| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WLan Unterbrechung bei "hervorragenden" EmpfangWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.03.2013, 15:49
| #1 |
 |  WLan Unterbrechung bei "hervorragenden" Empfang Hallo liebe Community mich hat es wohl auch mal erwischt  Eigentlich hatte ich nie Probleme mit meiner WLan Verbindung doch nun plötzlich.... Verbinden und surfen funktioniert wunderbar doch in einem unbestimmten Intervall verliert er die Verbindung und reconnect auch direkt , aber dies ist echt nervig und nicht der Sinn der Sache  €dit: Ich vergass zu sagen meine Wlan Verbindung ist immer laut Windows hervorragenden Ich kann mir selber leider nicht erklären was ich in der letzten Zeit installiert habe, da es auf Grund von Python und C++ einige Dinge waren... unteranderem Boost,... etc. Naja nun zu meinen Daten: Router: Systemname: ZyNOS Firmware-Version: V3.40(SQ.0) | 09/09/2004 DSL Firmware-Version:TI AR7 01.01.08.00 Standard:ADSL_G.dmt Marke ZyXel Verschlüsselung: keine Mac Filter: Aktiviert Mein Laptop: Win Vista Home Premium Service Pack2 Was habe ich bereits getan? Dieses Tutorial habe ich bereits durchgeführt.http://www.trojaner-board.de/94344-p...n-pruefen.html Des weiteren habe ich dieses Tutorial(http://www.trojaner-board.de/69886-a...-beachten.html) durchgearbeitet. Dabei muss ich erwähnen, dass es keine Fehlermeldungen oder sonst was gab. ABER Gmer stürzt bei mir ab und hat sogar schon einen Blue Screen verursacht (Wenn ich das so sagen kann) Leider habe ich meine log files alle bearbeitet und meinen Namen ersetzt und dann gelesen das wenn da steht Basti ich es doch lieber drinne lassen soll :/ Jetzt habe ich die Scans neu gemacht und er erstellt mir die Extra.txt von OTL leider nicht mehr  Ich habe des weiteren schon SpyBot Search und Lavasoft Ad aware und TDSS Kaspersky Rootkit Scanner laufen lassen - alle haben nichts dramatisches bis auf ein paar Cookies gefunden  - Konnten aber alle ohne Fehlermeldung entfernt/behoben werden.Ich hab selber schon befürchtet, dass Dinge wie Dropbox oder GitHub da im Hintergrund irgendwas abziehen und Dropbox erstmal deinstalliert. Hat jedoch nicht geholfen :=P Tut mir eine Bitte - den Satz "Bitte neu aufsetzen" gibt es nicht ... Es muss eine andere Lösung geben  €dit: Gestern habe ich schon mit einem TcpViewer (name fällt mir gerade nicht ein) geschaut welche Prozesse auf das Internet zugreifen und da ist mir nur aufgefallen, dass ich massig svchost.exe Prozesse habe :/ konnte aber nicht ausmachen ob irgendwas immer wieder mene Internetverbindung überlastet. Gerade läuft malwarebytes-anti-malware von euch - mal sehen ob das vielleicht auch noch was findet.... FUND: Der Scan läuft noch aber AntiVir springt gerade auf und meldet: In der Datei C:\Windows\Installer\...\syshost.exe einen TR/Necurs.A.57 gefunden .... klingt sympathisch  Scann fertig -> log Datei unten angehängt Vielen Dank für jedliche Hilfe ! Geändert von BoBoB (14.03.2013 um 16:13 Uhr) |
|
17.03.2013, 16:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | WLan Unterbrechung bei "hervorragenden" Empfang Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
17.03.2013, 17:10
| #3 |
| | WLan Unterbrechung bei "hervorragenden" Empfang Hey
__________________vielen dank dass du dir meines problem antust! ich habe auf eigener faust in den letzten beiden tagen einige scans durchgeführt werd aber ab jetzt jedes eigenständiges handeln einstellen und deinen anweisungen folgen ! (Problem besteht) Gmer hat eine Fehlermeldung gegeben. "Gmer funktioniert nicht mehr " Debuggen, schliessen und noch eine möglichkeit konnte ich nur drücken - habe mich für schließen entschieden Malwarebytes Log Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.17.09
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: BASTI-PC [administrator]
17.03.2013 17:01:57
mbar-log-2013-03-17 (17-01-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 35352
Time elapsed: 14 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Geändert von BoBoB (17.03.2013 um 17:15 Uhr) |
|
17.03.2013, 19:57
| #5 |
| | WLan Unterbrechung bei "hervorragenden" Empfang Sooo ich habe zu erst in den Abgesicherten Modus gewechselt und den Scan begonnen aber auch hier kam der Fehler: Gmer funktioniert nicht mehr - Debuggen , Schliessen und noch was Dann habe ich den Haken bei Devices rausgenommen und der Scan funktionierte! Hat ewig gedauert ~1h trotz wie von dir gesagt Quickscan. Am Ende konnnte ich weder Copy noch save drücken da jedesmal die Meldung kam nicht genügend Speicher zur Verfügung. Da ich mich per Handy hier nicht einloggen konnte musste ich den Pc neustarten um diesen Beitrag zu posten. Zur Information meine C Platte hat 49 GB freien Speicher ! |
|
17.03.2013, 20:52
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WLan Unterbrechung bei "hervorragenden" Empfang aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> WLan Unterbrechung bei "hervorragenden" Empfang |
|
17.03.2013, 21:19
| #7 | |
| | WLan Unterbrechung bei "hervorragenden" EmpfangZitat:
TDSKiller hat 5 Threads gefunden - tschuldigung - aus reflex habe ich es in Quarantäne verschoben Code:
ATTFilter 21:13:17.0961 3836 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:13:18.0226 3836 ============================================================
21:13:18.0226 3836 Current date / time: 2013/03/17 21:13:18.0226
21:13:18.0226 3836 SystemInfo:
21:13:18.0226 3836
21:13:18.0226 3836 OS Version: 6.0.6002 ServicePack: 2.0
21:13:18.0226 3836 Product type: Workstation
21:13:18.0226 3836 ComputerName: BASTI-PC
21:13:18.0226 3836 UserName: Basti
21:13:18.0226 3836 Windows directory: C:\Windows
21:13:18.0226 3836 System windows directory: C:\Windows
21:13:18.0226 3836 Processor architecture: Intel x86
21:13:18.0226 3836 Number of processors: 2
21:13:18.0226 3836 Page size: 0x1000
21:13:18.0226 3836 Boot type: Normal boot
21:13:18.0226 3836 ============================================================
21:13:18.0741 3836 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:13:18.0756 3836 ============================================================
21:13:18.0756 3836 \Device\Harddisk0\DR0:
21:13:18.0756 3836 MBR partitions:
21:13:18.0756 3836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17EEEFC0
21:13:18.0756 3836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17EEF000, BlocksNum 0xC34F800
21:13:18.0756 3836 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2423F000, BlocksNum 0x11EE000
21:13:18.0756 3836 ============================================================
21:13:18.0787 3836 C: <-> \Device\Harddisk0\DR0\Partition1
21:13:18.0850 3836 D: <-> \Device\Harddisk0\DR0\Partition3
21:13:18.0897 3836 P: <-> \Device\Harddisk0\DR0\Partition2
21:13:18.0897 3836 ============================================================
21:13:18.0897 3836 Initialize success
21:13:18.0897 3836 ============================================================
21:14:02.0991 2072 ============================================================
21:14:02.0991 2072 Scan started
21:14:02.0991 2072 Mode: Manual; SigCheck; TDLFS;
21:14:02.0991 2072 ============================================================
21:14:03.0210 2072 ================ Scan system memory ========================
21:14:03.0210 2072 System memory - ok
21:14:03.0210 2072 ================ Scan services =============================
21:14:03.0325 2072 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:14:03.0405 2072 !SASCORE - ok
21:14:03.0596 2072 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
21:14:03.0606 2072 Accelerometer - ok
21:14:03.0662 2072 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:14:03.0680 2072 ACPI - ok
21:14:03.0796 2072 [ D22791FCF6AD10A5591C719C37457A24 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
21:14:03.0898 2072 Ad-Aware Service - ok
21:14:04.0042 2072 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:14:04.0059 2072 AdobeARMservice - ok
21:14:04.0132 2072 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:14:04.0146 2072 AdobeFlashPlayerUpdateSvc - ok
21:14:04.0207 2072 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:14:04.0230 2072 adp94xx - ok
21:14:04.0237 2072 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:14:04.0253 2072 adpahci - ok
21:14:04.0271 2072 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:14:04.0284 2072 adpu160m - ok
21:14:04.0302 2072 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:14:04.0315 2072 adpu320 - ok
21:14:04.0364 2072 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:14:04.0422 2072 AeLookupSvc - ok
21:14:04.0527 2072 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
21:14:04.0576 2072 AESTFilters - ok
21:14:04.0635 2072 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:14:04.0683 2072 AFD - ok
21:14:04.0741 2072 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:14:04.0753 2072 agp440 - ok
21:14:04.0990 2072 ahaaha1 - ok
21:14:05.0018 2072 AhnRptTfFRegFNT - ok
21:14:05.0049 2072 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:14:05.0062 2072 aic78xx - ok
21:14:05.0223 2072 [ DBC02508535BA87E422CC59561224D8D ] Akamai c:\program files\common files\akamai\netsession_win_dbc0250.dll
21:14:05.0438 2072 Akamai - ok
21:14:05.0457 2072 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:14:05.0513 2072 ALG - ok
21:14:05.0551 2072 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:14:05.0562 2072 aliide - ok
21:14:05.0604 2072 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:14:05.0616 2072 amdagp - ok
21:14:05.0620 2072 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:14:05.0632 2072 amdide - ok
21:14:05.0672 2072 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:14:05.0717 2072 AmdK7 - ok
21:14:05.0745 2072 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:14:05.0804 2072 AmdK8 - ok
21:14:05.0861 2072 ampro - ok
21:14:05.0968 2072 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:14:05.0998 2072 AntiVirSchedulerService - ok
21:14:06.0049 2072 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:14:06.0059 2072 AntiVirService - ok
21:14:06.0102 2072 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:14:06.0165 2072 Appinfo - ok
21:14:06.0230 2072 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:14:06.0243 2072 Apple Mobile Device - ok
21:14:06.0287 2072 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:14:06.0299 2072 arc - ok
21:14:06.0323 2072 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:14:06.0335 2072 arcsas - ok
21:14:06.0449 2072 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:14:06.0465 2072 aspnet_state - ok
21:14:06.0491 2072 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:06.0543 2072 AsyncMac - ok
21:14:06.0575 2072 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:14:06.0587 2072 atapi - ok
21:14:06.0653 2072 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
21:14:06.0671 2072 atksgt - ok
21:14:06.0737 2072 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:14:06.0760 2072 AudioEndpointBuilder - ok
21:14:06.0781 2072 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:14:06.0802 2072 Audiosrv - ok
21:14:06.0870 2072 [ 1992C2A1867D95AA3A0802539358D162 ] Autodesk Content Service C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
21:14:06.0886 2072 Autodesk Content Service - ok
21:14:06.0936 2072 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:14:06.0947 2072 avgntflt - ok
21:14:06.0983 2072 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:14:06.0995 2072 avipbb - ok
21:14:07.0038 2072 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:14:07.0048 2072 avkmgr - ok
21:14:07.0117 2072 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
21:14:07.0192 2072 BCM43XV - ok
21:14:07.0227 2072 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:14:07.0307 2072 Beep - ok
21:14:07.0335 2072 BeSk81 - ok
21:14:07.0400 2072 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:14:07.0439 2072 BFE - ok
21:14:07.0511 2072 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:14:07.0593 2072 BITS - ok
21:14:07.0655 2072 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:14:07.0698 2072 blbdrive - ok
21:14:07.0781 2072 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:14:07.0796 2072 Bonjour Service - ok
21:14:07.0845 2072 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:14:07.0858 2072 bowser - ok
21:14:07.0903 2072 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:14:07.0937 2072 BrFiltLo - ok
21:14:07.0956 2072 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:14:08.0000 2072 BrFiltUp - ok
21:14:08.0037 2072 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:14:08.0083 2072 Browser - ok
21:14:08.0118 2072 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:14:08.0175 2072 Brserid - ok
21:14:08.0202 2072 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:14:08.0264 2072 BrSerWdm - ok
21:14:08.0287 2072 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:14:08.0357 2072 BrUsbMdm - ok
21:14:08.0384 2072 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:14:08.0441 2072 BrUsbSer - ok
21:14:08.0481 2072 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:14:08.0508 2072 BthEnum - ok
21:14:08.0558 2072 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:14:08.0600 2072 BTHMODEM - ok
21:14:08.0634 2072 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:14:08.0674 2072 BthPan - ok
21:14:08.0739 2072 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:14:08.0778 2072 BTHPORT - ok
21:14:08.0825 2072 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
21:14:08.0868 2072 BthServ - ok
21:14:08.0904 2072 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:14:08.0920 2072 BTHUSB - ok
21:14:08.0983 2072 [ 99AEEA7CEFDFC6E4151A8F620D682088 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:14:08.0993 2072 btwaudio - ok
21:14:09.0029 2072 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:14:09.0037 2072 btwavdt - ok
21:14:09.0080 2072 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:14:09.0088 2072 btwrchid - ok
21:14:09.0131 2072 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:14:09.0175 2072 cdfs - ok
21:14:09.0223 2072 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:14:09.0256 2072 cdrom - ok
21:14:09.0300 2072 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:14:09.0352 2072 CertPropSvc - ok
21:14:09.0372 2072 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:14:09.0414 2072 circlass - ok
21:14:09.0458 2072 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:14:09.0473 2072 CLFS - ok
21:14:09.0521 2072 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:14:09.0540 2072 clr_optimization_v2.0.50727_32 - ok
21:14:09.0578 2072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:14:09.0589 2072 clr_optimization_v4.0.30319_32 - ok
21:14:09.0634 2072 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:14:09.0657 2072 CmBatt - ok
21:14:09.0666 2072 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:14:09.0676 2072 cmdide - ok
21:14:09.0740 2072 [ A94146208170D78906C93EE39CEBDD9F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:14:09.0761 2072 Com4QLBEx - ok
21:14:09.0766 2072 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:14:09.0777 2072 Compbatt - ok
21:14:09.0781 2072 COMSysApp - ok
21:14:09.0797 2072 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:14:09.0808 2072 crcdisk - ok
