:00.0477 10808 SSDPSRV - ok
18:45:00.0485 10808 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:45:00.0521 10808 SstpSvc - ok
18:45:00.0607 10808 [ E5DFC647D0BE43F841ED6390D6F113FA ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
18:45:00.0635 10808 ST2012_Svc - ok
18:45:00.0659 10808 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:45:00.0672 10808 stexstor - ok
18:45:00.0697 10808 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:45:00.0740 10808 stisvc - ok
18:45:00.0772 10808 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:45:00.0795 10808 stllssvr - ok
18:45:00.0818 10808 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:45:00.0838 10808 swenum - ok
18:45:00.0853 10808 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:45:00.0907 10808 swprv - ok
18:45:00.0951 10808 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:45:01.0005 10808 SysMain - ok
18:45:01.0023 10808 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:45:01.0050 10808 TabletInputService - ok
18:45:01.0068 10808 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:45:01.0111 10808 TapiSrv - ok
18:45:01.0130 10808 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:45:01.0161 10808 TBS - ok
18:45:01.0219 10808 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:45:01.0292 10808 Tcpip - ok
18:45:01.0338 10808 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:45:01.0369 10808 TCPIP6 - ok
18:45:01.0398 10808 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:45:01.0420 10808 tcpipreg - ok
18:45:01.0433 10808 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:45:01.0459 10808 TDPIPE - ok
18:45:01.0491 10808 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:45:01.0519 10808 TDTCP - ok
18:45:01.0533 10808 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:45:01.0566 10808 tdx - ok
18:45:01.0583 10808 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:45:01.0597 10808 TermDD - ok
18:45:01.0613 10808 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:45:01.0680 10808 TermService - ok
18:45:01.0703 10808 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:45:01.0755 10808 Themes - ok
18:45:01.0809 10808 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:45:01.0858 10808 THREADORDER - ok
18:45:01.0866 10808 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:45:01.0927 10808 TrkWks - ok
18:45:01.0961 10808 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:45:01.0992 10808 TrustedInstaller - ok
18:45:01.0999 10808 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:45:02.0031 10808 tssecsrv - ok
18:45:02.0049 10808 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:45:02.0078 10808 TsUsbFlt - ok
18:45:02.0082 10808 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:45:02.0113 10808 TsUsbGD - ok
18:45:02.0145 10808 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:45:02.0201 10808 tunnel - ok
18:45:02.0211 10808 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:45:02.0226 10808 uagp35 - ok
18:45:02.0239 10808 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:45:02.0285 10808 udfs - ok
18:45:02.0308 10808 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:45:02.0334 10808 UI0Detect - ok
18:45:02.0350 10808 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:45:02.0365 10808 uliagpkx - ok
18:45:02.0389 10808 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:45:02.0419 10808 umbus - ok
18:45:02.0429 10808 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:45:02.0448 10808 UmPass - ok
18:45:02.0542 10808 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:45:02.0601 10808 UNS - ok
18:45:02.0624 10808 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:45:02.0668 10808 upnphost - ok
18:45:02.0720 10808 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:45:02.0753 10808 USBAAPL64 - ok
18:45:02.0771 10808 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:45:02.0822 10808 usbccgp - ok
18:45:02.0868 10808 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:45:02.0901 10808 usbcir - ok
18:45:02.0914 10808 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:45:02.0943 10808 usbehci - ok
18:45:02.0970 10808 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:45:02.0999 10808 usbhub - ok
18:45:03.0014 10808 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:45:03.0029 10808 usbohci - ok
18:45:03.0053 10808 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:45:03.0089 10808 usbprint - ok
18:45:03.0103 10808 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:45:03.0145 10808 USBSTOR - ok
18:45:03.0159 10808 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:45:03.0190 10808 usbuhci - ok
18:45:03.0209 10808 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:45:03.0240 10808 usbvideo - ok
18:45:03.0259 10808 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:45:03.0303 10808 UxSms - ok
18:45:03.0315 10808 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:45:03.0328 10808 VaultSvc - ok
18:45:03.0338 10808 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:45:03.0351 10808 vdrvroot - ok
18:45:03.0366 10808 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:45:03.0414 10808 vds - ok
