| |
| |||||||
Log-Analyse und Auswertung: vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.03.2013, 09:36
| #1 |
| |  vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Moin liebe Experten, ich bin auch auf die Mail von "Groupon" reingefallen. Jetzt bekomme ich oft Virusmeldungen durch mein Virenscanner (AntiVir). Leider bin ich damit etwas überfordert. Vielleicht könnt Ihr mir helfen. Anbei die letzten Funde durch AntiVir: Code:
ATTFilter Typ: Datei
Quelle: C:\Users\***\AppData\Local\Temp\POS1386.tmp
Status: Infiziert
Quarantäne-Objekt: 59f94c6c.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.65.04
Meldung: TR/Kazy.153787.2
Datum/Uhrzeit: 15.03.2013, 08:53
Typ: Datei
Quelle: C:\Users\***\AppData\Roaming\KB00834037.exe.DAT
Status: Infiziert
Quarantäne-Objekt: 56b37ebc.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.65.04
Meldung: TR/Graftor.72688
Datum/Uhrzeit: 15.03.2013, 08:52
Typ: Datei
Quelle: C:\Users\***\AppData\Roaming\KB00834037.exe
Status: Infiziert
Quarantäne-Objekt: 59dee816.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.242
Meldung: TR/Kazy.153787.2
Datum/Uhrzeit: 15.03.2013, 02:27
Typ: Datei
Quelle: C:\Users\***\AppData\Local\Temp\tmp7568a5f8\vv1303.exe
Status: Infiziert
Quarantäne-Objekt: 594f8603.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.14
Virendefinitionsdatei: 7.11.64.226
Meldung: TR/Spy.Bebloh.EB.100
Datum/Uhrzeit: 14.03.2013, 01:22
Aber GMER funktioniert bei mir nicht. Es kam nach einer Zeit folgende Benachrichtigung: gmer_2.1.19155.exe funktioniert nicht mehr Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist. Hier nun defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 04:53 on 15/03/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 3/15/2013 4:56:22 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.27% Memory free 5.92 Gb Paging File | 4.34 Gb Available in Paging File | 73.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 106.39 Gb Total Space | 7.56 Gb Free Space | 7.10% Space Free | Partition Type: NTFS Drive D: | 106.39 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name:***| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/15 04:54:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013/02/08 14:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2013/02/06 11:54:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/06 11:53:46 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/06 11:53:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010/05/06 07:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/12/17 06:34:08 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/10/13 11:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe ========== Modules (No Company Name) ========== MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/03/13 06:01:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/06 11:54:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/06 11:53:46 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/01/04 19:17:42 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/12/11 19:34:30 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/12/11 19:34:30 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/11/16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/07/30 12:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012/07/30 12:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/14 18:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/04/01 01:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/03/31 01:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/12/14 21:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/10/13 03:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/08/05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/10 14:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010/08/09 10:25:19 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\***\Desktop\Desp. Houswives IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5D2564B4-BA8D-44DE-9CA2-11702F25A82A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=39BA7493-0E43-4E9B-82B4-D2AD316F6A87&apn_sauid=5DFF952A-A4D7-4BA5-A139-514F9C3B650E IE - HKCU\..\SearchScopes\{6089E4E5-E6DF-4CC7-9174-1D523B95B31E}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http-proxy.fu-berlin.de:80 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/26 19:46:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/26 19:46:30 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\PROGRA~2\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (WhiteSmoke US New E1 Toolbar) - {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (WhiteSmoke US New E1 Toolbar) - {72a0f495-ba60-4524-827b-b36b8c18587a} - C:\Program Files (x86)\WhiteSmoke_US_New_E1\prxtbWhit.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\PROGRA~2\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [colodVol] rundll32 ",CreateProcessNotify File not found O4 - HKCU..\Run: [klwcbbuc] C:\Users\BJRN~1.WER\AppData\Local\Temp\Dpkdxni\kszgvwpbbuc.exe File not found O4 - HKCU..\Run: [mietn] rundll32.exe File not found O4 - HKCU..\Run: [nmaiooei] C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe () O4 - HKCU..\Run: [silapi] "C:\Windows\System32\rundll32.exe" File not found O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [wintv] "C:\Users\***\AppData\Roaming\wintv.exe" -autorun File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.180 195.50.140.114 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F60E597-EFF3-4BFC-9E7A-92338D17C8C5}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FC7120D-BBE0-4850-B828-CF269BAC3849}: DhcpNameServer = 195.50.140.180 195.50.140.114 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{421dc10f-3121-11e2-8048-002454b6e387}\Shell - "" = AutoRun O33 - MountPoints2\{421dc10f-3121-11e2-8048-002454b6e387}\Shell\AutoRun\command - "" = F:\iStudio.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/15 04:54:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013/03/14 19:06:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\123 [2013/03/08 20:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/03/08 20:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/03/08 20:19:48 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013/03/08 20:19:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013/03/08 20:18:03 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\***\Desktop\SpybotSD2.exe [2013/03/08 14:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Udyxp [2013/03/08 14:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Cile [2013/03/08 14:43:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Byubol [2013/03/08 12:41:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\793F0FAB [2013/03/08 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Piyrm [2013/03/08 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hice [2013/03/08 12:14:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dunuaq [2013/03/08 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Gizoyr [2013/03/08 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Epynf [2013/03/08 10:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dawi [2013/03/08 10:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ovneiq [2013/03/08 10:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hize [2013/03/08 10:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Agnu [2013/02/25 04:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013/02/25 04:17:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\APN [2013/02/25 04:17:23 | 000,000,000 | ---D | C] -- C:\Firefox [2013/02/24 22:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013/02/24 22:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java ========== Files - Modified Within 30 Days ========== [2013/03/15 04:54:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013/03/15 04:53:42 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2013/03/15 04:52:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013/03/15 04:39:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/15 04:30:00 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/15 04:30:00 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/15 04:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/15 