21:14:09.0821 2072 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:14:09.0882 2072 Crusoe - ok
21:14:09.0935 2072 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:14:09.0982 2072 CryptSvc - ok
21:14:10.0038 2072 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
21:14:10.0064 2072 CVirtA - ok
21:14:10.0160 2072 [ F432260E59AAE3284ED7E795264C16D0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:14:10.0300 2072 CVPND - ok
21:14:10.0337 2072 [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
21:14:10.0363 2072 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:14:10.0363 2072 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:14:10.0476 2072 [ 8AAEEE8E59A70F37579993D118A34EE0 ] d3d9 C:\Windows\System32\d3d9.dll
21:14:10.0596 2072 d3d9 - ok
21:14:10.0599 2072 DBKDRVR54 - ok
21:14:10.0638 2072 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:14:10.0667 2072 DcomLaunch - ok
21:14:10.0707 2072 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:14:10.0734 2072 DfsC - ok
21:14:10.0820 2072 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:14:10.0973 2072 DFSR - ok
21:14:11.0018 2072 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:14:11.0060 2072 Dhcp - ok
21:14:11.0104 2072 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:14:11.0116 2072 disk - ok
21:14:11.0170 2072 [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
21:14:11.0180 2072 DNE - ok
21:14:11.0233 2072 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:14:11.0262 2072 Dnscache - ok
21:14:11.0297 2072 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:14:11.0332 2072 dot3svc - ok
21:14:11.0418 2072 [ DB162274197796AC5B3D54DA7ECA1909 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
21:14:11.0468 2072 DpHost ( UnsignedFile.Multi.Generic ) - warning
21:14:11.0468 2072 DpHost - detected UnsignedFile.Multi.Generic (1)
21:14:11.0528 2072 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:14:11.0572 2072 DPS - ok
21:14:11.0618 2072 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:14:11.0659 2072 drmkaud - ok
21:14:11.0701 2072 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:14:11.0728 2072 DXGKrnl - ok
21:14:11.0758 2072 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:14:11.0782 2072 E1G60 - ok
21:14:11.0810 2072 EagleNT - ok
21:14:11.0838 2072 EagleXNt - ok
21:14:11.0872 2072 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:14:11.0908 2072 EapHost - ok
21:14:11.0956 2072 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:14:11.0969 2072 Ecache - ok
21:14:11.0998 2072 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:14:12.0051 2072 ehRecvr - ok
21:14:12.0070 2072 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:14:12.0128 2072 ehSched - ok
21:14:12.0144 2072 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:14:12.0175 2072 ehstart - ok
21:14:12.0201 2072 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
21:14:12.0211 2072 ElbyCDFL - ok
21:14:12.0245 2072 [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:14:12.0256 2072 ElbyCDIO - ok
21:14:12.0313 2072 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:14:12.0332 2072 elxstor - ok
21:14:12.0374 2072 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:14:12.0422 2072 EMDMgmt - ok
21:14:12.0456 2072 [ 4CD6B056C5FD9E97C06FE74C81479517 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
21:14:12.0491 2072 enecir - ok
21:14:12.0529 2072 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:14:12.0572 2072 ErrDev - ok
21:14:12.0633 2072 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:14:12.0668 2072 EventSystem - ok
21:14:12.0699 2072 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:14:12.0742 2072 exfat - ok
21:14:12.0774 2072 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
21:14:12.0804 2072 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
21:14:12.0804 2072 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
21:14:12.0844 2072 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:14:12.0862 2072 fastfat - ok
21:14:12.0891 2072 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:14:12.0933 2072 fdc - ok
21:14:12.0958 2072 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:14:12.0981 2072 fdPHost - ok
21:14:12.0985 2072 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:14:13.0046 2072 FDResPub - ok
21:14:13.0083 2072 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:14:13.0095 2072 FileInfo - ok
21:14:13.0114 2072 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:14:13.0156 2072 Filetrace - ok
21:14:13.0236 2072 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:14:13.0309 2072 FLEXnet Licensing Service - ok
21:14:13.0320 2072 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:14:13.0366 2072 flpydisk - ok
21:14:13.0408 2072 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:14:13.0422 2072 FltMgr - ok
21:14:13.0497 2072 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:14:13.0559 2072 FontCache - ok
21:14:13.0632 2072 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:14:13.0647 2072 FontCache3.0.0.0 - ok
21:14:13.0686 2072 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:14:13.0716 2072 Fs_Rec - ok
21:14:13.0745 2072 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:14:13.0757 2072 gagp30kx - ok
21:14:13.0786 2072 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:14:13.0794 2072 GEARAspiWDM - ok
21:14:13.0836 2072 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\Windows\system32\drivers\gfibto.sys
21:14:13.0845 2072 gfibto - ok
21:14:13.0870 2072 GGSAFERDriver - ok
21:14:13.0912 2072 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:14:13.0980 2072 gpsvc - ok
21:14:14.0023 2072 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:14:14.0032 2072 hamachi - ok
21:14:14.0058 2072 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:14:14.0116 2072 HdAudAddService - ok
21:14:14.0152 2072 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:14:14.0196 2072 HDAudBus - ok
21:14:14.0249 2072 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:14:14.0286 2072 HidBth - ok
21:14:14.0323 2072 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:14:14.0341 2072 HidIr - ok
21:14:14.0374 2072 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:14:14.0405 2072 hidserv - ok
21:14:14.0441 2072 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:14:14.0459 2072 HidUsb - ok
21:14:14.0477 2072 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:14:14.0525 2072 hkmsvc - ok
21:14:14.0573 2072 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:14:14.0599 2072 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:14:14.0599 2072 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:14:14.0636 2072 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:14:14.0647 2072 HpCISSs - ok
21:14:14.0671 2072 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
21:14:14.0679 2072 hpdskflt - ok
21:14:14.0741 2072 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:14:14.0765 2072 HpqKbFiltr - ok
21:14:14.0813 2072 [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:14:14.0862 2072 HpqRemHid - ok
21:14:14.0892 2072 [ D50FDAD1E57AA60F1973CFC77D905F0E ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:14:14.0901 2072 hpqwmiex - ok
21:14:14.0931 2072 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\Windows\system32\Hpservice.exe
21:14:14.0940 2072 hpsrv - ok
21:14:14.0992 2072 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\Windows\system32\DRIVERS\HPZius12.sys
21:14:15.0052 2072 HPZius12 - ok
21:14:15.0113 2072 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:14:15.0137 2072 HSFHWAZL - ok
21:14:15.0176 2072 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:14:15.0263 2072 HSF_DPV - ok
21:14:15.0305 2072 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:14:15.0339 2072 HTTP - ok
21:14:15.0365 2072 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:14:15.0376 2072 i2omp - ok
21:14:15.0436 2072 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:14:15.0470 2072 i8042prt - ok
21:14:15.0557 2072 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:14:15.0572 2072 IAANTMON - ok
21:14:15.0645 2072 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:14:15.0658 2072 iaStor - ok
21:14:15.0664 2072 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:14:15.0678 2072 iaStorV - ok
21:14:15.0719 2072 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:14:15.0752 2072 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:14:15.0752 2072 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:14:15.0811 2072 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:14:15.0882 2072 idsvc - ok
21:14:15.0905 2072 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:14:15.0915 2072 iirsp - ok
21:14:15.0990 2072 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:14:16.0034 2072 IKEEXT - ok
21:14:16.0122 2072 IlvMoneyDRIVER53 - ok
21:14:16.0158 2072 injectDLL - ok
21:14:16.0199 2072 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:14:16.0210 2072 intelide - ok
21:14:16.0253 2072 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:14:16.0296 2072 intelppm - ok
21:14:16.0319 2072 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:14:16.0342 2072 IPBusEnum - ok
21:14:16.0352 2072 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:14:16.0395 2072 IpFilterDriver - ok
21:14:16.0399 2072 IpInIp - ok
21:14:16.0420 2072 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:14:16.0442 2072 IPMIDRV - ok
21:14:16.0460 2072 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:14:16.0501 2072 IPNAT - ok
21:14:16.0616 2072 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:14:16.0671 2072 iPod Service - ok
21:14:16.0721 2072 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:14:16.0743 2072 IRENUM - ok
21:14:16.0760 2072 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:14:16.0772 2072 isapnp - ok
21:14:16.0818 2072 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:14:16.0831 2072 iScsiPrt - ok
21:14:16.0839 2072 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:14:16.0850 2072 iteatapi - ok
21:14:16.0859 2072 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:14:16.0869 2072 iteraid - ok
21:14:16.0918 2072 [ 858C550EBBD243826A2193262C1B54A3 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
21:14:16.0966 2072 JMCR - ok
21:14:16.0992 2072 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:14:17.0003 2072 kbdclass - ok
21:14:17.0035 2072 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:14:17.0067 2072 kbdhid - ok
21:14:17.0098 2072 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:14:17.0154 2072 KeyIso - ok
21:14:17.0156 2072 KIKIDRIVER - ok
21:14:17.0189 2072 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:14:17.0210 2072 KSecDD - ok
21:14:17.0271 2072 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:14:17.0317 2072 KtmRm - ok
21:14:17.0390 2072 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:14:17.0429 2072 LanmanServer - ok
21:14:17.0486 2072 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:14:17.0544 2072 LanmanWorkstation - ok
21:14:17.0615 2072 Lavasoft Kernexplorer - ok
21:14:17.0639 2072 Lbd - ok
21:14:17.0698 2072 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
21:14:17.0708 2072 lirsgt - ok
21:14:17.0736 2072 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:14:17.0779 2072 lltdio - ok
21:14:17.0806 2072 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:14:17.0852 2072 lltdsvc - ok
21:14:17.0876 2072 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:14:17.0915 2072 lmhosts - ok
21:14:17.0934 2072 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:14:17.0947 2072 LSI_FC - ok
21:14:17.0951 2072 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:14:17.0964 2072 LSI_SAS - ok
21:14:17.0998 2072 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:14:18.0011 2072 LSI_SCSI - ok
21:14:18.0018 2072 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:14:18.0083 2072 luafv - ok
21:14:18.0132 2072 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:14:18.0141 2072 MBAMProtector - ok
21:14:18.0186 2072 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:14:18.0201 2072 MBAMScheduler - ok
21:14:18.0238 2072 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:14:18.0267 2072 MBAMService - ok
21:14:18.0314 2072 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:14:18.0346 2072 Mcx2Svc - ok
21:14:18.0376 2072 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:14:18.0388 2072 megasas - ok
21:14:18.0426 2072 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:14:18.0447 2072 MegaSR - ok
21:14:18.0543 2072 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:14:18.0560 2072 Microsoft Office Groove Audit Service - ok
21:14:18.0611 2072 [ D96EA49AB9A9174331BC023FD0CADC18 ] mirrorv3 C:\Windows\system32\DRIVERS\rminiv3.sys
21:14:18.0661 2072 mirrorv3 - ok
21:14:18.0678 2072 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:14:18.0719 2072 MMCSS - ok
21:14:18.0743 2072 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:14:18.0780 2072 Modem - ok
21:14:18.0814 2072 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:14:18.0860 2072 monitor - ok
21:14:18.0887 2072 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:14:18.0898 2072 mouclass - ok
21:14:18.0914 2072 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:14:18.0936 2072 mouhid - ok
21:14:18.0948 2072 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:14:18.0960 2072 MountMgr - ok
21:14:19.0021 2072 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:14:19.0040 2072 MozillaMaintenance - ok
21:14:19.0062 2072 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:14:19.0074 2072 mpio - ok
21:14:19.0098 2072 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:14:19.0116 2072 mpsdrv - ok
21:14:19.0183 2072 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:14:19.0210 2072 MpsSvc - ok
21:14:19.0261 2072 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:14:19.0271 2072 Mraid35x - ok
21:14:19.0306 2072 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:14:19.0319 2072 MRxDAV - ok
21:14:19.0354 2072 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:14:19.0367 2072 mrxsmb - ok
21:14:19.0396 2072 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:14:19.0432 2072 mrxsmb10 - ok
21:14:19.0437 2072 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:14:19.0451 2072 mrxsmb20 - ok
21:14:19.0456 2072 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:14:19.0467 2072 msahci - ok
21:14:19.0487 2072 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:14:19.0499 2072 msdsm - ok
21:14:19.0521 2072 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:14:19.0545 2072 MSDTC - ok
21:14:19.0560 2072 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:14:19.0598 2072 Msfs - ok
21:14:19.0625 2072 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:14:19.0636 2072 msisadrv - ok
21:14:19.0662 2072 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:14:19.0702 2072 MSiSCSI - ok
21:14:19.0706 2072 msiserver - ok
21:14:19.0733 2072 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:14:19.0777 2072 MSKSSRV - ok
21:14:19.0819 2072 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:14:19.0841 2072 MSPCLOCK - ok
21:14:19.0859 2072 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:14:19.0882 2072 MSPQM - ok