18:45:03.0424 10808 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:45:03.0442 10808 vga - ok
18:45:03.0455 10808 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:45:03.0509 10808 VgaSave - ok
18:45:03.0525 10808 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:45:03.0543 10808 vhdmp - ok
18:45:03.0562 10808 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:45:03.0575 10808 viaide - ok
18:45:03.0585 10808 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:45:03.0599 10808 volmgr - ok
18:45:03.0617 10808 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:45:03.0637 10808 volmgrx - ok
18:45:03.0652 10808 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:45:03.0672 10808 volsnap - ok
18:45:03.0685 10808 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:45:03.0702 10808 vsmraid - ok
18:45:03.0730 10808 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:45:03.0792 10808 VSS - ok
18:45:03.0810 10808 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:45:03.0838 10808 vwifibus - ok
18:45:03.0858 10808 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:45:03.0879 10808 vwififlt - ok
18:45:03.0911 10808 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:45:03.0944 10808 vwifimp - ok
18:45:03.0966 10808 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:45:04.0005 10808 W32Time - ok
18:45:04.0016 10808 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:45:04.0038 10808 WacomPen - ok
18:45:04.0051 10808 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:45:04.0110 10808 WANARP - ok
18:45:04.0113 10808 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:45:04.0145 10808 Wanarpv6 - ok
18:45:04.0196 10808 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:45:04.0263 10808 WatAdminSvc - ok
18:45:04.0296 10808 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:45:04.0366 10808 wbengine - ok
18:45:04.0385 10808 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:45:04.0410 10808 WbioSrvc - ok
18:45:04.0436 10808 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:45:04.0480 10808 wcncsvc - ok
18:45:04.0510 10808 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:45:04.0553 10808 WcsPlugInService - ok
18:45:04.0567 10808 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:45:04.0584 10808 Wd - ok
18:45:04.0613 10808 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:45:04.0654 10808 Wdf01000 - ok
18:45:04.0666 10808 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:45:04.0755 10808 WdiServiceHost - ok
18:45:04.0760 10808 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:45:04.0778 10808 WdiSystemHost - ok
18:45:04.0807 10808 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:45:04.0840 10808 WebClient - ok
18:45:04.0857 10808 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:45:04.0901 10808 Wecsvc - ok
18:45:04.0925 10808 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:45:04.0984 10808 wercplsupport - ok
18:45:05.0008 10808 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:45:05.0040 10808 WerSvc - ok
18:45:05.0060 10808 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:45:05.0094 10808 WfpLwf - ok
18:45:05.0116 10808 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
18:45:05.0133 10808 WimFltr - ok
18:45:05.0143 10808 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:45:05.0158 10808 WIMMount - ok
18:45:05.0165 10808 WinDefend - ok
18:45:05.0170 10808 WinHttpAutoProxySvc - ok
18:45:05.0211 10808 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:45:05.0256 10808 Winmgmt - ok
18:45:05.0293 10808 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:45:05.0364 10808 WinRM - ok
18:45:05.0404 10808 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:45:05.0443 10808 WinUsb - ok
18:45:05.0472 10808 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:45:05.0507 10808 Wlansvc - ok
18:45:05.0550 10808 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:45:05.0572 10808 wlcrasvc - ok
18:45:05.0652 10808 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:45:05.0710 10808 wlidsvc - ok
18:45:05.0738 10808 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:45:05.0751 10808 WmiAcpi - ok
18:45:05.0769 10808 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:45:05.0799 10808 wmiApSrv - ok
18:45:05.0822 10808 WMPNetworkSvc - ok
18:45:05.0841 10808 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:45:05.0874 10808 WPCSvc - ok
18:45:05.0893 10808 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:45:05.0912 10808 WPDBusEnum - ok
18:45:05.0947 10808 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:45:05.0980 10808 ws2ifsl - ok
18:45:05.0989 10808 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:45:06.0018 10808 wscsvc - ok
18:45:06.0021 10808 WSearch - ok
18:45:06.0092 10808 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:45:06.0166 10808 wuauserv - ok
18:45:06.0194 10808 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:45:06.0225 10808 WudfPf - ok
18:45:06.0258 10808 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:45:06.0292 10808 WUDFRd - ok