04:18:42 | 3179,921,408 | -HS- | M] () -- C:\hiberfil.sys [2013/03/15 02:20:48 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/14 18:21:54 | 000,002,048 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013/03/11 06:14:18 | 000,000,302 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.BAT [2013/03/10 02:33:07 | 000,089,088 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.DAT [2013/03/08 20:19:54 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/03/08 20:19:12 | 055,454,464 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\***\Desktop\SpybotSD2.exe [2013/03/08 13:02:26 | 000,116,448 | ---- | M] () -- C:\Users\***\Documents\svnetbkp_20130308130214.svb [2013/03/08 12:29:03 | 000,339,936 | ---- | M] () -- C:\Users\***\Desktop\Gesellschaftsvertrag - Bito AG (Berlin).tif [2013/03/03 21:28:35 | 001,682,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/03 21:28:35 | 000,719,712 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/03 21:28:35 | 000,681,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/03 21:28:35 | 000,154,882 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/03 21:28:35 | 000,131,264 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/03 21:16:56 | 000,328,972 | ---- | M] () -- C:\Users\***\Desktop\Übungsaufgabe IAS 19 neu.pdf [2013/02/15 09:23:33 | 000,420,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/03/15 04:53:42 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2013/03/15 04:52:46 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013/03/15 02:20:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/11 06:14:18 | 000,000,302 | ---- | C] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.BAT [2013/03/08 20:19:54 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/03/08 20:19:54 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/03/08 13:02:24 | 000,116,448 | ---- | C] () -- C:\Users\***\Documents\svnetbkp_20130308130214.svb [2013/03/08 12:41:13 | 000,089,088 | ---- | C] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.DAT [2013/03/08 12:33:07 | 000,339,936 | ---- | C] () -- C:\Users\***\Desktop\Gesellschaftsvertrag - Bito AG (Berlin).tif [2013/03/03 21:16:43 | 000,328,972 | ---- | C] () -- C:\Users\***\Desktop\Übungsaufgabe IAS 19 neu.pdf [2012/06/29 06:26:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad [2012/01/31 20:43:07 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129725125879631490.xml [2012/01/27 07:55:30 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129721209303326158.xml [2012/01/19 21:27:23 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129714784434242087.xml [2012/01/08 15:39:02 | 000,000,343 | ---- | C] () -- C:\Users\***\AppData\Roaming\solr129705071423016200.xml [2012/01/08 14:44:26 | 000,000,400 | -H-- | C] () -- C:\Windows\br.bin [2012/01/08 12:46:53 | 001,705,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/02/15 15:28:41 | 000,000,653 | ---- | C] () -- C:\Users\***\AppData\Roaming\BeckLStTab.ini [2011/02/15 15:28:41 | 000,000,050 | ---- | C] () -- C:\Users\***\AppData\Roaming\newCOMer.ini [2010/12/14 09:03:37 | 000,022,419 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Access 97-2003.ADR [2010/12/14 08:15:20 | 000,021,869 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010/09/28 16:28:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/03/14 01:37:07 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\793F0FAB [2013/03/08 10:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Agnu [2012/11/22 06:08:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ateswy [2013/03/08 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Byubol [2013/03/08 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cile [2013/01/04 19:18:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013/03/15 04:16:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dawi [2013/03/15 04:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013/03/08 12:29:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dunuaq [2012/11/23 18:57:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ecmay [2012/01/15 22:16:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2012/08/09 23:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ennozy [2013/03/08 10:54:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epynf [2012/08/10 08:36:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fyvuod [2013/03/08 10:54:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gizoyr [2013/03/10 22:32:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hice [2013/03/15 04:18:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hize [2013/01/04 19:16:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2013/03/14 01:21:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ovneiq [2012/11/23 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Padyot [2013/03/08 12:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Piyrm [2011/12/07 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\sr45iu56u [2013/03/15 04:16:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Udyxp [2011/08/28 20:54:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/15/2013 4:56:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.96 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.27% Memory free
5.92 Gb Paging File | 4.34 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 106.39 Gb Total Space | 7.56 Gb Free Space | 7.10% Space Free | Partition Type: NTFS
Drive D: | 106.39 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062BD1D7-A34E-49D5-A209-97E879C78EE0}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C9CA586-2F2A-4878-801A-C0B6B96B0B7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24009017-B520-45A3-A0B3-4176845401B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{29448E7D-0576-4C29-A991-D2DF72803B8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E474B84-E0FF-48E4-BE4F-4DA58F6C82EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{3458F3B1-04F3-4239-994E-F1377C22FA98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38AF08A1-C7A9-4905-AD33-0D19CB15D890}" = rport=139 | protocol=6 | dir=out | app=system |
"{43313ED1-C4D0-4619-AE58-2E880CBB3AE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{53F058F4-E39E-478F-8160-12116C745705}" = lport=138 | protocol=17 | dir=in | app=system |
"{54B73F9A-CEE2-49A7-93B9-4D8A454F70BA}" = rport=445 | protocol=6 | dir=out | app=system |
"{5EA531F2-A18C-4815-8636-604B78C9494F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60F09DC4-904D-47D2-9DAA-79B79F6CDDF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{74301544-322C-454B-9B9C-B723910C7253}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{756A1D8A-FA96-4C2A-B816-69B791094D7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89CE4DA6-1B1C-42DA-89D5-DAA05865F7D1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A142E722-6C8A-452A-8E2B-C7387D74115C}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF4E317A-A76D-4AC7-92B0-3B80A8ADBFEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5B87E0A-4D17-4F9F-8779-9D72FACF2A17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C6DC5009-8EF4-495B-BA00-0FC24446BA36}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9DD39F9-F4A4-410D-9AA0-25CFAC5B75DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA5BAE1B-31E5-40CE-9DF0-24821D8ACE27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFDAEFDF-2D17-443B-8BA5-B991B8B0D378}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D890A92C-B506-44EE-8C1B-E4B222DEED4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DC74ED34-EF68-4D74-ADDD-ACBF0E2700B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDFE3123-12AC-4103-BB2F-7D6CADCDB60D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E4AAB2AE-504A-46AF-88B6-5B19C56FCC39}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ABF6C35-EFB4-4162-912C-E19022359E01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0B8DDBF3-01FF-4F5A-AEAE-097547AB1894}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13AC0EED-5920-4416-93A9-337406C40BB2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{169B616B-68F5-4257-ABCC-FD56B3A568F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{17A9C841-E1D5-4F83-A3B7-108605B0E9