21:14:19.0928 2072 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:14:19.0942 2072 MsRPC - ok
21:14:19.0953 2072 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:14:19.0965 2072 mssmbios - ok
21:14:20.0048 2072 MSSQL$ACCUCHEK360 - ok
21:14:20.0086 2072 MSSQL$SQLEXPRESS - ok
21:14:20.0111 2072 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:14:20.0128 2072 MSSQLServerADHelper - ok
21:14:20.0145 2072 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:14:20.0167 2072 MSTEE - ok
21:14:20.0197 2072 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:14:20.0209 2072 Mup - ok
21:14:20.0245 2072 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:14:20.0287 2072 napagent - ok
21:14:20.0327 2072 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:14:20.0341 2072 NativeWifiP - ok
21:14:20.0385 2072 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:14:20.0407 2072 NDIS - ok
21:14:20.0425 2072 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:14:20.0460 2072 NdisTapi - ok
21:14:20.0479 2072 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:14:20.0502 2072 Ndisuio - ok
21:14:20.0557 2072 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:14:20.0575 2072 NdisWan - ok
21:14:20.0594 2072 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:14:20.0612 2072 NDProxy - ok
21:14:20.0622 2072 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:14:20.0659 2072 NetBIOS - ok
21:14:20.0697 2072 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:14:20.0732 2072 netbt - ok
21:14:20.0756 2072 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:14:20.0769 2072 Netlogon - ok
21:14:20.0800 2072 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:14:20.0844 2072 Netman - ok
21:14:20.0918 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:20.0939 2072 NetMsmqActivator - ok
21:14:20.0943 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:20.0954 2072 NetPipeActivator - ok
21:14:20.0988 2072 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:14:21.0015 2072 netprofm - ok
21:14:21.0020 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:21.0031 2072 NetTcpActivator - ok
21:14:21.0035 2072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:14:21.0046 2072 NetTcpPortSharing - ok
21:14:21.0148 2072 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
21:14:21.0350 2072 NETw5v32 - ok
21:14:21.0379 2072 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:14:21.0390 2072 nfrd960 - ok
21:14:21.0410 2072 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:14:21.0435 2072 NlaSvc - ok
21:14:21.0453 2072 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:14:21.0486 2072 Npfs - ok
21:14:21.0504 2072 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:14:21.0551 2072 nsi - ok
21:14:21.0574 2072 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:14:21.0615 2072 nsiproxy - ok
21:14:21.0673 2072 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:14:21.0735 2072 Ntfs - ok
21:14:21.0756 2072 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:14:21.0795 2072 ntrigdigi - ok
21:14:21.0812 2072 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:14:21.0834 2072 Null - ok
21:14:21.0888 2072 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
21:14:21.0957 2072 NVENETFD - ok
21:14:22.0019 2072 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:14:22.0030 2072 NVHDA - ok
21:14:22.0278 2072 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:14:22.0761 2072 nvlddmkm - ok
21:14:22.0790 2072 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:14:22.0802 2072 nvraid - ok
21:14:22.0806 2072 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:14:22.0818 2072 nvstor - ok
21:14:22.0862 2072 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
21:14:22.0874 2072 nvsvc - ok
21:14:22.0901 2072 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:14:22.0913 2072 nv_agp - ok
21:14:22.0917 2072 NwlnkFlt - ok
21:14:22.0923 2072 NwlnkFwd - ok
21:14:23.0005 2072 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:14:23.0051 2072 odserv - ok
21:14:23.0135 2072 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:14:23.0171 2072 ohci1394 - ok
21:14:23.0242 2072 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:14:23.0261 2072 ose - ok
21:14:23.0324 2072 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:14:23.0426 2072 p2pimsvc - ok
21:14:23.0442 2072 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:14:23.0465 2072 p2psvc - ok
21:14:23.0510 2072 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:14:23.0568 2072 Parport - ok
21:14:23.0601 2072 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:14:23.0613 2072 partmgr - ok
21:14:23.0632 2072 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:14:23.0670 2072 Parvdm - ok
21:14:23.0691 2072 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:14:23.0716 2072 PcaSvc - ok
21:14:23.0759 2072 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:14:23.0773 2072 pci - ok
21:14:23.0817 2072 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:14:23.0828 2072 pciide - ok
21:14:23.0844 2072 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:14:23.0857 2072 pcmcia - ok
21:14:23.0916 2072 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:14:24.0002 2072 PEAUTH - ok
21:14:24.0061 2072 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:14:24.0175 2072 pla - ok
21:14:24.0222 2072 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:14:24.0261 2072 PlugPlay - ok
21:14:24.0291 2072 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:14:24.0315 2072 PNRPAutoReg - ok
21:14:24.0358 2072 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:14:24.0382 2072 PNRPsvc - ok
21:14:24.0430 2072 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:14:24.0478 2072 PolicyAgent - ok
21:14:24.0526 2072 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:14:24.0570 2072 PptpMiniport - ok
21:14:24.0598 2072 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:14:24.0641 2072 Processor - ok
21:14:24.0680 2072 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:14:24.0701 2072 ProfSvc - ok
21:14:24.0714 2072 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:14:24.0727 2072 ProtectedStorage - ok
21:14:24.0755 2072 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:14:24.0774 2072 PSched - ok
21:14:24.0839 2072 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:14:24.0922 2072 ql2300 - ok
21:14:24.0939 2072 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:14:24.0950 2072 ql40xx - ok
21:14:25.0035 2072 [ 6803B69C14696CC4907C5F77FBB04A14 ] QPCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
21:14:25.0062 2072 QPCapSvc - ok
21:14:25.0073 2072 [ 95A0B86B9F1D27B613830864341A8252 ] QPSched C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
21:14:25.0091 2072 QPSched - ok
21:14:25.0115 2072 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:14:25.0131 2072 QWAVE - ok
21:14:25.0154 2072 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:14:25.0165 2072 QWAVEdrv - ok
21:14:25.0180 2072 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:14:25.0222 2072 RasAcd - ok
21:14:25.0247 2072 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:14:25.0296 2072 RasAuto - ok
21:14:25.0318 2072 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:14:25.0358 2072 Rasl2tp - ok
21:14:25.0400 2072 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:14:25.0444 2072 RasMan - ok
21:14:25.0484 2072 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:14:25.0526 2072 RasPppoe - ok
21:14:25.0564 2072 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:14:25.0576 2072 RasSstp - ok
21:14:25.0636 2072 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:14:25.0679 2072 rdbss - ok
21:14:25.0706 2072 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:14:25.0746 2072 RDPCDD - ok
21:14:25.0774 2072 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:14:25.0800 2072 rdpdr - ok
21:14:25.0805 2072 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:14:25.0828 2072 RDPENCDD - ok
21:14:25.0861 2072 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:14:25.0908 2072 RDPWD - ok
21:14:25.0940 2072 [ B9570481A1BABCC4A9E941C553596077 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe
21:14:25.0970 2072 Recovery Service for Windows - ok
21:14:26.0005 2072 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:14:26.0041 2072 RemoteAccess - ok
21:14:26.0081 2072 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:14:26.0119 2072 RemoteRegistry - ok
21:14:26.0177 2072 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:14:26.0214 2072 RFCOMM - ok
21:14:26.0283 2072 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:14:26.0314 2072 RichVideo - ok
21:14:26.0330 2072 ROCKSTAR - ok
21:14:26.0362 2072 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:14:26.0421 2072 RpcLocator - ok
21:14:26.0470 2072 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:14:26.0498 2072 RpcSs - ok
21:14:26.0529 2072 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:14:26.0552 2072 rspndr - ok
21:14:26.0622 2072 [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
21:14:26.0642 2072 RTL8169 - ok
21:14:26.0659 2072 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:14:26.0673 2072 SamSs - ok
21:14:26.0731 2072 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:14:26.0740 2072 SASDIFSV - ok
21:14:26.0758 2072 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:14:26.0769 2072 SASKUTIL - ok
21:14:26.0911 2072 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
21:14:27.0222 2072 SBAMSvc - ok
21:14:27.0269 2072 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:14:27.0281 2072 sbp2port - ok
21:14:27.0397 2072 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService P:\Programme\Spybot - Search & Destroy\SDWinSec.exe
21:14:27.0493 2072 SBSDWSCService - ok
21:14:27.0523 2072 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:14:27.0558 2072 SCardSvr - ok
21:14:27.0600 2072 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:14:27.0684 2072 Schedule - ok
21:14:27.0710 2072 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:14:27.0729 2072 SCPolicySvc - ok
21:14:27.0790 2072 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:14:27.0834 2072 sdbus - ok
21:14:27.0874 2072 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:14:27.0921 2072 SDRSVC - ok
21:14:27.0943 2072 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:14:28.0003 2072 secdrv - ok
21:14:28.0032 2072 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:14:28.0058 2072 seclogon - ok
21:14:28.0086 2072 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:14:28.0135 2072 SENS - ok
21:14:28.0204 2072 [ B3C1B187FEFC941F63CE0DF93D02EB9F ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
21:14:28.0214 2072 Sentinel - ok
21:14:28.0259 2072 [ ACCDF944417FCE3B9BDDFC197C704A27 ] SentinelProtectionServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
21:14:28.0270 2072 SentinelProtectionServer - ok
21:14:28.0319 2072 [ 6CE397C482BEDE91A38E56A8C4A0DC6D ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
21:14:28.0361 2072 Ser2pl - ok
21:14:28.0372 2072 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:14:28.0411 2072 Serenum - ok
21:14:28.0432 2072 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:14:28.0489 2072 Serial - ok
21:14:28.0507 2072 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:14:28.0530 2072 sermouse - ok
21:14:28.0551 2072 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:14:28.0576 2072 SessionEnv - ok
21:14:28.0587 2072 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:14:28.0606 2072 sffdisk - ok
21:14:28.0612 2072 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:14:28.0641 2072 sffp_mmc - ok
21:14:28.0655 2072 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:14:28.0678 2072 sffp_sd - ok
21:14:28.0713 2072 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:14:28.0751 2072 sfloppy - ok
21:14:28.0791 2072 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:14:28.0843 2072 ShellHWDetection - ok
21:14:28.0866 2072 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:14:28.0878 2072 sisagp - ok
21:14:28.0891 2072 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:14:28.0902 2072 SiSRaid2 - ok
21:14:28.0910 2072 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:14:28.0922 2072 SiSRaid4 - ok
21:14:28.0984 2072 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:14:29.0040 2072 SkypeUpdate - ok
21:14:29.0148 2072 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:14:29.0338 2072 slsvc - ok
21:14:29.0367 2072 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:14:29.0387 2072 SLUINotify - ok
21:14:29.0415 2072 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:14:29.0458 2072 Smb - ok
21:14:29.0491 2072 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:14:29.0519 2072 SNMPTRAP - ok
21:14:29.0539 2072 spd3ssl - ok
21:14:29.0568 2072 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:14:29.0579 2072 spldr - ok
21:14:29.0608 2072 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:14:29.0664 2072 Spooler - ok
21:14:29.0748 2072 [ 71E276F6D189413266EA22171806597B ] sptd C:\Windows\System32\Drivers\sptd.sys
21:14:29.0782 2072 sptd - ok
21:14:29.0823 2072 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:14:29.0856 2072 SQLBrowser - ok
21:14:29.0909 2072 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:14:29.0926 2072 SQLWriter - ok
21:14:29.0962 2072 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:14:29.0996 2072 srv - ok
21:14:30.0033 2072 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:14:30.0073 2072 srv2 - ok
21:14:30.0106 2072 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:14:30.0134 2072 srvnet - ok
21:14:30.0160 2072 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:14:30.0187 2072 SSDPSRV - ok
21:14:30.0220 2072 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:14:30.0228 2072 ssmdrv - ok
21:14:30.0272 2072 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:14:30.0288 2072 SstpSvc - ok
21:14:30.0425 2072 [ 05AE358CD777BF8857F512A18E1DE7AA ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
21:14:30.0437 2072 STacSV - ok
21:14:30.0453 2072 Steam Client Service - ok
21:14:30.0518 2072 [ E69A606872650B46DE54EC15DCC93529 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
21:14:30.0554 2072 STHDA - ok
21:14:30.0597 2072 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:14:30.0634 2072 stisvc - ok
21:14:30.0664 2072 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:14:30.0675 2072 swenum - ok
21:14:30.0746 2072 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:14:30.0769 2072 swprv - ok
21:14:30.0779 2072 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:14:30.0790 2072 Symc8xx - ok
21:14:30.0804 2072 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:14:30.0815 2072 Sym_hi - ok
21:14:30.0823 2072 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:14:30.0833 2072 Sym_u3 - ok
21:14:30.0890 2072 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:14:30.0904 2072 SynTP - ok
21:14:30.0930 2072 SysCom1 - ok
21:14:30.0971 2072 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:14:31.0017 2072 SysMain - ok
21:14:31.0063 2072 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:14:31.0102 2072 TabletInputService - ok
21:14:31.0143 2072 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:14:31.0182 2072 TapiSrv - ok