18:45:06.0319 10808 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:45:06.0351 10808 wudfsvc - ok
18:45:06.0372 10808 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:45:06.0415 10808 WwanSvc - ok
18:45:06.0424 10808 ================ Scan global ===============================
18:45:06.0434 10808 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:45:06.0461 10808 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:45:06.0472 10808 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:45:06.0490 10808 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:45:06.0504 10808 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:45:06.0509 10808 [Global] - ok
18:45:06.0509 10808 ================ Scan MBR ==================================
18:45:06.0520 10808 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:45:06.0727 10808 \Device\Harddisk0\DR0 - ok
18:45:06.0728 10808 ================ Scan VBR ==================================
18:45:06.0731 10808 [ 4F5FA227BB217F135E37472D9A12EC8C ] \Device\Harddisk0\DR0\Partition1
18:45:06.0732 10808 \Device\Harddisk0\DR0\Partition1 - ok
18:45:06.0758 10808 [ C55E8D6B8C3C84B4141248311F9541D9 ] \Device\Harddisk0\DR0\Partition2
18:45:06.0759 10808 \Device\Harddisk0\DR0\Partition2 - ok
18:45:06.0760 10808 ============================================================
18:45:06.0760 10808 Scan finished
18:45:06.0760 10808 ============================================================
18:45:06.0776 10800 Detected object count: 3
18:45:06.0776 10800 Actual detected object count: 3
18:45:48.0478 10800 Dell WMI Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:45:48.0478 10800 Dell WMI Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:45:48.0479 10800 FAService ( UnsignedFile.Multi.Generic ) - skipped by user
18:45:48.0479 10800 FAService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:45:48.0480 10800 OSDSvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:45:48.0480 10800 OSDSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.03.2013, 20:08
| #8 |
| /// Malware-holic | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Passt. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2013, 20:42
| #9 |
| | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Ok. Scan mir Combofix ist abgeschlossen. Ich hoffe ich habe das jetzt richtig gemacht. Code:
ATTFilter ComboFix 13-03-05.01 - Ramona 05.03.2013 20:30:32.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.6049.3949 [GMT 1:00]
ausgeführt von:: c:\users\Ramona\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5b35a8f1-54bf-4743-8fd7-358ffc15372a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\63acf506-979e-4b72-a7ce-2af6dc2b98c4.dll
c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll
c:\programdata\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll
c:\programdata\Roaming
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\Lagoon.resources.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-05 bis 2013-03-05 ))))))))))))))))))))))))))))))
.
.
2013-03-05 19:36 . 2013-03-05 19:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-05 19:36 . 2013-03-05 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 17:26 . 2013-03-05 17:26 -------- d-----w- C:\_OTL
2013-03-05 13:10 . 2013-03-05 17:29 -------- d-----w- c:\programdata\Spyware Terminator
2013-03-05 13:10 . 2013-03-05 13:10 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-03-05 13:10 . 2013-03-05 13:10 -------- d-----w- c:\users\Ramona\AppData\Roaming\Spyware Terminator
2013-03-05 13:10 . 2013-03-05 13:11 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-03-05 12:41 . 2013-03-05 13:13 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CF6F838-CFE1-4DE8-A468-6546D33E8E8C}\offreg.dll
2013-03-05 12:35 . 2013-03-05 12:35 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-03-05 12:35 . 2013-03-05 12:35 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-03-05 09:02 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0CF6F838-CFE1-4DE8-A468-6546D33E8E8C}\mpengine.dll
2013-02-28 11:00 . 2013-03-01 11:23 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2013-02-28 11:00 . 2013-02-28 11:00 -------- d-----w- c:\programdata\McAfee Security Scan
2013-02-27 10:14 . 2013-02-27 10:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-27 10:14 . 2013-02-27 10:14 -------- d-----w- c:\program files\iTunes
2013-02-27 10:14 . 2013-02-27 10:14 -------- d-----w- c:\program files (x86)\iTunes
2013-02-27 10:14 . 2013-02-27 10:14 -------- d-----w- c:\program files\iPod
2013-02-21 11:21 . 2013-02-21 11:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-21 11:21 . 2013-02-21 11:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-18 13:52 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 13:52 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 13:49 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-18 13:49 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-18 13:49 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-18 13:49 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-18 13:49 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-18 13:49 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-18 13:49 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-18 13:49 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-18 13:49 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-18 13:49 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-18 13:49 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-18 13:49 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-18 09:13 . 2013-02-18 09:21 -------- d-----w- c:\users\Ramona\AppData\Roaming\Skype