A6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19CAA047-240F-4A15-A508-6B86B4D5DF91}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1CC9862E-E424-490A-8BD6-3844DCA2D070}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{1EC79062-EB64-4A10-A018-D1AA7DB07182}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{209EB816-EFF2-4B44-BBC0-93B438FD6AA1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{28279730-AC44-4B15-9207-B65BF1FE68F9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29A71561-CFEF-492E-B5DC-775BE258C665}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{378D8E66-F2E2-4120-8E8B-7DC087B5FD9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3D1F9E75-BD2C-4A2C-979D-82C6012A0BD0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{3ED05266-6040-4931-81ED-5378067A4066}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF3987C-8696-44F8-887F-DF3165403524}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{590FDB03-AB8B-4CE2-AD78-48102C266318}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5D3629D9-D2CF-4961-8A31-04FDFC348BB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{5E65F5D3-436B-4996-9356-E8575EE651A8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{60125A1F-6293-443A-BCA9-48CD6332C657}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{644B55BE-593E-4073-9A2B-108C34B57481}" = protocol=6 | dir=out | app=system |
"{6A7DB789-52DD-4A65-8679-A1B5D18ADE52}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{6F265F6E-89CA-4F3C-8651-A5EA8239D581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{75D121F4-A927-47C7-958D-28921826489F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76F9D73E-210E-41E1-836A-B07132079C36}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A469460-932B-47F1-86D7-8930A69F9241}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{86EE379D-4AF9-42F4-8F32-48BE8B7B32AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{872913BE-8320-4FCC-8372-F0D4B7DD3FFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8B659CAA-1E4C-437C-B069-B5676C257FF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{8B8DAD46-2BAC-49A2-AA0B-07C612D4D2A8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{8DA04435-1E38-40C7-99B7-4F1275B41EA9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E241EDD-944E-42D6-9E99-5A7FCBB464F7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8E2E7012-CC43-4F12-9805-75FB66238241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{940CBFB6-5AA0-49DD-99D9-14A95E2F86F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{99132787-A2A9-4A78-AFB6-54BFAFE89160}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E596696-D454-4EF3-97B8-C797CECF9E16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEB6F621-C45E-49E6-8B81-27E42BC1E773}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1FB893E-58E8-4795-B762-A89A23292690}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B40B691C-2E50-40FA-A1B5-36F33FEBC602}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B71DA961-3261-4B18-8611-3AF00CC6BABC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{BC7EE89E-6578-4330-807A-663A0BA6A021}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{BFEDA17A-121C-44A2-858C-06F126F5E568}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C3F856A4-EAB7-4CB2-B854-396D21D9C478}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{CEFC2E64-1274-41AC-82B7-12EE2163CC91}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{D1834BFD-4DA0-4461-BAD5-C948E69BE925}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{D37C3C76-BEF6-4828-AA36-11F2641C3129}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{D8340636-116F-41FF-A0EB-1C45BF662206}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D89C6770-C261-4EAE-ABDC-8F8E42FFB3D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E70EC1D2-96D8-48CF-9AFD-233BC75AB3DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0FD3D11-CA76-4F6A-A4BB-9AFC71D8A60C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F375B915-1C09-47EF-BBE4-F23EE76FBC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{05AF01FA-D3D9-48B6-96E4-BFBA403E6FB3}C:\users\***\desktop\netviewer_support_free.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\netviewer_support_free.exe |
"TCP Query User{0D6C873A-E454-4F4F-833E-F4942EBB09EC}C:\users\***\appdata\roaming\fyvuod\taib.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\fyvuod\taib.exe |
"TCP Query User{1A722806-7A5C-4B32-B630-523C5D015BB2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{22D43D85-E490-4F73-BED4-EE40DF4C6273}C:\users\***\appdata\roaming\hize\qihy.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hize\qihy.exe |
"TCP Query User{525591D2-9AE1-4E8D-B955-B2DA2D170A68}C:\program files (x86)\netviewer\support\netviewer_support_free.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netviewer\support\netviewer_support_free.exe |
"TCP Query User{65F40BBD-E561-4B02-84C5-7936EF1EF39F}C:\users\***\appdata\roaming\ecmay\vyma.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\ecmay\vyma.exe |
"UDP Query User{2454DDD4-4150-4B7E-B652-35312878EBB8}C:\users\***\desktop\netviewer_support_free.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\netviewer_support_free.exe |
"UDP Query User{4B736767-C307-4E35-A20C-FDD5D1D98451}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{75432F5B-E653-4CE9-9BF7-502BA718992D}C:\program files (x86)\netviewer\support\netviewer_support_free.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netviewer\support\netviewer_support_free.exe |
"UDP Query User{8FB65F30-82C1-4DD4-A48D-844C629A3703}C:\users\***\appdata\roaming\ecmay\vyma.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\ecmay\vyma.exe |
"UDP Query User{9B561C77-F192-4BAB-A168-D1696086D1D4}C:\users\***\appdata\roaming\hize\qihy.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hize\qihy.exe |
"UDP Query User{F6F584F9-42FF-49B0-8A04-8EDDF49B22D8}C:\users\***\appdata\roaming\fyvuod\taib.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\fyvuod\taib.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{877B3198-1C6B-4A9A-8D28-BE4F6040987F}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{87BDC315-543E-4E52-914E-B3E25F84C066}" = NWB Datenbank
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F69E6E3-7A08-40A4-AD9C-175ACC4DAE09}" = BeckRecherche 2010
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE75AF6A-22AC-4497-AE20-9FA4F4B10046}" = Netviewer Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C38F79EE-1533-4D0F-99E3-CBEE88E2ACDF}" = Lohnsteuer 2011
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsterFormular 13.1.1.8531k" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IsoBuster_is1" = IsoBuster 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Office14.SingleImage" = Microsoft Office Professional 2010
"Ruhe_is1" = Ruhe V 0.09
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"skedTerminSyncOutlook2_is1" = sked TerminSync für MS Outlook 2.0.6
"sv.net" = sv.net
"VLC media player" = VLC media player 1.1.11
"WhiteSmoke_US_New_E1 Toolbar" = WhiteSmoke US New E1 Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.1.9
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/4/2012 11:25:00 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 57713490
Error - 6/5/2012 12:16:44 AM | Computer Name = *** | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 6/5/2012 4:20:58 AM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/5/2012 1:27:43 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/5/2012 1:27:43 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15943
Error - 6/5/2012 1:27:43 PM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15943
Error - 6/5/2012 3:57:11 PM | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 6/6/2012 12:39:24 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 6/6/2012 12:39:25 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7259522
Error - 6/6/2012 12:39:25 AM | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7259522
[ Spybot - Search and Destroy Events ]
Error - 3/8/2013 4:01:41 PM | Computer Name = *** | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 3/10/2013 3:11:48 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
BrYNSvc erreicht.