21:14:31.0237 2072 [ 0A396237C3C4164DE12D7C26450BD69C ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
21:14:31.0246 2072 tbhsd - ok
21:14:31.0254 2072 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:14:31.0301 2072 TBS - ok
21:14:31.0349 2072 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:14:31.0404 2072 Tcpip - ok
21:14:31.0431 2072 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:14:31.0507 2072 Tcpip6 - ok
21:14:31.0562 2072 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:14:31.0593 2072 tcpipreg - ok
21:14:31.0623 2072 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:14:31.0661 2072 TDPIPE - ok
21:14:31.0698 2072 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:14:31.0721 2072 TDTCP - ok
21:14:31.0755 2072 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:14:31.0778 2072 tdx - ok
21:14:31.0814 2072 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:14:31.0827 2072 TermDD - ok
21:14:31.0876 2072 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:14:31.0904 2072 TermService - ok
21:14:31.0926 2072 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:14:31.0943 2072 Themes - ok
21:14:31.0997 2072 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:14:32.0022 2072 THREADORDER - ok
21:14:32.0062 2072 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:14:32.0108 2072 TrkWks - ok
21:14:32.0183 2072 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:14:32.0201 2072 TrustedInstaller - ok
21:14:32.0224 2072 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:14:32.0270 2072 tssecsrv - ok
21:14:32.0302 2072 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:14:32.0328 2072 tunmp - ok
21:14:32.0364 2072 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:14:32.0376 2072 tunnel - ok
21:14:32.0394 2072 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:14:32.0406 2072 uagp35 - ok
21:14:32.0441 2072 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:14:32.0461 2072 udfs - ok
21:14:32.0484 2072 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:14:32.0508 2072 UI0Detect - ok
21:14:32.0524 2072 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:14:32.0536 2072 uliagpkx - ok
21:14:32.0557 2072 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:14:32.0571 2072 uliahci - ok
21:14:32.0576 2072 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:14:32.0589 2072 UlSata - ok
21:14:32.0594 2072 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:14:32.0606 2072 ulsata2 - ok
21:14:32.0614 2072 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:14:32.0662 2072 umbus - ok
21:14:32.0696 2072 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:14:32.0738 2072 upnphost - ok
21:14:32.0776 2072 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:14:32.0823 2072 USBAAPL - ok
21:14:32.0851 2072 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:14:32.0882 2072 usbccgp - ok
21:14:32.0896 2072 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:14:32.0950 2072 usbcir - ok
21:14:32.0991 2072 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:14:33.0031 2072 usbehci - ok
21:14:33.0068 2072 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:14:33.0104 2072 usbhub - ok
21:14:33.0143 2072 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:14:33.0183 2072 usbohci - ok
21:14:33.0221 2072 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:14:33.0280 2072 usbprint - ok
21:14:33.0333 2072 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:14:33.0364 2072 usbscan - ok
21:14:33.0386 2072 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:14:33.0405 2072 USBSTOR - ok
21:14:33.0419 2072 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:14:33.0451 2072 usbuhci - ok
21:14:33.0477 2072 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:14:33.0526 2072 usbvideo - ok
21:14:33.0554 2072 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:14:33.0574 2072 UxSms - ok
21:14:33.0621 2072 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:14:33.0662 2072 vds - ok
21:14:33.0707 2072 [ 4D45A93A7DD638CA2DB0A86FBFBF42D1 ] vfs101x C:\Windows\system32\drivers\vfs101x.sys
21:14:33.0715 2072 vfs101x - ok
21:14:33.0746 2072 [ 7ED51043FED8FFD9577B4B74779D9AF0 ] vfsFPService C:\Windows\system32\vfsFPService.exe
21:14:33.0767 2072 vfsFPService - ok
21:14:33.0843 2072 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:14:33.0884 2072 vga - ok
21:14:33.0915 2072 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:14:33.0937 2072 VgaSave - ok
21:14:33.0947 2072 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:14:33.0959 2072 viaagp - ok
21:14:33.0976 2072 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:14:33.0998 2072 ViaC7 - ok
21:14:34.0025 2072 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:14:34.0036 2072 viaide - ok
21:14:34.0049 2072 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:14:34.0061 2072 volmgr - ok
21:14:34.0101 2072 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:14:34.0117 2072 volmgrx - ok
21:14:34.0153 2072 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:14:34.0168 2072 volsnap - ok
21:14:34.0253 2072 [ 3730B7B03E2FD363D63E9327E0E1EBEA ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:14:34.0299 2072 vpnagent - ok
21:14:34.0328 2072 [ 1B7C80C66742DAFAA31F98AF4C3A5BC2 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
21:14:34.0336 2072 vpnva - ok
21:14:34.0382 2072 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:14:34.0395 2072 vsmraid - ok
21:14:34.0447 2072 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:14:34.0508 2072 VSS - ok
21:14:34.0550 2072 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:14:34.0574 2072 W32Time - ok
21:14:34.0585 2072 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:14:34.0624 2072 WacomPen - ok
21:14:34.0638 2072 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:14:34.0671 2072 Wanarp - ok
21:14:34.0675 2072 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:14:34.0695 2072 Wanarpv6 - ok
21:14:34.0724 2072 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:14:34.0747 2072 wcncsvc - ok
21:14:34.0801 2072 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:14:34.0845 2072 WcsPlugInService - ok
21:14:34.0872 2072 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:14:34.0883 2072 Wd - ok
21:14:34.0920 2072 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:14:34.0944 2072 Wdf01000 - ok
21:14:34.0970 2072 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:14:34.0996 2072 WdiServiceHost - ok
21:14:35.0001 2072 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:14:35.0028 2072 WdiSystemHost - ok
21:14:35.0067 2072 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:14:35.0107 2072 WebClient - ok
21:14:35.0147 2072 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:14:35.0205 2072 Wecsvc - ok
21:14:35.0210 2072 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:14:35.0231 2072 wercplsupport - ok
21:14:35.0264 2072 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:14:35.0286 2072 WerSvc - ok
21:14:35.0320 2072 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:14:35.0355 2072 winachsf - ok
21:14:35.0419 2072 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:14:35.0433 2072 WinDefend - ok
21:14:35.0440 2072 WinHttpAutoProxySvc - ok
21:14:35.0494 2072 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:14:35.0513 2072 Winmgmt - ok
21:14:35.0567 2072 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:14:35.0666 2072 WinRM - ok
21:14:35.0722 2072 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:14:35.0781 2072 Wlansvc - ok
21:14:35.0955 2072 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:14:36.0043 2072 wlidsvc - ok
21:14:36.0086 2072 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:14:36.0118 2072 WmiAcpi - ok
21:14:36.0159 2072 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:14:36.0193 2072 wmiApSrv - ok
21:14:36.0258 2072 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:14:36.0323 2072 WMPNetworkSvc - ok
21:14:36.0343 2072 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:14:36.0364 2072 WPCSvc - ok
21:14:36.0390 2072 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:14:36.0443 2072 WPDBusEnum - ok
21:14:36.0489 2072 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:14:36.0501 2072 WpdUsb - ok
21:14:36.0647 2072 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:14:36.0683 2072 WPFFontCache_v0400 - ok
21:14:36.0726 2072 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:14:36.0770 2072 ws2ifsl - ok
21:14:36.0775 2072 WSearch - ok
21:14:36.0864 2072 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:14:37.0005 2072 wuauserv - ok
21:14:37.0057 2072 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:14:37.0082 2072 WudfPf - ok
21:14:37.0132 2072 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:14:37.0155 2072 WUDFRd - ok
21:14:37.0258 2072 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:14:37.0273 2072 wudfsvc - ok
21:14:37.0310 2072 XDva346 - ok
21:14:37.0326 2072 XDva347 - ok
21:14:37.0337 2072 XDva349 - ok
21:14:37.0402 2072 [ 8903C6979EA677A9AF3D36E0D3709203 ] {22D78859-9CE9-4B77-BF18-AC83E81A9263} C:\Program Files\HP\QuickPlay\000.fcl
21:14:37.0410 2072 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
21:14:37.0417 2072 ================ Scan global ===============================
21:14:37.0435 2072 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:14:37.0463 2072 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:14:37.0486 2072 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:14:37.0526 2072 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:14:37.0529 2072 [Global] - ok
21:14:37.0529 2072 ================ Scan MBR ==================================
21:14:37.0536 2072 [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0
21:14:37.0995 2072 \Device\Harddisk0\DR0 - ok
21:14:37.0995 2072 ================ Scan VBR ==================================
21:14:37.0997 2072 [ A0EBCB7DEB2BE24A931F74D927CF0651 ] \Device\Harddisk0\DR0\Partition1
21:14:37.0999 2072 \Device\Harddisk0\DR0\Partition1 - ok
21:14:38.0005 2072 [ 0441368A0438C29CBE5277BC5FC3C538 ] \Device\Harddisk0\DR0\Partition2
21:14:38.0006 2072 \Device\Harddisk0\DR0\Partition2 - ok
21:14:38.0016 2072 [ 70EFE2A9B0E6E70B3B293B2D258261F2 ] \Device\Harddisk0\DR0\Partition3
21:14:38.0018 2072 \Device\Harddisk0\DR0\Partition3 - ok
21:14:38.0018 2072 ============================================================
21:14:38.0018 2072 Scan finished
21:14:38.0018 2072 ============================================================
21:14:38.0027 2856 Detected object count: 5
21:14:38.0027 2856 Actual detected object count: 5
21:15:27.0453 2856 C:\Windows\system32\Drivers\CVPNDRVA.sys - copied to quarantine
21:15:27.0454 2856 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:15:27.0522 2856 C:\Program Files\DigitalPersona\Bin\DpHostW.exe - copied to quarantine
21:15:27.0522 2856 DpHost ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:15:27.0544 2856 C:\Windows\System32\ezsvc7.dll - copied to quarantine
21:15:27.0545 2856 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:15:27.0597 2856 c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe - copied to quarantine
21:15:27.0597 2856 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:15:27.0619 2856 C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe - copied to quarantine
21:15:27.0620 2856 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
21:16:27.0204 3064 Deinitialize success
C:\Windows\assembly\GAC_MSIL\Microsoft.TeamFoundation.WorkItemTracking Da ich weiss wo er crasht habe ich vorher eine Log gespeichert Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-17 21:29:17
-----------------------------
21:29:17.292 OS Version: Windows 6.0.6002 Service Pack 2
21:29:17.292 Number of processors: 2 586 0x1706
21:29:17.307 ComputerName: BASTI-PC UserName: Basti
21:29:18.384 Initialize success
21:29:26.356 The log file has been saved successfully to "C:\Users\Basti\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-17 21:29:17
-----------------------------
21:29:17.292 OS Version: Windows 6.0.6002 Service Pack 2
21:29:17.292 Number of processors: 2 586 0x1706
21:29:17.307 ComputerName: BASTI-PC UserName: Basti
21:29:18.384 Initialize success
21:29:26.356 The log file has been saved successfully to "C:\Users\Basti\Desktop\aswMBR.txt"
21:29:27.106 AVAST engine defs: 13031700
21:29:30.472 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:29:30.488 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
21:29:30.566 Disk 0 MBR read successfully
21:29:30.566 Disk 0 MBR scan
21:29:30.581 Disk 0 unknown MBR code
21:29:30.581 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 196061 MB offset 63
21:29:30.612 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99999 MB offset 401534976
21:29:30.628 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 9180 MB offset 606334976
21:29:30.675 Disk 0 scanning sectors +625135616
21:29:30.753 Disk 0 scanning C:\Windows\system32\drivers
21:29:46.369 Service scanning
21:30:18.677 Modules scanning
21:30:32.467 Disk 0 trace - called modules:
21:30:32.561 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll iaStor.sys
21:30:32.561 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87ee66f0]
21:30:32.561 3 CLASSPNP.SYS[82e0b8b3] -> nt!IofCallDriver -> [0x87ee6c48]
21:30:32.561 5 hpdskflt.sys[8bfb4f92] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x869b9028]
21:30:34.090 AVAST engine scan C:\Windows
21:30:44.963 AVAST engine scan C:\Windows\system32
21:30:49.097 Disk 0 MBR has been saved successfully to "C:\Users\Basti\Desktop\MBR.dat"
21:30:49.097 The log file has been saved successfully to "C:\Users\Basti\Desktop\aswMBR.txt"
Geändert von BoBoB (17.03.2013 um 21:46 Uhr) |
|
18.03.2013, 09:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WLan Unterbrechung bei "hervorragenden" Empfang Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 10:55
| #9 |
| | WLan Unterbrechung bei "hervorragenden" Empfang Moin Moin ich habe ComboFix gestartet und vorher mein AntiVir Avira deaktiviert und meine Internetverbindung auch gekappt. Dennoch kam die Warnung, dass mein AntiVir noch aktiv ist. Habe es wie in der Anleitung beschrieben ist ignoriert und Scan gestartet. Durchzufall sah ich dass mein Pc einen Neustart gemacht hat, danach ging der Scan weiter jedoch mit laufenden AntiVir Scanner - laut Anleitung sollte ich ja keine Bewegung mit der Maus machen. Nachdem der Scan fertig war erschien die Log.txt und Windows meldetete neue Updates installiert. (wo auch immer er die erlaubnis dafür hatte diese zu installieren) ComboFix.txt Code:
ATTFilter ComboFix 13-03-17.01 - Basti 18.03.2013 10:22:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.2004 [GMT 1:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\CFLog
c:\programdata\60a7806a-0eea-424c-a464-20f4730cd631
c:\users\Basti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Win1970.Conf.Collection.sys
c:\users\Basti\Documents\~2dZeichnung_neuee1.dwg.tmp
c:\users\Basti\Documents\~FERTIG.dwg.tmp
c:\users\Basti\Documents\~nummern.dwg.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\IsUn0407.exe
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\ijl11.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\regobj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-18 bis 2013-03-18 ))))))))))))))))))))))))))))))
.