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-05 10:37 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-05 10:34 . 2013-02-05 10:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-05 10:34 . 2013-02-05 10:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-05 10:34 . 2013-02-05 10:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-05 10:34 . 2013-02-05 10:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-05 10:34 . 2013-02-05 10:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-05 10:34 . 2013-02-05 10:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-05 10:34 . 2013-02-05 10:34 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-02-05 10:34 . 2013-02-05 10:34 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 11:00 . 2012-04-19 11:03 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 11:00 . 2011-10-05 00:43 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-21 11:21 . 2012-08-10 06:57 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-21 11:21 . 2011-10-05 00:55 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-18 13:56 . 2011-12-20 16:34 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-18 13:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2013-01-10 12:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-10 12:36 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-10 12:36 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-10 12:36 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 12:50 . 2012-12-13 12:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-13 12:50 . 2012-12-13 12:50 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-12-07 13:20 . 2013-01-10 08:08 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 08:08 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 08:08 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 08:08 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 08:08 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 08:08 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 08:08 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 08:08 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 08:08 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 08:08 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 08:08 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 08:08 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 08:08 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 08:08 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 08:08 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 08:08 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 08:08 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 08:08 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 08:08 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 08:08 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 08:08 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 08:08 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 08:08 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 08:08 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 08:08 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 08:08 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 08:08 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 08:08 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 08:08 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 08:08 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 08:08 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-10 08:08 55296 ----a-w- c:\windows\SysWow64\cero.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 281760 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-15 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DELLOSD"="c:\program files (x86)\DELL\DELLOSD\FastUserSwitching.exe" [2010-12-06 49152]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"StickyNotesWidget"="c:\program files (x86)\Dell Touch Software Suite\StickyNotes\notes_startup_widgets.exe" [2011-03-18 666344]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/10/04 20:09;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Dell WMI Service;Dell WMI Service;c:\program files (x86)\DELL\DELLOSD\DellOSDService.exe [2011-05-27 98304]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-16 311400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-03 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2010-12-01 176128]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2013-03-05 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2013-02-12 1149104]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-08-27 1800576]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-29 412776]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 48308095