Error - 3/10/2013 3:11:48 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrYNSvc" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 3/10/2013 3:12:14 PM | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 3/10/2013 3:17:11 PM | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 3/14/2013 11:21:38 PM | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 3/14/2013 11:21:38 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 3/14/2013 11:21:38 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 3/14/2013 11:22:16 PM | Computer Name = *** | Source = DCOM | ID = 10005
Description =
Error - 3/14/2013 11:22:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 3/14/2013 11:22:16 PM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
|
|
15.03.2013, 11:42
| #2 |
| /// Helfer-Team  | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast! (Reiter Logdateien) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
O4 - HKCU..\Run: [colodVol] rundll32 ",CreateProcessNotify File not found
O4 - HKCU..\Run: [klwcbbuc] C:\Users\BJRN~1.WER\AppData\Local\Temp\Dpkdxni\kszgvwpbbuc.exe File not found
O4 - HKCU..\Run: [mietn] rundll32.exe File not found
O4 - HKCU..\Run: [nmaiooei] C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe ()
[2013/03/08 20:18:03 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\***\Desktop\SpybotSD2.exe
[2013/03/11 06:14:18 | 000,000,302 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.BAT
[2013/03/10 02:33:07 | 000,089,088 | ---- | M] () -- C:\Users\***\AppData\Roaming\KB00834037.exe.DAT
[2013/03/08 12:41:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\793F0FAB
[2012/06/29 06:26:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\***\*.tmp
C:\Users\***\AppData\*.dll
C:\Users\***\AppData\*.exe
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
15.03.2013, 13:14
| #3 |
| | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Moin t'john,
__________________ich finde Deine/Eure Arbeit wahnsinnig beeindruckend. Danke, dass Ihr alle so bei der Sache seid. Hier nun das Malwarebytes-Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.14.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 15.03.2013 02:30:33 mbam-log-2013-03-15 (02-30-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 386177 Laufzeit: 1 Stunde(n), 43 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\***\AppData\Roaming\Hize\qihy.exe (Trojan.Agent.MU) -> 312 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Xiocd (Trojan.Agent.MU) -> Daten: C:\Users\***\AppData\Roaming\Hize\qihy.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\***\AppData\Roaming\Hize\qihy.exe (Trojan.Agent.MU) -> Löschen bei Neustart. C:\Users\***\AppData\Roaming\Dawi\enlyy.exe (Trojan.Agent.MU) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Udyxp\alnia.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ch8l0.exe.lnk (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\colodVol deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\klwcbbuc deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mietn deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nmaiooei deleted successfully.
File move failed. C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe scheduled to be moved on reboot.
C:\Users\***\Desktop\SpybotSD2.exe moved successfully.
C:\Users\***\AppData\Roaming\KB00834037.exe.BAT moved successfully.
File C:\Users\***\AppData\Roaming\KB00834037.exe.DAT not found.
C:\Users\***\AppData\Roaming\793F0FAB folder moved successfully.
C:\ProgramData\l_0_00_re.pad moved successfully.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\***\*.tmp not found.
File\Folder C:\Users\***\AppData\*.dll not found.
File\Folder C:\Users\***\AppData\*.exe not found.
C:\Users\***\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\_is6DCE.exe moved successfully.
C:\Users\***\AppData\Local\Temp\_isBC7F.exe moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\***\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: ***
->Temp folder emptied: 30442112 bytes
->Temporary Internet Files folder emptied: 428621475 bytes
->Flash cache emptied: 707 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 436309207 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 364406564 bytes
Total Files Cleaned = 1,201.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03152013_121155
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.15.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]
15.03.2013 12:41:07
mbar-log-2013-03-15 (12-41-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30867
Time elapsed: 17 minute(s), 42 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 15/03/2013 um 12:53:21 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\WhiteSmoke_US_New_E1
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\WhiteSmoke_US_New_E1
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New_E1
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Schlüssel Gelöscht : HKLM\Software\WhiteSmoke_US_New_E1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C5E6F4F-6633-4BA1-84DC-80C3E39E1822}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3ACC7C77-3B34-4EE8-9956-4EA1D593F08C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A0F495-BA60-4524-827B-B36B8C18587A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New_E1 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [7255 octets] - [15/03/2013 12:53:21]
########## EOF - C:\AdwCleaner[S1].txt - [7315 octets] ##########
|
|
15.03.2013, 13:51
| #4 |
| /// Helfer-Team | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
15.03.2013, 14:31
| #5 |
| | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Hey, leider bekomme ich beim Scan folgende Fehlermeldung: "avast! Antirootkit funktioniert nicht mehr Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist." Ich habe die nächsten Schritte dann erstmal noch nicht gemacht. |
|
15.03.2013, 20:58
| #6 |
| /// Helfer-Team | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
dann ab ESET weitermachen.