.
2013-03-15 12:03 . 2013-03-15 12:03 -------- d-----w- c:\windows\ERUNT
2013-03-15 12:02 . 2013-03-15 12:03 -------- d-----w- C:\JRT
2013-03-14 15:02 . 2013-03-14 15:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-14 15:02 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 20:45 . 2013-03-13 20:45 -------- d-----w- c:\users\Basti\AppData\Roaming\LavasoftStatistics
2013-03-13 20:41 . 2013-03-13 20:48 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-03-13 20:36 . 2013-03-13 20:45 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-03-13 20:33 . 2013-03-13 20:33 -------- d-----w- c:\programdata\Downloaded Installations
2013-03-13 20:33 . 2013-03-13 20:33 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-03-13 20:33 . 2013-03-13 20:33 -------- d-----w- c:\program files\Toolbar Cleaner
2013-03-13 20:31 . 2013-03-13 23:01 -------- d-----w- c:\users\Basti\AppData\Roaming\Ad-Aware Antivirus
2013-03-13 20:31 . 2013-03-13 20:31 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-03-13 20:31 . 2013-03-13 20:31 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-03-12 21:02 . 2013-03-12 21:02 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-11 10:17 . 2013-03-11 10:18 -------- d-----w- C:\RegioprojektCheck
2013-03-02 20:42 . 2013-03-02 20:42 -------- d-----w- c:\users\Basti\AppData\Roaming\Easy2Convert
2013-02-28 12:22 . 2013-02-28 12:22 -------- d-----w- c:\users\Basti\DropBox_Hcu
2013-02-24 19:24 . 2013-02-24 19:24 -------- d-----w- c:\program files\iPod
2013-02-24 19:24 . 2013-02-24 19:24 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-24 19:24 . 2013-02-24 19:24 -------- d-----w- c:\program files\iTunes
2013-02-21 15:15 . 2013-02-21 15:15 -------- d-----w- c:\program files\Common Files\Java
2013-02-21 15:14 . 2013-02-21 15:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 08:22 . 2013-02-18 08:22 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-02-18 08:22 . 2013-02-18 08:22 67432 ----a-w- c:\windows\system32\nvapo32v.dll
2013-02-18 08:22 . 2013-02-18 08:22 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-18 08:22 . 2013-02-18 08:22 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 18:25 . 2013-01-19 19:36 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 18:25 . 2013-01-19 19:36 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-21 15:14 . 2012-05-19 09:00 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-21 15:14 . 2010-10-19 16:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-08 00:45 . 2013-03-12 10:27 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78D98F9F-A449-41FC-B35F-BAF97D4D0E02}\mpengine.dll
2013-01-17 00:28 . 2009-10-02 23:40 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-11 10:39 . 2013-01-19 11:45 88576 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-09 13:52 . 2012-02-07 09:02 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2013-01-05 05:26 . 2013-02-15 17:59 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:26 . 2013-02-15 17:59 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 11:28 . 2013-02-15 17:59 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38 . 2013-02-15 17:59 2048512 ----a-w- c:\windows\system32\win32k.sys
2008-08-16 16:42 . 2013-03-08 11:19 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 16:42 . 2013-03-08 11:19 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 16:42 . 2013-03-08 11:19 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 16:42 . 2013-03-08 11:19 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 16:43 . 2013-03-08 11:19 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 16:42 . 2013-03-08 11:19 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 16:42 . 2013-03-08 11:19 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 07:41 . 2013-03-08 11:19 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 07:41 . 2013-03-08 11:19 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 07:41 . 2013-03-08 11:19 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 12:58 . 2013-03-08 11:19 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 16:42 . 2013-03-08 11:19 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-03-08 11:19 . 2013-03-08 11:19 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"razertra"="p:\programme\Razer\razertra.exe" [2004-10-10 208896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ACCU-CHEK® 360° – Automatische Erkennung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ACCU-CHEK® 360° – Automatische Erkennung.lnk
backup=c:\windows\pss\ACCU-CHEK® 360° – Automatische Erkennung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZyAIR USB Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZyAIR USB Utility.lnk
backup=c:\windows\pss\ZyAIR USB Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Basti^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2013-01-31 15:11 542632 ----a-w- c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- p:\programme\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 05:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 10:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-01 16:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-23 21:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 13:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:48 1595520 ----a-w- p:\programme\Winamp\winamp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R4 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
2008-02-25 10:55 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-19 18:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\aukokvmq.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/#hl=de&tbo=d&sclient=psy-ab&q=
FF - prefs.js: network.proxy.ftp - 64.34.197.103
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.gopher - 194.152.42.153
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 64.79.72.50
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 64.34.197.103
FF - prefs.js: network.proxy.socks_port - 8118
FF - prefs.js: network.proxy.ssl - 64.34.197.103
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
SafeBoot-02124864.sys
SafeBoot-29535554.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-OdTray - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-SP_d201b363 - c:\program files\SaveByClick\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-18 10:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(908)
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-18 10:48:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-18 09:48
.
Vor Suchlauf: 14 Verzeichnis(se), 52.352.000.000 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 51.867.566.080 Bytes frei
.
- - End Of File - - 4F37EDAF40C037E45D32B43A8568AFDA
|
|
18.03.2013, 12:08
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WLan Unterbrechung bei "hervorragenden" Empfang JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 12:43
| #11 |
| | WLan Unterbrechung bei "hervorragenden" Empfang Hatte keine Schwierigkeiten - anbei die Logs JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Basti on 18.03.2013 at 12:13:00,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Basti\AppData\Roaming\mozilla\firefox\profiles\aukokvmq.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2013 at 12:16:00,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 18/03/2013 um 12:20:08 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Basti - BASTI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Basti\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Basti\AppData\Local\PackageAware
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\aukokvmq.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\skcfyyzb.Basti\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [4737 octets] - [15/03/2013 16:11:13]
AdwCleaner[S2].txt - [1428 octets] - [18/03/2013 12:20:08]
########## EOF - C:\AdwCleaner[S2].txt - [1488 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 18.03.2013 12:26:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,25% Memory free
6,19 Gb Paging File | 5,37 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 191,47 Gb Total Space | 48,43 Gb Free Space | 25,29% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 8,59 Gb Free Space | 95,79% Space Free | Partition Type: NTFS
Drive P: | 97,66 Gb Total Space | 34,29 Gb Free Space | 35,11% Space Free | Partition Type: NTFS
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{388F357C-C2D6-4457-B2E5-ABE458BD4210}" = protocol=17 | dir=in | app=p:\programme\ida\idag.exe |
"{55215E47-F444-44E2-AEA1-D43752E978AF}" = protocol=6 | dir=in | app=p:\programme\ida\idag.exe |
"{A97FA77C-235C-41CA-BE94-9C501D8D8D75}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AA715525-65CA-4CAA-B84C-954939C12DE1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{238051FC-D06F-460E-8716-2446051DCFAC}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2786935E-2636-4ACA-8B63-45F15CB9860D}P:\programme\kalonline2\engine.exe" = protocol=6 | dir=in | app=p:\programme\kalonline2\engine.exe |
"TCP Query User{2D4E5B59-0E3E-4883-B742-D9B94B856342}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3295D796-5FBB-45F9-A437-9A5E53929788}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{362BBF82-FA1A-4D85-9152-49CD58C4490C}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{426D8183-0C06-4A66-A178-747D0FED5CD6}P:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=p:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe |
"TCP Query User{7CE275E3-097A-4AA0-9EFF-5D27DEF2EE35}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{982AAACF-A03B-486A-913A-B66D16C97F55}P:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=p:\programme\winamp\winamp.exe |
"TCP Query User{99A37927-1BB0-45E1-8C64-490F494983F1}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{A8149DC9-2465-4503-A443-0A42B97251DD}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{AC086CF6-4D95-4B76-9A51-A2A3D4A390C4}P:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=p:\programme\winamp\winamp.exe |
"TCP Query User{B7836EEA-149C-4877-9DBF-F86D547D1F83}C:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe" = protocol=6 | dir=in | app=c:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe |
"TCP Query User{C1851ABE-661B-4101-97E8-E9E8399C8CBB}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{DA0D4A79-085D-45D9-AB29-2F0CB6D839EB}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{E3336F3E-4682-4179-B323-EF4383741CB0}P:\programme\python26\arcgis10.0\pythonw.exe" = protocol=6 | dir=in | app=p:\programme\python26\arcgis10.0\pythonw.exe |
"TCP Query User{E969CC9A-7A59-4C1B-85DA-B0AEAC794445}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{F76F3247-9A85-4359-BCD1-A0FA208FBD95}P:\programme\kalonline2\engine.exe" = protocol=6 | dir=in | app=p:\programme\kalonline2\engine.exe |
"UDP Query User{1470591A-9EA0-4DCA-B867-8D9F66160E09}P:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=p:\programme\winamp\winamp.exe |
"UDP Query User{238C5755-A80A-433F-A920-46EA995FD20E}P:\programme\kalonline2\engine.exe" = protocol=17 | dir=in | app=p:\programme\kalonline2\engine.exe |
"UDP Query User{38E2204D-1156-4413-BB3C-F58B084DB254}P:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=p:\downloads\eclipse-sdk-4.2.1-win32\eclipse\eclipse.exe |
"UDP Query User{6BF3AAE1-A28F-4B44-A5F6-6E5B1260C5A9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{6D6D39FB-AFAC-44A3-A95C-53D8CE9D2DF2}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{7E229C8C-491F-4112-8ABC-970244C1937C}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{82F12BC0-CC50-40A1-9F1C-F9FBC71E7E3A}P:\programme\kalonline2\engine.exe" = protocol=17 | dir=in | app=p:\programme\kalonline2\engine.exe |
"UDP Query User{A7A0DE70-FBD8-40C3-891B-9CC80B9AD982}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{AACCC60A-5D0E-4723-84A9-77B818A012B7}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"UDP Query User{AD0F4155-B60A-4721-9DDD-F7FBC9900906}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"UDP Query User{B0880210-BCBB-4189-8C58-E93DEA7004A1}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{C1F658E6-BBE7-4FF0-B293-0AB8F0C26CDF}P:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=p:\programme\winamp\winamp.exe |
"UDP Query User{DBA72A8F-ED07-44F6-A8B0-FEBD4FD77A50}C:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe" = protocol=17 | dir=in | app=c:\users\basti\documents\visual studio 2010\projects\clientlesskal\clientlesskal\release\clientlesskal.exe |
"UDP Query User{DF6F7223-044F-4962-959A-11B440CC08D5}P:\programme\python26\arcgis10.0\pythonw.exe" = protocol=17 | dir=in | app=p:\programme\python26\arcgis10.0\pythonw.exe |
"UDP Query User{F37ADE08-33E7-48FB-80B2-10B78CA9F529}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F0F4D26-B01D-4C13-AADB-CF1FB2D50C1E}" = Microsoft Windows Software Development Kit for Windows Vista Update Win32 Documentation (6000.16384.10)
"{0FB0C4D9-73BB-4D1A-8483-5D0BD53FACC0}" = Ad-Aware Antivirus
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1910DA3B-AC76-4902-8C5C-A4F75EB0961F}" = ACCU-CHEK 360°
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{216B2D77-E514-4D3E-9E03-E74D3E15D084}" = Microsoft Windows Software Development Kit for Windows Vista Update Utilities for .NET Development (6000.16384.10)
"{2222706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 SDK
"{22898134-089F-4751-A7DF-43E3F7FAE10F}" = Microsoft Windows Software Development Kit for Windows Vista Update Headers and Libraries (6000.16384.10)
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23EE5D9A-72D4-4529-9B8D-E1BB6B53F008}" = Microsoft Windows Software Development Kit for Windows Vista Update Debug Symbols for .NET Development (6000.16384.10)
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26016EAB-8C1B-4CF2-97E3-BDC943B2D8AF}" = Microsoft Windows Software Development Kit for Windows Vista Update Samples (6000.16384.10)
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACCUCHEK360)
"{2C0622F2-2E68-468C-AA43-0CF81D3ACF14}" = Detours Express 3.0
"{2D7F824B-6744-4C30-B78B-0966E9BD461D}" = KalOnlineEng
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4
"{34C8D2D7-0C52-4D57-B774-959EF539F4C6}" = MySQL Connector C++ 1.1.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{3729DED6-BAC0-4010-A3F1-FD72ED035C9D}" = MySQL Connector J
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AF6EF15-5841-4FF8-A3FC-5B2400AB9145}" = Borland Data Engine
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4C89A3C8-97E8-43A6-8DEC-5DE09098ACD0}" = Microsoft Windows Software Development Kit for Windows Vista Update Compilers (6000.16384.10)