*Deregistered* - 48308095
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 11:00]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814384172-3639678979-3229759531-1001Core.job
- c:\users\Ramona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 16:35]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1814384172-3639678979-3229759531-1001UA.job
- c:\users\Ramona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 16:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-01-28 14:49 342176 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-22 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-22 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-02-12 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-02-12 3674248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-05 20:38:06
ComboFix-quarantined-files.txt 2013-03-05 19:38
.
Vor Suchlauf: 14 Verzeichnis(se), 722.675.363.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 722.522.763.264 Bytes frei
.
- - End Of File - - 4CA3CB4DB1A68E5253ABF22C59CE4C7C
|
|
06.03.2013, 18:02
| #10 |
| /// Malware-holic | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.03.2013, 09:57
| #11 |
| | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Guten Morgen, Erst einmal möchte ich mich für meine stark verspätete Antwort entschuldigen. Ich war aus beruflichen Gründen länger nicht zu Hause und daher ist es mir erst heute möglich wieder zu antworten. Überraschenderweise ist bei dem Suchlauf nichts herausgekommen, also es wurden keine infizierten Objekte gefunden und es war nichts zum löschen. Hier das Log-file Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ramona :: RAMIÓNA-DELL [Administrator] Schutz: Aktiviert 11.03.2013 08:37:41 mbam-log-2013-03-11 (08-37-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 434466 Laufzeit: 1 Stunde(n), 13 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke und Liebe Grüße |
|
11.03.2013, 17:27
| #12 |
| /// Malware-holic | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) hi für ne entschuldigung besteht überhaupt kein Grund. wir schaun noch mal ein wenig weiter. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.03.2013, 18:46
| #13 |
| | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Hallo, ok  so, hab jetzt mir mal alles angesehen. Hab eh versucht auf dem PC wirklich nur sinnvollere Programme zu haben. Der Großteil war von DELL vorinstalliert. Hier meine Liste: Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 05.10.2011 2.6.0.19120 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 28.02.2013 6,00MB 11.6.602.171 notwendig Adobe Reader X (10.1.6) MUI Adobe Systems Incorporated 23.02.2013 479MB 10.1.6 notwendig Advanced Audio FX Engine Creative Technology Ltd 05.10.2011 1.12.05 notwendig ANNO 2070 Ubisoft 20.12.2011 1.0.0.0 notwendig Apple Application Support Apple Inc. 27.02.2013 62,7MB 2.3.3 notwendig Apple Mobile Device Support Apple Inc. 27.02.2013 25,2MB 6.1.0.13 notwendig Apple Software Update Apple Inc. 19.12.2011 2,38MB 2.1.3.127 notwendig Avira Antivirus Premium 2012 Avira 20.11.2012 102MB 12.1.9.1255 notwendig Bing Maps 3D Microsoft Corporation 04.10.2011 19,8MB 4.0.903.16005 notwendig Blio K-NFB Reading Technology, Inc. 04.10.2011 65,7MB 2.3.7140 notwendig Bonjour Apple Inc. 19.12.2011 2,04MB 3.0.0.10 notwendig Brother HL-2035 Brother 19.12.2011 1.00 notwendig CCleaner Piriform 23.01.2013 3.27 notwendig CIR Registry ITE 04.10.2011 1.00.0000 notwendig CyberLink PowerDVD 9.5 CyberLink Corp. 04.10.2011 9.5.1.3426 notwendig CyberLink YouPaint CyberLink Corp. 04.10.2011 72,1MB 1.2.2124 notwendig Dell DataSafe Local Backup Dell Inc. 04.10.2011 9.4.60 notwendig Dell DataSafe Local Backup - Support Software Dell Inc. 04.10.2011 9.4.60 notwendig Dell DataSafe Online Dell 04.10.2011 6,46MB 2.1.19634 notwendig Dell Getting Started Guide Dell Inc. 04.10.2011 1.00.0000 notwendig Dell KM632 Wireless Keyboard Caps Lock Indicator Dell 04.10.2011 2.1.9.0401 notwendig Dell MusicStage Fingertapps 19.12.2011 90,4MB 1.6.225.0 notwendig Dell PhotoStage ArcSoft 04.10.2011 130MB 1.5.0.65 notwendig Dell Stage Fingertapps 27.02.2012 85,5MB 1.7.209.0 notwendig Dell Stage Remote ArcSoft 04.10.2011 80,8MB 2.0.0.43 notwendig Dell Support Center PC-Doctor, Inc. 20.02.2013 128MB 3.2.6032.125 notwendig Dell Touch Software Suite Games Fingertapps 04.10.2011 1.5.133.0 notwendig Dell VideoStage CyberLink Corp. 04.10.2011 1.2.0.1712 notwendig Dell Webcam Central Creative Technology Ltd 05.10.2011 2.00.44 notwendig DELLOSD DELL 04.10.2011 1.0.0.10 notwendig FastAccess Sensible Vision 04.10.2011 3.0.85.1 notwendig Free YouTube to MP3 Converter version 3.12.0.128 DVDVideoSoft Ltd. 05.03.2013 82,0MB 3.12.0.128 unnötig Google Chrome Google Inc. 19.12.2011 25.0.1364.152 notwendig iCloud Apple Inc. 05.02.2013 81,9MB 2.1.1.3 notwendig Intel(R) Management Engine Components Intel Corporation 05.10.2011 7.0.0.1144 notwendig Intel(R) Processor Graphics Intel Corporation 05.10.2011 8.15.10.2401 