__________________ --> vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? |
|
15.03.2013, 21:16
| #7 |
| | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Hey, auch weiterhin vielen Dank! Hier die Auswertung von TDSSKiller: Code:
ATTFilter 21:10:36.0935 3220 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:10:37.0076 3220 ============================================================
21:10:37.0076 3220 Current date / time: 2013/03/15 21:10:37.0076
21:10:37.0076 3220 SystemInfo:
21:10:37.0076 3220
21:10:37.0076 3220 OS Version: 6.1.7601 ServicePack: 1.0
21:10:37.0076 3220 Product type: Workstation
21:10:37.0076 3220 ComputerName: ***-PC
21:10:37.0076 3220 UserName: ***
21:10:37.0076 3220 Windows directory: C:\Windows
21:10:37.0076 3220 System windows directory: C:\Windows
21:10:37.0076 3220 Running under WOW64
21:10:37.0076 3220 Processor architecture: Intel x64
21:10:37.0076 3220 Number of processors: 2
21:10:37.0076 3220 Page size: 0x1000
21:10:37.0076 3220 Boot type: Normal boot
21:10:37.0076 3220 ============================================================
21:10:37.0762 3220 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:10:37.0778 3220 ============================================================
21:10:37.0778 3220 \Device\Harddisk0\DR0:
21:10:37.0778 3220 MBR partitions:
21:10:37.0778 3220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
21:10:37.0778 3220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xD4C8800
21:10:37.0778 3220 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xFCFB000, BlocksNum 0xD4CA000
21:10:37.0778 3220 ============================================================
21:10:37.0793 3220 C: <-> \Device\Harddisk0\DR0\Partition2
21:10:37.0934 3220 D: <-> \Device\Harddisk0\DR0\Partition3
21:10:37.0934 3220 ============================================================
21:10:37.0934 3220 Initialize success
21:10:37.0934 3220 ============================================================
21:11:30.0371 2832 ============================================================
21:11:30.0371 2832 Scan started
21:11:30.0371 2832 Mode: Manual; SigCheck; TDLFS;
21:11:30.0371 2832 ============================================================
21:11:31.0401 2832 ================ Scan system memory ========================
21:11:31.0401 2832 System memory - ok
21:11:31.0416 2832 ================ Scan services =============================
21:11:32.0181 2832 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:11:32.0352 2832 1394ohci - ok
21:11:32.0446 2832 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:11:32.0477 2832 ACPI - ok
21:11:32.0539 2832 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:11:32.0602 2832 AcpiPmi - ok
21:11:32.0851 2832 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:11:32.0867 2832 AdobeFlashPlayerUpdateSvc - ok
21:11:32.0929 2832 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:11:32.0976 2832 adp94xx - ok
21:11:33.0054 2832 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:11:33.0085 2832 adpahci - ok
21:11:33.0132 2832 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:11:33.0163 2832 adpu320 - ok
21:11:33.0241 2832 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:11:33.0319 2832 AeLookupSvc - ok
21:11:33.0382 2832 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:11:33.0429 2832 AFD - ok
21:11:33.0507 2832 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:11:33.0538 2832 agp440 - ok
21:11:33.0585 2832 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:11:33.0647 2832 ALG - ok
21:11:33.0725 2832 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:11:33.0741 2832 aliide - ok
21:11:33.0772 2832 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:11:33.0787 2832 amdide - ok
21:11:33.0819 2832 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:11:33.0865 2832 AmdK8 - ok
21:11:33.0928 2832 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:11:33.0975 2832 AmdPPM - ok
21:11:34.0053 2832 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:11:34.0068 2832 amdsata - ok
21:11:34.0115 2832 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:11:34.0131 2832 amdsbs - ok
21:11:34.0146 2832 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:11:34.0162 2832 amdxata - ok
21:11:34.0349 2832 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:11:34.0365 2832 AntiVirSchedulerService - ok
21:11:34.0411 2832 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:11:34.0443 2832 AntiVirService - ok
21:11:34.0489 2832 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:11:34.0552 2832 AppID - ok
21:11:34.0614 2832 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:11:34.0692 2832 AppIDSvc - ok
21:11:34.0739 2832 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:11:34.0786 2832 Appinfo - ok
21:11:34.0895 2832 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:11:34.0911 2832 Apple Mobile Device - ok
21:11:34.0942 2832 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:11:34.0957 2832 arc - ok
21:11:35.0020 2832 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:11:35.0051 2832 arcsas - ok
21:11:35.0082 2832 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:11:35.0129 2832 AsyncMac - ok
21:11:35.0176 2832 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:11:35.0176 2832 atapi - ok
21:11:35.0254 2832 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:11:35.0379 2832 athr - ok
21:11:35.0457 2832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:11:35.0519 2832 AudioEndpointBuilder - ok
21:11:35.0519 2832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:11:35.0566 2832 AudioSrv - ok
21:11:35.0613 2832 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:11:35.0628 2832 avgntflt - ok
21:11:35.0659 2832 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:11:35.0675 2832 avipbb - ok
21:11:35.0691 2832 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:11:35.0691 2832 avkmgr - ok
21:11:35.0753 2832 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:11:35.0862 2832 AxInstSV - ok
21:11:35.0925 2832 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:11:35.0987 2832 b06bdrv - ok
21:11:36.0065 2832 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:11:36.0112 2832 b57nd60a - ok
21:11:36.0174 2832 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:11:36.0237 2832 BDESVC - ok
21:11:36.0252 2832 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:11:36.0315 2832 Beep - ok
21:11:36.0424 2832 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:11:36.0486 2832 BFE - ok
21:11:36.0533 2832 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:11:36.0611 2832 BITS - ok
21:11:36.0642 2832 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:11:36.0689 2832 blbdrive - ok
21:11:36.0736 2832 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:11:36.0767 2832 Bonjour Service - ok
21:11:36.0798 2832 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:11:36.0845 2832 bowser - ok
21:11:36.0861 2832 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:11:36.0954 2832 BrFiltLo - ok
21:11:37.0017 2832 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:11:37.0048 2832 BrFiltUp - ok
21:11:37.0095 2832 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:11:37.0157 2832 Browser - ok
21:11:37.0188 2832 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:11:37.0235 2832 Brserid - ok
21:11:37.0266 2832 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:11:37.0297 2832 BrSerWdm - ok
21:11:37.0344 2832 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:11:37.0360 2832 BrUsbMdm - ok
21:11:37.0360 2832 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:11:37.0407 2832 BrUsbSer - ok
21:11:37.0500 2832 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
21:11:37.0516 2832 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
21:11:37.0516 2832 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
21:11:37.0547 2832 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:11:37.0578 2832 BTHMODEM - ok
21:11:37.0625 2832 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:11:37.0703 2832 bthserv - ok
21:11:37.0750 2832 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:11:37.0828 2832 cdfs - ok
21:11:37.0906 2832 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:11:37.0953 2832 cdrom - ok