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor 2010 Language Pack - Deutsch
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5783F2D7-A000-0407-0002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012
"{5783F2D7-A000-0407-1002-0060B0CE6BBA}" = AutoCAD Civil 3D 2012 Language Pack - Deutsch
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5C741A01-05D6-4306-BA6A-DC8401285AE8}" = Debugging Tools for Windows
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.30, 2013.01.21
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6C72788B-E203-4585-A5E6-E086D10439A6}" = Microsoft Windows Software Development Kit for Windows Vista Update (6000.16384.10)
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846D9AAD-EA7D-4126-9177-F874FD389BE4}" = Microsoft FxCop 1.35
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{849B70E0-55C8-4BDD-9EC5-84502B7AF594}" = Microsoft Windows Software Development Kit for Windows Vista Update Common Utilities (6000.16384.10)
"{85C6CE1E-2A22-4C5A-A8A1-9DBFBEA81DE1}" = Razer
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE72E414-0935-4AC8-B7D6-12E3039BEC13}" = DigitalPersona Personal 3.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4A52A73-B0B7-4BDA-BAED-83D054F63FAE}" = pgAdmin III 1.8
"{B4D8FC32-3728-4BCB-88BE-C762412E1B19}" = Microsoft Windows Software Development Kit for Windows Vista Update .NET Documentation (6000.16384.10)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFA81765-AC83-48A0-96ED-0188C503D255}" = Microsoft Windows Software Development Kit for Windows Vista Update Utilities for Win32 Development (6000.16384.10)
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E08EC542-BC5F-4F26-BBB9-E426BA007A31}" = OneTouch USB Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}" = OneTouch-Software
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"3309-7404-0599-8908" = yEd Graph Editor 3.9.2
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.3.8
"ArcGIS Desktop 10" = ArcGIS Desktop 10
"AudioBurst" = AudioBurst FX Engine
"AutoCAD Civil 3D 2012" = AutoCAD Civil 3D 2012
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bridge Builder" = Bridge Builder
"CloneCD" = CloneCD
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DWG TrueView 2011" = DWG TrueView 2011
"ENTERPRISE" = Microsoft Office Enterprise 2007
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
"Free Audio Converter_is1" = Free Audio Converter version 5.0.14.627
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.3.815
"FugroViewer" = FugroViewer (Remove Only)
"Git_is1" = Git version 1.7.11-preview20120710
"Hamachi" = Hamachi 1.0.3.0
"Hardcopy(P__Programme_Hardcopy)" = Hardcopy (P:\Programme\Hardcopy)
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"IDA Pro_is1" = IDA Pro Advanced v5.2 with WinCE v5.0 debugger
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1910DA3B-AC76-4902-8C5C-A4F75EB0961F}" = ACCU-CHEK 360°
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"libxml2-python-py2.6" = Python 2.6 libxml2-python-2.7.7
"lxml-py2.6" = Python 2.6 lxml-2.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Maple 14" = Maple 14
"Maple Toolbox" = Maple Toolbox
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"MISEC" = Monkey Island™ Special Edition Collection
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PowerTools Lite EX 2013" = PowerTools Lite EX 2013
"PSPad editor_is1" = PSPad editor
"pywin32-py2.6" = Python 2.6 pywin32-217
"SDKSetup_6.1.6000.16384" = Microsoft Windows Software Development Kit for Windows Vista Update (6000.16384.10)
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"streamWriter_is1" = streamWriter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.1 beta
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"68c6678448324991" = GitHub
"TabComponentsDemo" = TabComponentsDemo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Cisco AnyConnect VPN Client Events ]
Error - 01.03.2013 06:15:57 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
241 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1261 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1262 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
828 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1657 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 01.03.2013 06:37:52 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 01.03.2013 06:42:16 | Computer Name = Basti-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
Error - 01.03.2013 06:42:16 | Computer Name = Basti-PC | Source = vpnagent | ID = 67108866
Description = Function: CWTS::GetActiveSessionId File: .\WTS.cpp Line: 155 Invoked
Function: CWTS::GetActiveSessionId Return Code: -30605303 (0xFE2D0009) Description:
WTS_ERROR_UNEXPECTED Active user session not found
Error - 01.03.2013 06:42:19 | Computer Name = Basti-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
[ OSession Events ]
Error - 30.04.2010 06:14:47 | Computer Name = Basti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.03.2013 07:22:48 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.03.2013 07:24:15 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 18.03.2013 07:24:15 | Computer Name = Basti-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 18.03.2013 12:26:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,25% Memory free 6,19 Gb Paging File | 5,37 Gb Available in Paging File | 86,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 191,47 Gb Total Space | 48,43 Gb Free Space | 25,29% Space Free | Partition Type: NTFS Drive D: | 8,96 Gb Total Space | 8,59 Gb Free Space | 95,79% Space Free | Partition Type: NTFS Drive P: | 97,66 Gb Total Space | 34,29 Gb Free Space | 35,11% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Basti\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) ========== Modules (No Company Name) ========== MOD - C:\Programme\Git\git-cheetah\git_shell_ext.dll () MOD - P:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- P:\Programme\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Autodesk Content Service) -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe () SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe () SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (MSSQL$ACCUCHEK360) -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SentinelProtectionServer) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) ========== Driver Services (SafeList) ========== DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found DRV - (XDva347) -- C:\Windows\system32\XDva347.sys File not found DRV - (XDva346) -- C:\Windows\system32\XDva346.sys File not found DRV - (SysCom1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.836\Ghost Killer\SoRa.sys File not found DRV - (spd3ssl) -- P:\Program Files\Spyware Process Detector\spd317.sys File not found DRV - (ROCKSTAR) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.966\ksysdrv.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (KIKIDRIVER) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.355\Kiki Engine 1.41\kiki.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (injectDLL) -- P:\Downloads\ProInjector\injectDLL.sys File not found DRV - (GGSAFERDriver) -- P:\Programme\Garena\safedrv.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (BeSk81) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.000\Let's Engine 3.0\BeSk8.sys File not found DRV - (ampro) -- P:\Program Files\ArtMoney\artmoney.sys File not found DRV - (AhnRptTfFRegFNT) -- C:\Users\Basti\AppData\Local\Temp\nsb585F.tmp\TfFRegNt.sys File not found DRV - (ahaaha1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.647\ahaaha.sys File not found DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (d3d9) -- C:\Windows\System32\d3d9.dll (Microsoft Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Programme\HP\QuickPlay\000.fcl (Cyberlink Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (mirrorv3) -- C:\Windows\System32\drivers\rminiv3.sys (Famatech International Corp.) DRV - (Sentinel) -- C:\Windows\System32\drivers\sentinel.sys (SafeNet, Inc.) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{D9A80BB3-B0E4-4B4D-93DF-67B60F57DAC5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{DE9FEAA3-5CD2-4DC3-A08D-D2562FDD252F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://www.google.de/#hl=de&tbo=d&sclient=psy-ab&q=" FF - prefs.js..network.proxy.backup.ftp: "210.48.147.94" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "71.59.14.27" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "210.48.147.94" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "210.48.147.94" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "64.34.197.103" FF - prefs.js..network.proxy.ftp_port: 8118 FF - prefs.js..network.proxy.gopher: "194.152.42.153" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "64.79.72.50" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "64.34.197.103" FF - prefs.js..network.proxy.socks_port: 8118 FF - prefs.js..network.proxy.ssl: "64.34.197.103" FF - prefs.js..network.proxy.ssl_port: 8118 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.13 21:33:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 12:19:20 | 000,000,000 | ---D | M] [2008.11.01 01:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\aukokvmq.default\extensions [2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\skcfyyzb.Basti\extensions [2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㐰䄭䍂䕄䙆䑅䉃絁 [2013.03.08 12:19:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012.06.17 19:29:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 11:48:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 19:29:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 19:29:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 19:29:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 19:29:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: SaveByclick = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijppfghbmeajainbpmmkjfmhehilndgf\1\ O1 HOSTS File: ([2013.03.18 10:37:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [razertra] P:\Programme\Razer\razertra.exe (Razer Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7AA3E2-2931-41EE-9555-06444FCB7085}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.18 12:24:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.03.18 10:48:25 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\temp [2013.03.18 10:45:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.18 10:19:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.18 10:19:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.18 10:19:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.18 10:18:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.18 10:17:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.18 10:17:14 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2013.03.17 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{DD9C975A-53C4-43C4-A7C9-6DFC245F4FA2} [2013.03.17 21:03:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe [2013.03.17 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\mbar [2013.03.16 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{421DB4F4-5DAE-4457-84D7-23E7CC61A15B} [2013.03.15 23:00:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E345532B-4F57-4277-AAFB-A22DEE6A824C} [2013.03.15 16:15:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe [2013.03.15 13:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.15 13:02:27 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.15 13:02:01 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe [2013.03.15 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FC0E752-D7AE-4B65-A00F-06664B5E792C} [2013.03.14 16:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.14 16:02:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.14 16:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.13 21:55:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 21:55:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 21:55:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 21:55:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 21:55:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 21:55:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 21:55:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 21:55:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\LavasoftStatistics [2013.03.13 21:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.03.13 21:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013.03.13 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2013.03.13 21:36:17 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.03.13 21:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.03.13 21:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.03.13 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013.03.13 21:31:41 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013.03.13 21:31:41 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.03.13 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Ad-Aware Antivirus [2013.03.13 20:22:47 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL [2013.03.13 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FA42786-F677-4876-B5AD-11EC60DF76E7} [2013.03.12 22:55:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E43E1612-E4CD-43DD-AC2C-9FBAD0747AF5} [2013.03.12 22:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.11 21:47:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7DF7DEB3-3D6F-49B4-B968-98422EC87FFC} [2013.03.11 11:17:42 | 000,000,000 | ---D | C] -- C:\RegioprojektCheck [2013.03.11 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{ADF33BC3-4BDC-44FF-B583-257CD9A98642} [2013.03.10 13:42:11 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AAE422AF-8E02-4D3D-A0A8-12B8D4439A33} [2013.03.09 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D26412A9-50B9-4C1E-A5C0-498A5C9B2619} [2013.03.08 23:28:27 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{9084219C-2EDC-4666-A26F-00892C771905} [2013.03.08 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.08 11:27:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A8E23A8A-89F5-49CA-B4AE-DB8E8006EA12} [2013.03.07 13:32:40 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{73DB2423-C761-40C5-BD8F-26E80671D141} [2013.03.06 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{35935447-B316-4B04-8A41-76BEF822B7FD} [2013.03.05 