notwendig Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed Intel Corporation 04.10.2011 1.1.0.0157 notwendig Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 04.10.2011 1.1.0.0537 notwendig Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 04.10.2011 135MB 14.01.1000 notwendig Intel(R) WiDi Intel Corporation 04.10.2011 2.1.39.0 notwendig iTunes Apple Inc. 27.02.2013 187MB 11.0.2.26 notwendig Java 7 Update 15 Oracle 21.02.2013 129MB 7.0.150 notwendig Java(TM) 6 Update 27 (64-bit) Oracle 04.10.2011 91,6MB 6.0.270 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 06.03.2013 18,4MB 1.70.0.1100 notwendig McAfee Security Scan Plus McAfee, Inc. 01.03.2013 10,2MB 3.0.318.3 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9MB 4.0.30319 notwendig Microsoft Office 2010 Microsoft Corporation 04.10.2011 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 16.01.2012 14.0.4763.1000 notwendig Microsoft Office Professional Plus 2010 Microsoft Corporation 17.01.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 15.05.2012 50,6MB 5.1.10411.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.10.2011 1,69MB 3.1.0000 notwendig Microsoft Touch Pack for Windows 7 Microsoft Corporation 04.10.2011 325MB 1.0.40517.00 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 250KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.01.2012 298KB 8.0.61001 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 04.10.2011 788KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.01.2012 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 04.10.2011 598KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.10.2011 595KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.10.2011 586KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.01.2012 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.01.2012 12,2MB 10.0.40219 notwendig Microsoft XNA Framework Redistributable 3.0 Microsoft Corporation 04.10.2011 7,61MB 3.0.11010.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.12.2011 1,27MB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.12.2011 1,33MB 4.20.9876.0 notwendig NVIDIA Grafiktreiber 307.21 NVIDIA Corporation 21.11.2012 307.21 notwendig NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 04.10.2011 9.10.0514 notwendig NVIDIA Update 1.10.8 NVIDIA Corporation 21.11.2012 1.10.8 notwendig PlayReady PC Runtime x86 Microsoft Corporation 04.10.2011 1,65MB 1.3.0 notwendig QuickTime Apple Inc. 05.02.2013 73,1MB 7.73.80.64 unnötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.10.2011 6.0.1.6382 notwendig Roxio Creator Starter Roxio 05.10.2011 1,63GB 12.1.77.0 notwendig Skype™ 5.10 Skype Technologies S.A. 01.10.2012 19,4MB 5.10.116 notwendig SpeedFan (remove only) 21.12.2011 unnötig StickyNotes Dell 04.10.2011 1.5.135.0 notwendig SyncUP Nero AG 04.10.2011 287MB 10.2.14900 notwendig Ubisoft Game Launcher UBISOFT 20.12.2011 1.0.0.0 notwendig Veoh Giraffic Video Accelerator Giraffic 18.07.2012 0.86.246.230 unnötig VLC media player 1.1.11 VideoLAN 19.12.2011 1.1.11 notwendig WildTangent-Spiele WildTangent 05.10.2011 1.0.2.5 unnötig Windows Live Essentials Microsoft Corporation 04.10.2011 15.4.3508.1109 notwendig Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 04.10.2011 5,57MB 15.4.5722.2 notwendig WinRAR 4.10 beta 4 (64-bit) win.rar GmbH 21.12.2011 4.10.4 notwendig Xvid Video Codec Xvid Team 19.12.2011 1.3.2 notwendig Zinio Reader 4 Zinio LLC 05.10.2011 4.2.4164 notwendig |
|
12.03.2013, 20:08
| #14 |
| /// Malware-holic | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Free YouTube Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: McAfee SpeedFan Veoh WildTangent Öffne CCleaner, analysieren, starten, pc neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.03.2013, 09:00
| #15 |
| | Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) Hallo! Habe jetzt alles so gemacht. Das Logfile sieht so aus: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 14/03/2013 um 08:49:36 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ramona - RAMONA-DELL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ramona\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Ordner Gelöscht : C:\Users\Ramona\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ramona\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\Ramona\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.1905] : homepage = "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&sspv=CHSB13",
Gelöscht [l.2243] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=48&ssp[...]
*************************
AdwCleaner[S1].txt - [2076 octets] - [14/03/2013 08:49:36]
########## EOF - C:\AdwCleaner[S1].txt - [2136 octets] ##########
Liebe Grüße |
|
| Themen zu Trojaner (TR/Downloader.Gen und TR/Offend.kdv.484085.1) |
| antivir, autorun, avg, avira, bho, bonjour, chip.de, computer, converter, dell computer, dvdvideosoft ltd., error, firefox, flash player, format, helper, hilfreich, home, homepage, installation, logfile, monitor, mp3, nvidia update, nvpciflt.sys, plug-in, realtek, registry, scan, spyware, trojaner, warnung, wildtangent games |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