21:11:37.0999 2832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:11:38.0046 2832 CertPropSvc - ok
21:11:38.0109 2832 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:11:38.0155 2832 circlass - ok
21:11:38.0218 2832 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:11:38.0233 2832 CLFS - ok
21:11:38.0327 2832 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:11:38.0358 2832 clr_optimization_v2.0.50727_32 - ok
21:11:38.0483 2832 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:11:38.0514 2832 clr_optimization_v2.0.50727_64 - ok
21:11:38.0608 2832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:11:38.0655 2832 clr_optimization_v4.0.30319_32 - ok
21:11:38.0686 2832 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:11:38.0701 2832 clr_optimization_v4.0.30319_64 - ok
21:11:38.0733 2832 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:11:38.0764 2832 CmBatt - ok
21:11:38.0811 2832 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:11:38.0811 2832 cmdide - ok
21:11:38.0873 2832 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:11:38.0967 2832 CNG - ok
21:11:39.0029 2832 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:11:39.0060 2832 Compbatt - ok
21:11:39.0091 2832 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:11:39.0138 2832 CompositeBus - ok
21:11:39.0169 2832 COMSysApp - ok
21:11:39.0201 2832 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:11:39.0201 2832 crcdisk - ok
21:11:39.0263 2832 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:11:39.0325 2832 CryptSvc - ok
21:11:39.0388 2832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:11:39.0450 2832 DcomLaunch - ok
21:11:39.0497 2832 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:11:39.0591 2832 defragsvc - ok
21:11:39.0669 2832 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:11:39.0731 2832 DfsC - ok
21:11:39.0778 2832 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:11:39.0793 2832 dg_ssudbus - ok
21:11:39.0840 2832 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:11:39.0918 2832 Dhcp - ok
21:11:39.0981 2832 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:11:40.0059 2832 discache - ok
21:11:40.0105 2832 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:11:40.0121 2832 Disk - ok
21:11:40.0168 2832 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:11:40.0230 2832 Dnscache - ok
21:11:40.0277 2832 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:11:40.0339 2832 dot3svc - ok
21:11:40.0386 2832 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:11:40.0433 2832 Dot4 - ok
21:11:40.0480 2832 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
21:11:40.0527 2832 Dot4Print - ok
21:11:40.0558 2832 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:11:40.0605 2832 dot4usb - ok
21:11:40.0651 2832 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:11:40.0729 2832 DPS - ok
21:11:40.0776 2832 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:11:40.0823 2832 drmkaud - ok
21:11:40.0885 2832 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:11:40.0901 2832 dtsoftbus01 - ok
21:11:40.0995 2832 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:11:41.0057 2832 DXGKrnl - ok
21:11:41.0104 2832 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:11:41.0151 2832 EapHost - ok
21:11:41.0400 2832 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:11:41.0509 2832 ebdrv - ok
21:11:41.0556 2832 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:11:41.0634 2832 EFS - ok
21:11:41.0743 2832 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:11:41.0853 2832 ehRecvr - ok
21:11:41.0899 2832 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:11:41.0977 2832 ehSched - ok
21:11:42.0071 2832 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:11:42.0102 2832 elxstor - ok
21:11:42.0133 2832 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:11:42.0180 2832 ErrDev - ok
21:11:42.0243 2832 [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
21:11:42.0274 2832 ETD - ok
21:11:42.0336 2832 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:11:42.0399 2832 EventSystem - ok
21:11:42.0414 2832 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:11:42.0477 2832 exfat - ok
21:11:42.0570 2832 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:11:42.0648 2832 fastfat - ok
21:11:42.0726 2832 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:11:42.0804 2832 Fax - ok
21:11:42.0835 2832 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:11:42.0867 2832 fdc - ok
21:11:42.0913 2832 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:11:42.0960 2832 fdPHost - ok
21:11:42.0991 2832 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:11:43.0069 2832 FDResPub - ok
21:11:43.0116 2832 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:11:43.0132 2832 FileInfo - ok
21:11:43.0147 2832 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:11:43.0225 2832 Filetrace - ok
21:11:43.0272 2832 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:11:43.0303 2832 flpydisk - ok
21:11:43.0350 2832 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:11:43.0397 2832 FltMgr - ok
21:11:43.0475 2832 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:11:43.0569 2832 FontCache - ok
21:11:43.0725 2832 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:11:43.0740 2832 FontCache3.0.0.0 - ok
21:11:43.0771 2832 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:11:43.0787 2832 FsDepends - ok
21:11:43.0834 2832 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:11:43.0849 2832 fssfltr - ok
21:11:43.0912 2832 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:11:43.0959 2832 fsssvc - ok
21:11:44.0005 2832 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:11:44.0021 2832 Fs_Rec - ok
21:11:44.0099 2832 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:11:44.0130 2832 fvevol - ok
21:11:44.0193 2832 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:11:44.0224 2832 gagp30kx - ok
21:11:44.0255 2832 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:11:44.0255 2832 GEARAspiWDM - ok
21:11:44.0395 2832 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:11:44.0489 2832 gpsvc - ok
21:11:44.0551 2832 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:11:44.0629 2832 hcw85cir - ok
21:11:44.0692 2832 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:11:44.0754 2832 HdAudAddService - ok
21:11:44.0785 2832 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:11:44.0817 2832 HDAudBus - ok
21:11:44.0863 2832 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:11:44.0895 2832 HidBatt - ok
21:11:44.0973 2832 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:11:45.0051 2832 HidBth - ok
21:11:45.0113 2832 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:11:45.0129 2832 HidIr - ok
21:11:45.0191 2832 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:11:45.0285 2832 hidserv - ok
21:11:45.0347 2832 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:11:45.0378 2832 HidUsb - ok
21:11:45.0425 2832 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:11:45.0472 2832 hkmsvc - ok
21:11:45.0550 2832 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:11:45.0628 2832 HomeGroupListener - ok
21:11:45.0690 2832 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:11:45.0753 2832 HomeGroupProvider - ok
21:11:46.0221 2832 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:11:46.0751 2832 hpqcxs08 - ok
21:11:46.0813 2832 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:11:46.0829 2832 hpqddsvc - ok
21:11:46.0891 2832 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:11:46.0907 2832 HpSAMD - ok
21:11:47.0157 2832 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:11:47.0250 2832 HTTP - ok
21:11:47.0328 2832 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:11:47.0344 2832 hwpolicy - ok
21:11:47.0391 2832 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:11:47.0422 2832 i8042prt - ok
21:11:47.0593 2832 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:11:47.0609 2832 iaStor - ok
21:11:47.0687 2832 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:11:47.0718 2832 iaStorV - ok
21:11:47.0890 2832 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:11:47.0952 2832 idsvc - ok