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7329F463-C1FA-447B-9280-2B23D0D6C5D4} [2013.03.04 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Oma_silber [2013.03.04 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D93B6735-3620-43B4-89AB-3F12E2FC1928} [2013.03.03 14:29:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A72CF85F-7944-4894-82F6-1FE9C5024F7A} [2013.03.02 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Easy2Convert [2013.03.02 18:12:50 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{92A724D6-3210-43B1-9F54-999535D6B387} [2013.03.01 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AD0E481F-870B-4465-9CF3-017141BD09A0} [2013.02.28 13:22:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\DropBox_Hcu [2013.02.28 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A04E3D91-FE3D-4CED-BDEA-27EA4B434216} [2013.02.27 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Bachelorarbeit [2013.02.27 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5ABAC6BF-2999-4760-B0DB-F1BCCDCE9185} [2013.02.26 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7513401B-6D46-4288-A92A-2A79F716A526} [2013.02.25 13:21:24 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{CF5882A0-FEF5-4088-8A75-240D789259BF} [2013.02.24 20:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.24 20:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.24 18:03:46 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Krankenkasse [2013.02.24 13:24:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AFA46DB8-4CBB-4DAA-A05D-36CA098B6C97} [2013.02.23 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{72C21F51-23E0-4141-BAC1-58B132102A7E} [2013.02.22 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5FCC6DBA-9A65-4B39-AF1C-A2B07F2DE6BF} [2013.02.21 16:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.02.21 16:14:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.21 16:14:38 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.21 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7BB84EFE-2E55-43D3-8B58-535A82B5608C} [2013.02.20 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{102FF5FB-5AD6-4670-A61C-855B5FCB2AC9} [2013.02.18 09:22:18 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll [2013.02.18 09:22:18 | 000,149,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2013.02.18 09:22:18 | 000,067,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll [2013.02.18 09:22:18 | 000,028,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2013.02.16 16:50:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{939C9AB4-81F2-44A4-A676-5059540594BD} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.18 12:25:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.18 12:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.03.18 12:22:11 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.03.18 12:22:10 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.18 12:21:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 12:21:57 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 12:21:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.18 12:21:15 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys [2013.03.18 12:19:20 | 000,609,993 | ---- | M] () -- C:\Users\Basti\Desktop\adwcleaner.exe [2013.03.18 10:37:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.18 10:14:31 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2013.03.17 21:30:49 | 000,000,512 | ---- | M] () -- C:\Users\Basti\Desktop\MBR.dat [2013.03.17 21:03:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe [2013.03.17 16:43:35 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe [2013.03.15 21:12:30 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013.03.15 16:17:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe [2013.03.15 13:02:01 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe [2013.03.14 16:17:17 | 000,613,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.14 16:02:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.14 15:48:27 | 000,012,585 | ---- | M] () -- C:\Users\Basti\Desktop\Desktop.7z [2013.03.14 14:40:05 | 405,404,546 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.14 13:49:58 | 000,000,020 | ---- | M] () -- C:\Users\Basti\defogger_reenable [2013.03.14 11:07:22 | 000,778,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.14 11:07:22 | 000,728,700 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.14 11:07:22 | 000,187,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.14 11:07:22 | 000,155,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.13 21:48:26 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.03.13 21:31:41 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013.03.13 21:31:41 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.03.12 19:25:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.12 19:25:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.24 20:24:52 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.22 17:38:14 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2013.02.22 17:38:14 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2013.02.21 16:14:26 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.21 16:14:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.21 16:14:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.21 16:14:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.20 00:17:49 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.18 09:22:18 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll [2013.02.18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2013.02.18 09:22:18 | 000,067,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll [2013.02.18 09:22:18 | 000,028,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2013.02.16 16:03:26 | 000,446,065 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215437.backup [2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215716.backup [2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215525.backup [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.18 12:19:18 | 000,609,993 | ---- | C] () -- C:\Users\Basti\Desktop\adwcleaner.exe [2013.03.18 10:19:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.18 10:19:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.18 10:19:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.18 10:19:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.18 10:19:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.17 21:30:49 | 000,000,512 | ---- | C] () -- C:\Users\Basti\Desktop\MBR.dat [2013.03.17 19:50:28 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys [2013.03.17 16:43:34 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe [2013.03.14 16:02:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.14 15:48:27 | 000,012,585 | ---- | C] () -- C:\Users\Basti\Desktop\Desktop.7z [2013.03.14 13:49:42 | 000,000,020 | ---- | C] () -- C:\Users\Basti\defogger_reenable [2013.03.13 21:36:49 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.02.24 20:24:52 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 11:44:24 | 000,000,020 | -HS- | C] () -- C:\Users\Basti\AppData\Roaming\App4870.ConfCollection.bin [2012.10.19 22:45:31 | 000,000,888 | ---- | C] () -- C:\Users\Basti\recStudio.ini [2012.10.19 22:40:48 | 000,000,263 | ---- | C] () -- C:\Windows\w32demo8.ini [2012.09.17 15:32:31 | 000,000,130 | ---- | C] () -- C:\Users\Basti\.bash_history [2012.09.17 14:30:44 | 000,000,094 | ---- | C] () -- C:\Users\Basti\.gitconfig [2012.06.29 12:04:08 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2012.06.29 12:04:01 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ZDTRLib.DLL [2012.06.29 12:04:01 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ZD12APP.dll [2012.06.29 12:04:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\PassAPP.dll [2012.06.29 12:04:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\INSAPP.dll [2012.06.29 12:04:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2012.03.25 19:37:24 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll [2012.03.25 19:37:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader26.dll [2012.03.25 19:37:23 | 000,358,912 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll [2012.02.21 23:49:42 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled13_MAS.bak [2012.02.21 23:49:33 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled12_MAS.bak [2012.02.18 16:11:35 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.10 13:05:43 | 000,000,000 | ---- | C] () -- C:\Users\Basti\Programme [2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.08.30 12:54:49 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.05 17:16:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.05.05 17:16:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.03.22 11:27:59 | 000,041,890 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\room.dat [2009.07.31 17:54:45 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Local\PUTTY.RND [2009.03.26 22:24:34 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\winscp.rnd [2009.02.15 01:31:22 | 000,022,328 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys [2008.12.28 18:44:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.11.16 20:52:34 | 000,000,142 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\wklnhst.dat [2008.11.11 09:52:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.11.04 11:32:49 | 000,024,206 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\UserTile.png [2008.11.02 21:13:01 | 000,000,680 | ---- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat [2008.11.01 19:11:10 | 000,010,240 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:EA09D10B @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F589C83D @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CDEC4D21 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5678F84F @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7AE8A440 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F < End of report > |
|
18.03.2013, 13:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WLan Unterbrechung bei "hervorragenden" EmpfangFixen mit OTL
Code:
ATTFilter :OTL
DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found
DRV - (XDva347) -- C:\Windows\system32\XDva347.sys File not found
DRV - (XDva346) -- C:\Windows\system32\XDva346.sys File not found
DRV - (SysCom1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.836\Ghost Killer\SoRa.sys File not found
DRV - (spd3ssl) -- P:\Program Files\Spyware Process Detector\spd317.sys File not found
DRV - (ROCKSTAR) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.966\ksysdrv.sys File not found
DRV - (KIKIDRIVER) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.355\Kiki Engine 1.41\kiki.sys File not found
DRV - (BeSk81) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX01.000\Let's Engine 3.0\BeSk8.sys File not found
DRV - (ampro) -- P:\Program Files\ArtMoney\artmoney.sys File not found
DRV - (AhnRptTfFRegFNT) -- C:\Users\Basti\AppData\Local\Temp\nsb585F.tmp\TfFRegNt.sys File not found
DRV - (ahaaha1) -- C:\Users\Basti\AppData\Local\Temp\Rar$EX00.647\ahaaha.sys File not found
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:EA09D10B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F589C83D
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CDEC4D21
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5678F84F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7AE8A440
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 13:07
| #13 |
| | WLan Unterbrechung bei "hervorragenden" Empfang Hat geklappt alles - jedoch beim Ok klicken zur Bestätigung des Neustarts ist im selben Moment mein AntiVir auf gegangen und sagte irgendetwas Blockiert Zugriff oder so - konnte es nicht schnell genug lesen Hier die log: Code:
ATTFilter All processes killed
========== OTL ==========
Service XDva349 stopped successfully!
Service XDva349 deleted successfully!
File C:\Windows\system32\XDva349.sys File not found not found.
Service XDva347 stopped successfully!
Service XDva347 deleted successfully!
File C:\Windows\system32\XDva347.sys File not found not found.
Service XDva346 stopped successfully!
Service XDva346 deleted successfully!
File C:\Windows\system32\XDva346.sys File not found not found.
Service SysCom1 stopped successfully!
Service SysCom1 deleted successfully!
File C:\Users\Basti\AppData\Local\Temp\Rar$EX00.836\Ghost Killer\SoRa.sys File not found not found.
Service spd3ssl stopped successfully!
Service spd3ssl deleted successfully!
File P:\Program Files\Spyware Process Detector\spd317.sys File not found not found.
Service ROCKSTAR stopped successfully!
Service ROCKSTAR deleted successfully!
File C:\Users\Basti\AppData\Local\Temp\Rar$EX00.966\ksysdrv.sys File not found not found.
Service KIKIDRIVER stopped successfully!
Service KIKIDRIVER deleted successfully!
File C:\Users\Basti\AppData\Local\Temp\Rar$EX01.355\Kiki Engine 1.41\kiki.sys File not found not found.
Service BeSk81 stopped successfully!
Service BeSk81 deleted successfully!
File C:\Users\Basti\AppData\Local\Temp\Rar$EX01.000\Let's Engine 3.0\BeSk8.sys File not found not found.
Service ampro stopped successfully!
Service ampro deleted successfully!
File P:\Program Files\ArtMoney\artmoney.sys File not found not found.
Service AhnRptTfFRegFNT stopped successfully!
Service AhnRptTfFRegFNT deleted successfully!
File C:\Users\Basti\AppData\Local\Temp\nsb585F.tmp\TfFRegNt.sys File not found not found.
Service ahaaha1 stopped successfully!
Service ahaaha1 deleted successfully!
File C:\Users\Basti\AppData\Local\Temp\Rar$EX00.647\ahaaha.sys File not found not found.
ADS C:\ProgramData\TEMP:EA09D10B deleted successfully.
ADS C:\ProgramData\TEMP:F589C83D deleted successfully.
ADS C:\ProgramData\TEMP:CDEC4D21 deleted successfully.
ADS C:\ProgramData\TEMP:5678F84F deleted successfully.
ADS C:\ProgramData\TEMP:7AE8A440 deleted successfully.
ADS C:\ProgramData\TEMP:CE2C623F deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Basti\Desktop\cmd.bat deleted successfully.
C:\Users\Basti\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Basti
->Temp folder emptied: 33816 bytes
->Temporary Internet Files folder emptied: 195254414 bytes
->Java cache emptied: 6478 bytes
->FireFox cache emptied: 75495216 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 4049 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6090 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 258,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 03182013_130343
Files\Folders moved on Reboot...
C:\Windows\temp\spserv.dat moved successfully.