21:11:49.0138 2832 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:11:49.0481 2832 igfx - ok
21:11:49.0528 2832 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:11:49.0559 2832 iirsp - ok
21:11:49.0809 2832 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:11:49.0887 2832 IKEEXT - ok
21:11:50.0292 2832 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:11:50.0401 2832 IntcAzAudAddService - ok
21:11:50.0464 2832 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:11:50.0495 2832 IntcHdmiAddService - ok
21:11:50.0526 2832 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:11:50.0542 2832 intelide - ok
21:11:50.0589 2832 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:11:50.0635 2832 intelppm - ok
21:11:50.0682 2832 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:11:50.0760 2832 IPBusEnum - ok
21:11:50.0823 2832 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:11:50.0901 2832 IpFilterDriver - ok
21:11:51.0088 2832 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:11:51.0150 2832 iphlpsvc - ok
21:11:51.0197 2832 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:11:51.0259 2832 IPMIDRV - ok
21:11:51.0291 2832 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:11:51.0369 2832 IPNAT - ok
21:11:51.0665 2832 [ 3D62FE4FEFE9C67DAFEC52B534DFA1FB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:11:51.0727 2832 iPod Service - ok
21:11:51.0759 2832 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:11:51.0805 2832 IRENUM - ok
21:11:51.0837 2832 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:11:51.0852 2832 isapnp - ok
21:11:51.0946 2832 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:11:51.0977 2832 iScsiPrt - ok
21:11:52.0008 2832 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:11:52.0024 2832 kbdclass - ok
21:11:52.0055 2832 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:11:52.0102 2832 kbdhid - ok
21:11:52.0117 2832 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:11:52.0133 2832 KeyIso - ok
21:11:52.0211 2832 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:11:52.0227 2832 KSecDD - ok
21:11:52.0336 2832 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:11:52.0367 2832 KSecPkg - ok
21:11:52.0429 2832 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:11:52.0507 2832 ksthunk - ok
21:11:52.0632 2832 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:11:52.0741 2832 KtmRm - ok
21:11:52.0819 2832 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:11:52.0897 2832 LanmanServer - ok
21:11:52.0960 2832 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:11:53.0007 2832 LanmanWorkstation - ok
21:11:53.0053 2832 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:11:53.0131 2832 lltdio - ok
21:11:53.0225 2832 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:11:53.0303 2832 lltdsvc - ok
21:11:53.0319 2832 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:11:53.0365 2832 lmhosts - ok
21:11:53.0412 2832 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:11:53.0443 2832 LSI_FC - ok
21:11:53.0475 2832 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:11:53.0490 2832 LSI_SAS - ok
21:11:53.0506 2832 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:11:53.0521 2832 LSI_SAS2 - ok
21:11:53.0537 2832 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:11:53.0553 2832 LSI_SCSI - ok
21:11:53.0599 2832 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:11:53.0677 2832 luafv - ok
21:11:53.0740 2832 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:11:53.0771 2832 Mcx2Svc - ok
21:11:53.0787 2832 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:11:53.0802 2832 megasas - ok
21:11:53.0833 2832 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:11:53.0849 2832 MegaSR - ok
21:11:53.0896 2832 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:11:53.0989 2832 MMCSS - ok
21:11:54.0005 2832 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:11:54.0099 2832 Modem - ok
21:11:54.0145 2832 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:11:54.0177 2832 monitor - ok
21:11:54.0239 2832 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:11:54.0255 2832 mouclass - ok
21:11:54.0286 2832 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:11:54.0317 2832 mouhid - ok
21:11:54.0348 2832 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:11:54.0364 2832 mountmgr - ok
21:11:54.0442 2832 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:11:54.0473 2832 mpio - ok
21:11:54.0504 2832 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:11:54.0551 2832 mpsdrv - ok
21:11:54.0598 2832 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:11:54.0707 2832 MpsSvc - ok
21:11:54.0785 2832 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:11:54.0847 2832 MRxDAV - ok
21:11:54.0925 2832 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:11:55.0003 2832 mrxsmb - ok
21:11:55.0097 2832 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:11:55.0175 2832 mrxsmb10 - ok
21:11:55.0206 2832 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:11:55.0237 2832 mrxsmb20 - ok
21:11:55.0315 2832 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:11:55.0331 2832 msahci - ok
21:11:55.0362 2832 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:11:55.0378 2832 msdsm - ok
21:11:55.0440 2832 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:11:55.0518 2832 MSDTC - ok
21:11:55.0565 2832 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:11:55.0627 2832 Msfs - ok
21:11:55.0674 2832 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:11:55.0721 2832 mshidkmdf - ok
21:11:55.0752 2832 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:11:55.0768 2832 msisadrv - ok
21:11:55.0799 2832 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:11:55.0861 2832 MSiSCSI - ok
21:11:55.0861 2832 msiserver - ok
21:11:55.0908 2832 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:11:55.0971 2832 MSKSSRV - ok
21:11:55.0986 2832 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:11:56.0049 2832 MSPCLOCK - ok
21:11:56.0064 2832 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:11:56.0127 2832 MSPQM - ok
21:11:56.0220 2832 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:11:56.0251 2832 MsRPC - ok
21:11:56.0345 2832 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:11:56.0361 2832 mssmbios - ok
21:11:56.0548 2832 MSSQL$RECHERCHE2009 - ok
21:11:56.0704 2832 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:11:56.0735 2832 MSSQLServerADHelper100 - ok
21:11:56.0797 2832 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:11:56.0860 2832 MSTEE - ok
21:11:56.0875 2832 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:11:56.0907 2832 MTConfig - ok
21:11:56.0938 2832 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:11:56.0953 2832 Mup - ok
21:11:57.0156 2832 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:11:57.0219 2832 napagent - ok
21:11:57.0281 2832 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:11:57.0328 2832 NativeWifiP - ok
21:11:57.0655 2832 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:11:57.0702 2832 NDIS - ok
21:11:57.0733 2832 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:11:57.0811 2832 NdisCap - ok
21:11:57.0858 2832 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:11:57.0889 2832 NdisTapi - ok
21:11:57.0952 2832 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:11:58.0030 2832 Ndisuio - ok
21:11:58.0108 2832 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:11:58.0186 2832 NdisWan - ok
21:11:58.0279 2832 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:11:58.0373 2832 NDProxy - ok
21:11:58.0420 2832 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:11:58.0435 2832 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:11:58.0435 2832 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:11:58.0498 2832 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:11:58.0560 2832 NetBIOS - ok
21:11:58.0669 2832 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:11:58.0716 2832 NetBT - ok
21:11:58.0747 2832 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:11:58.0763 2832 Netlogon - ok
21:11:58.0810 2832 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:11:58.0841 2832 Netman - ok
21:11:58.0857 2832 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:11:58.0919 2832 netprofm - ok