C:\Windows\System32\drivers\etc\Hosts moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
18.03.2013, 13:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WLan Unterbrechung bei "hervorragenden" Empfang Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 13:33
| #15 |
| | WLan Unterbrechung bei "hervorragenden" Empfang Ich war eben schon ein wenig paranoid und musste 2 mal Scannen weil jedes mal die Einstellungen verstellt wurden.... Dies mal habe ich es aber beobachtet und er ist automatisch kurz vor Ende bei Standard-Registrierung von Benutze SafeList auf Alles umgesprungen Code:
ATTFilter OTL logfile created on: 18.03.2013 13:27:14 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Basti\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,49% Memory free 6,19 Gb Paging File | 5,32 Gb Available in Paging File | 85,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 191,47 Gb Total Space | 48,70 Gb Free Space | 25,44% Space Free | Partition Type: NTFS Drive D: | 8,96 Gb Total Space | 8,59 Gb Free Space | 95,79% Space Free | Partition Type: NTFS Drive P: | 97,66 Gb Total Space | 34,29 Gb Free Space | 35,11% Space Free | Partition Type: NTFS Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Basti\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- P:\Programme\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Autodesk Content Service) -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe () SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_dbc0250.dll () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe () SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (MSSQL$ACCUCHEK360) -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SentinelProtectionServer) -- C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (injectDLL) -- P:\Downloads\ProInjector\injectDLL.sys File not found DRV - (GGSAFERDriver) -- P:\Programme\Garena\safedrv.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (DBKDRVR54) -- C:\Program Files\Cheat Engine\dbk32.sys File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (d3d9) -- C:\Windows\System32\d3d9.dll (Microsoft Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Programme\HP\QuickPlay\000.fcl (Cyberlink Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (mirrorv3) -- C:\Windows\System32\drivers\rminiv3.sys (Famatech International Corp.) DRV - (Sentinel) -- C:\Windows\System32\drivers\sentinel.sys (SafeNet, Inc.) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{D9A80BB3-B0E4-4B4D-93DF-67B60F57DAC5}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{DE9FEAA3-5CD2-4DC3-A08D-D2562FDD252F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.80.124.82:3128 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://www.google.de/#hl=de&tbo=d&sclient=psy-ab&q=" FF - prefs.js..network.proxy.backup.ftp: "210.48.147.94" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.gopher: "71.59.14.27" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "210.48.147.94" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "210.48.147.94" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "64.34.197.103" FF - prefs.js..network.proxy.ftp_port: 8118 FF - prefs.js..network.proxy.gopher: "194.152.42.153" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "64.79.72.50" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "64.34.197.103" FF - prefs.js..network.proxy.socks_port: 8118 FF - prefs.js..network.proxy.ssl: "64.34.197.103" FF - prefs.js..network.proxy.ssl_port: 8118 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.13 21:33:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 12:19:20 | 000,000,000 | ---D | M] [2008.11.01 01:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions [2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\aukokvmq.default\extensions [2013.03.15 13:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\skcfyyzb.Basti\extensions [2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 12:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㐰䄭䍂䕄䙆䑅䉃絁 [2013.03.08 12:19:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.08.16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008.08.16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008.08.16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2008.08.16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008.08.16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012.06.17 19:29:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 11:48:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 19:29:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 19:29:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 19:29:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 19:29:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: SaveByclick = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijppfghbmeajainbpmmkjfmhehilndgf\1\ Hosts file not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [razertra] P:\Programme\Razer\razertra.exe (Razer Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2481524858-3819154491-4169622046-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7AA3E2-2931-41EE-9555-06444FCB7085}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Basti\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.18 13:03:43 | 000,000,000 | ---D | C] -- C:\_OTL [2013.03.18 12:24:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.03.18 10:48:25 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\temp [2013.03.18 10:45:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.18 10:19:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.18 10:19:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.18 10:19:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.18 10:18:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.18 10:17:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.18 10:17:14 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2013.03.17 21:41:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{DD9C975A-53C4-43C4-A7C9-6DFC245F4FA2} [2013.03.17 21:03:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe [2013.03.17 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\Desktop\mbar [2013.03.16 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{421DB4F4-5DAE-4457-84D7-23E7CC61A15B} [2013.03.15 23:00:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E345532B-4F57-4277-AAFB-A22DEE6A824C} [2013.03.15 16:15:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe [2013.03.15 13:03:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.15 13:02:27 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.15 13:02:01 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe [2013.03.15 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FC0E752-D7AE-4B65-A00F-06664B5E792C} [2013.03.14 16:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.14 16:02:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.14 16:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.13 21:55:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 21:55:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 21:55:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 21:55:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 21:55:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 21:55:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 21:55:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 21:55:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.13 21:45:14 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\LavasoftStatistics [2013.03.13 21:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.03.13 21:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013.03.13 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2013.03.13 21:36:17 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.03.13 21:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.03.13 21:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.03.13 21:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2013.03.13 21:31:41 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013.03.13 21:31:41 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.03.13 21:31:41 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Ad-Aware Antivirus [2013.03.13 20:22:47 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL [2013.03.13 20:11:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{2FA42786-F677-4876-B5AD-11EC60DF76E7} [2013.03.12 22:55:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{E43E1612-E4CD-43DD-AC2C-9FBAD0747AF5} [2013.03.12 22:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.11 21:47:54 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7DF7DEB3-3D6F-49B4-B968-98422EC87FFC} [2013.03.11 11:17:42 | 000,000,000 | ---D | C] -- C:\RegioprojektCheck [2013.03.11 09:47:30 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{ADF33BC3-4BDC-44FF-B583-257CD9A98642} [2013.03.10 13:42:11 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AAE422AF-8E02-4D3D-A0A8-12B8D4439A33} [2013.03.09 16:48:04 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D26412A9-50B9-4C1E-A5C0-498A5C9B2619} [2013.03.08 23:28:27 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{9084219C-2EDC-4666-A26F-00892C771905} [2013.03.08 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.08 11:27:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A8E23A8A-89F5-49CA-B4AE-DB8E8006EA12} [2013.03.07 13:32:40 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{73DB2423-C761-40C5-BD8F-26E80671D141} [2013.03.06 10:13:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{35935447-B316-4B04-8A41-76BEF822B7FD} [2013.03.05 17:36:34 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7329F463-C1FA-447B-9280-2B23D0D6C5D4} [2013.03.04 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Oma_silber [2013.03.04 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{D93B6735-3620-43B4-89AB-3F12E2FC1928} [2013.03.03 14:29:22 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A72CF85F-7944-4894-82F6-1FE9C5024F7A} [2013.03.02 21:42:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Easy2Convert [2013.03.02 18:12:50 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{92A724D6-3210-43B1-9F54-999535D6B387} [2013.03.01 20:09:13 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AD0E481F-870B-4465-9CF3-017141BD09A0} [2013.02.28 13:22:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\DropBox_Hcu [2013.02.28 13:14:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{A04E3D91-FE3D-4CED-BDEA-27EA4B434216} [2013.02.27 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Bachelorarbeit [2013.02.27 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5ABAC6BF-2999-4760-B0DB-F1BCCDCE9185} [2013.02.26 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7513401B-6D46-4288-A92A-2A79F716A526} [2013.02.25 13:21:24 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{CF5882A0-FEF5-4088-8A75-240D789259BF} [2013.02.24 20:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.24 20:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.24 20:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.24 18:03:46 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Krankenkasse [2013.02.24 13:24:38 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{AFA46DB8-4CBB-4DAA-A05D-36CA098B6C97} [2013.02.23 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{72C21F51-23E0-4141-BAC1-58B132102A7E} [2013.02.22 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{5FCC6DBA-9A65-4B39-AF1C-A2B07F2DE6BF} [2013.02.21 16:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.02.21 16:14:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.21 16:14:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.21 16:14:38 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.21 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{7BB84EFE-2E55-43D3-8B58-535A82B5608C} [2013.02.20 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{102FF5FB-5AD6-4670-A61C-855B5FCB2AC9} [2013.02.18 09:22:18 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll [2013.02.18 09:22:18 | 000,149,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2013.02.18 09:22:18 | 000,067,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll [2013.02.18 09:22:18 | 000,028,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2013.02.16 16:50:49 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\{939C9AB4-81F2-44A4-A676-5059540594BD} [1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.18 13:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.18 13:05:19 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.18 13:05:12 | 000,603,210 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.03.18 13:05:06 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 13:05:06 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 13:05:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.18 13:04:56 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys [2013.03.18 12:24:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe [2013.03.18 12:19:20 | 000,609,993 | ---- | M] () -- C:\Users\Basti\Desktop\adwcleaner.exe [2013.03.18 10:14:31 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\Basti\Desktop\ComboFix.exe [2013.03.17 21:30:49 | 000,000,512 | ---- | M] () -- C:\Users\Basti\Desktop\MBR.dat [2013.03.17 21:03:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Basti\Desktop\tdsskiller.exe [2013.03.17 16:43:35 | 000,377,856 | ---- | M] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe [2013.03.15 21:12:30 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013.03.15 16:17:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Basti\Desktop\aswMBR.exe [2013.03.15 13:02:01 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Basti\Desktop\JRT.exe [2013.03.14 16:17:17 | 000,613,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.14 16:02:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.14 15:48:27 | 000,012,585 | ---- | M] () -- C:\Users\Basti\Desktop\Desktop.7z [2013.03.14 14:40:05 | 405,404,546 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.14 13:49:58 | 000,000,020 | ---- | M] () -- C:\Users\Basti\defogger_reenable [2013.03.14 11:07:22 | 000,778,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.14 11:07:22 | 000,728,700 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.14 11:07:22 | 000,187,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.14 11:07:22 | 000,155,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.13 21:48:26 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.03.13 21:31:41 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013.03.13 21:31:41 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.03.12 19:25:28 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.12 19:25:28 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.24 20:24:52 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.22 17:38:14 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2013.02.22 17:38:14 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2013.02.21 16:14:26 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.21 16:14:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.21 16:14:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.21 16:14:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.21 16:14:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.20 00:17:49 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.18 09:22:18 | 000,884,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll [2013.02.18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2013.02.18 09:22:18 | 000,067,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll [2013.02.18 09:22:18 | 000,028,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2013.02.16 16:03:26 | 000,446,065 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215437.backup [2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215716.backup [2013.02.16 16:03:26 | 000,446,065 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130313-215525.backup [1 C:\Users\Basti\AppData\Local\*.tmp files -> C:\Users\Basti\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.18 12:19:18 | 000,609,993 | ---- | C] () -- C:\Users\Basti\Desktop\adwcleaner.exe [2013.03.18 10:19:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.18 10:19:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.18 10:19:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.18 10:19:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.18 10:19:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.17 21:30:49 | 000,000,512 | ---- | C] () -- C:\Users\Basti\Desktop\MBR.dat [2013.03.17 19:50:28 | 3218,296,832 | -HS- | C] () -- C:\hiberfil.sys [2013.03.17 16:43:34 | 000,377,856 | ---- | C] () -- C:\Users\Basti\Desktop\gmer_2.1.19155.exe [2013.03.14 16:02:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.14 15:48:27 | 000,012,585 | ---- | C] () -- C:\Users\Basti\Desktop\Desktop.7z [2013.03.14 13:49:42 | 000,000,020 | ---- | C] () -- C:\Users\Basti\defogger_reenable [2013.03.13 21:36:49 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.02.24 20:24:52 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 11:44:24 | 000,000,020 | -HS- | C] () -- C:\Users\Basti\AppData\Roaming\App4870.ConfCollection.bin [2012.10.19 22:45:31 | 000,000,888 | ---- | C] () -- C:\Users\Basti\recStudio.ini [2012.10.19 22:40:48 | 000,000,263 | ---- | C] () -- C:\Windows\w32demo8.ini [2012.09.17 15:32:31 | 000,000,130 | ---- | C] () -- C:\Users\Basti\.bash_history [2012.09.17 14:30:44 | 000,000,094 | ---- | C] () -- C:\Users\Basti\.gitconfig [2012.06.29 12:04:08 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe [2012.06.29 12:04:01 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ZDTRLib.DLL [2012.06.29 12:04:01 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ZD12APP.dll [2012.06.29 12:04:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\PassAPP.dll [2012.06.29 12:04:01 | 000,028,672 | ---- | C] () -- C:\Windows\System32\INSAPP.dll [2012.06.29 12:04:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll [2012.03.25 19:37:24 | 000,110,080 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll [2012.03.25 19:37:24 | 000,008,192 | ---- | C] () -- C:\Windows\System32\pythoncomloader26.dll [2012.03.25 19:37:23 | 000,358,912 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll [2012.02.21 23:49:42 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled13_MAS.bak [2012.02.21 23:49:33 | 000,000,715 | ---- | C] () -- C:\Users\Basti\untitled12_MAS.bak [2012.02.18 16:11:35 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.10 13:05:43 | 000,000,000 | ---- | C] () -- C:\Users\Basti\Programme [2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.08.30 12:54:49 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.05 17:16:59 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.05.05 17:16:59 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.03.22 11:27:59 | 000,041,890 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\room.dat [2009.07.31 17:54:45 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Local\PUTTY.RND [2009.03.26 22:24:34 | 000,000,600 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\winscp.rnd [2009.02.15 01:31:22 | 000,022,328 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys [2008.12.28 18:44:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.11.16 20:52:34 | 000,000,142 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\wklnhst.dat [2008.11.11 09:52:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.11.04 11:32:49 | 000,024,206 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\UserTile.png [2008.11.02 21:13:01 | 000,000,680 | ---- | C] () -- C:\Users\Basti\AppData\Local\d3d9caps.dat [2008.11.01 19:11:10 | 000,010,240 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.10 00:46:41 | 000,603,210 | ---- | C] () -- C:\ProgramData\nvModes.001 ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.14 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.minecraft [2013.03.14 00:01:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ad-Aware Antivirus [2012.05.20 14:44:08 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\AnvSoft [2013.02.02 20:16:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Autodesk [2010.11.28 11:02:58 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\avidemux [2009.04.21 19:34:09 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\concept design [2008.12.03 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\cPicture [2008.11.14 23:18:57 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools [2009.02.20 19:46:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Datarescue [2008.10.31 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DigitalPersona [2012.07.01 16:32:53 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft [2013.03.02 21:42:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Easy2Convert [2012.10.04 21:28:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ESRI [2013.02.24 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GitHub [2012.01.23 16:51:07 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICAClient [2013.01.26 21:55:19 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ [2013.01.27 21:40:43 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\JavaEditor [2012.06.28 11:25:43 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\LucasArts [2012.11.24 20:20:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Mael [2008.11.03 08:26:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Magic Academy [2009.01.15 14:16:49 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\MuPAD [2010.11.28 11:49:32 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org [2011.11.09 10:54:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\postgresql [2009.01.02 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Red Alert 3 [2009.04.10 20:23:07 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Resource Tuner [2013.03.08 09:30:35 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer [2009.12.18 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Template [2013.01.13 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TS3Client [2008.12.03 21:37:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Tunebite [2009.07.10 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft [2011.08.08 21:36:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\WindSolutions [2012.07.28 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\yWorks ========== Purity Check ========== < End of report > |
|
| Themen zu WLan Unterbrechung bei "hervorragenden" Empfang |
| aufsetzen, blue screen, funktioniert, gmer, hintergrund, home, kaspersky, laptop, log, lösung, namen, nervig, neu, neu aufsetzen, nicht mehr, probleme, rootkit, rootkit scanner, screen, spybot, surfen, tdss, verbindung, vista, wlan, wlan verbindung |
Textbox. 
Linear-Darstellung