21:11:59.0013 2832 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:11:59.0044 2832 NetTcpPortSharing - ok
21:11:59.0091 2832 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:11:59.0106 2832 nfrd960 - ok
21:11:59.0153 2832 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:11:59.0184 2832 NlaSvc - ok
21:11:59.0215 2832 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:11:59.0247 2832 Npfs - ok
21:11:59.0293 2832 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:11:59.0340 2832 nsi - ok
21:11:59.0371 2832 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:11:59.0449 2832 nsiproxy - ok
21:11:59.0793 2832 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:11:59.0871 2832 Ntfs - ok
21:11:59.0964 2832 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:12:00.0027 2832 Null - ok
21:12:00.0089 2832 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:12:00.0105 2832 nvraid - ok
21:12:00.0151 2832 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:12:00.0183 2832 nvstor - ok
21:12:00.0214 2832 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:12:00.0229 2832 nv_agp - ok
21:12:00.0261 2832 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:12:00.0292 2832 ohci1394 - ok
21:12:00.0370 2832 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:12:00.0385 2832 ose - ok
21:12:01.0805 2832 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:12:02.0023 2832 osppsvc - ok
21:12:02.0117 2832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:12:02.0195 2832 p2pimsvc - ok
21:12:02.0382 2832 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:12:02.0413 2832 p2psvc - ok
21:12:02.0476 2832 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:12:02.0523 2832 Parport - ok
21:12:02.0585 2832 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:12:02.0601 2832 partmgr - ok
21:12:02.0632 2832 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:12:02.0679 2832 PcaSvc - ok
21:12:02.0694 2832 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:12:02.0710 2832 pci - ok
21:12:02.0772 2832 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:12:02.0788 2832 pciide - ok
21:12:02.0866 2832 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:12:02.0897 2832 pcmcia - ok
21:12:02.0913 2832 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:12:02.0913 2832 pcw - ok
21:12:02.0944 2832 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:12:02.0991 2832 PEAUTH - ok
21:12:03.0942 2832 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:12:04.0005 2832 PerfHost - ok
21:12:04.0270 2832 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:12:04.0410 2832 pla - ok
21:12:04.0457 2832 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:12:04.0519 2832 PlugPlay - ok
21:12:04.0597 2832 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:12:04.0629 2832 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:12:04.0629 2832 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:12:04.0660 2832 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:12:04.0722 2832 PNRPAutoReg - ok
21:12:04.0816 2832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:12:04.0847 2832 PNRPsvc - ok
21:12:04.0909 2832 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:12:04.0987 2832 PolicyAgent - ok
21:12:05.0050 2832 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:12:05.0128 2832 Power - ok
21:12:05.0190 2832 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:12:05.0237 2832 PptpMiniport - ok
21:12:05.0299 2832 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:12:05.0346 2832 Processor - ok
21:12:05.0424 2832 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:12:05.0487 2832 ProfSvc - ok
21:12:05.0502 2832 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:12:05.0518 2832 ProtectedStorage - ok
21:12:05.0580 2832 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:12:05.0658 2832 Psched - ok
21:12:05.0955 2832 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:12:06.0001 2832 ql2300 - ok
21:12:06.0048 2832 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:12:06.0079 2832 ql40xx - ok
21:12:06.0111 2832 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:12:06.0173 2832 QWAVE - ok
21:12:06.0189 2832 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:12:06.0251 2832 QWAVEdrv - ok
21:12:06.0267 2832 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:12:06.0313 2832 RasAcd - ok
21:12:06.0360 2832 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:12:06.0423 2832 RasAgileVpn - ok
21:12:06.0469 2832 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:12:06.0547 2832 RasAuto - ok
21:12:06.0594 2832 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:12:06.0657 2832 Rasl2tp - ok
21:12:06.0719 2832 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:12:06.0766 2832 RasMan - ok
21:12:06.0797 2832 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:12:06.0859 2832 RasPppoe - ok
21:12:06.0875 2832 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:12:06.0922 2832 RasSstp - ok
21:12:06.0984 2832 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:12:07.0062 2832 rdbss - ok
21:12:07.0078 2832 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:12:07.0109 2832 rdpbus - ok
21:12:07.0140 2832 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:12:07.0187 2832 RDPCDD - ok
21:12:07.0249 2832 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:12:07.0296 2832 RDPENCDD - ok
21:12:07.0327 2832 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:12:07.0374 2832 RDPREFMP - ok
21:12:07.0421 2832 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:12:07.0483 2832 RDPWD - ok
21:12:07.0546 2832 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:12:07.0577 2832 rdyboost - ok
21:12:07.0624 2832 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:12:07.0686 2832 RemoteAccess - ok
21:12:07.0717 2832 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:12:07.0749 2832 RemoteRegistry - ok
21:12:07.0842 2832 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:12:07.0858 2832 RichVideo - ok
21:12:07.0905 2832 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
21:12:07.0936 2832 RMCAST - ok
21:12:07.0983 2832 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:12:08.0076 2832 RpcEptMapper - ok
21:12:08.0123 2832 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:12:08.0185 2832 RpcLocator - ok
21:12:08.0263 2832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:12:08.0326 2832 RpcSs - ok
21:12:08.0404 2832 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:12:08.0466 2832 rspndr - ok
21:12:08.0497 2832 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:12:08.0529 2832 RTL8167 - ok
21:12:08.0622 2832 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys
21:12:08.0638 2832 rtport - ok
21:12:08.0669 2832 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
21:12:08.0685 2832 SABI - ok
21:12:08.0685 2832 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:12:08.0700 2832 SamSs - ok
21:12:08.0763 2832 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:12:08.0778 2832 sbp2port - ok
21:12:08.0825 2832 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:12:08.0872 2832 SCardSvr - ok
21:12:08.0919 2832 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:12:09.0012 2832 scfilter - ok
21:12:09.0340 2832 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:12:09.0402 2832 Schedule - ok
21:12:09.0433 2832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:12:09.0480 2832 SCPolicySvc - ok
21:12:09.0589 2832 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:12:09.0652 2832 SDRSVC - ok
21:12:09.0808 2832 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
21:12:09.0855 2832 SDScannerService - ok
21:12:09.0933 2832 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:12:09.0979 2832 SDUpdateService - ok
21:12:10.0011 2832 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:12:10.0042 2832 SDWSCService - ok
21:12:10.0089 2832 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:12:10.0151 2832 secdrv - ok
21:12:10.0229 2832 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:12:10.0276 2832 seclogon - ok
21:12:10.0323 2832 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:12:10.0385 2832 SENS - ok
21:12:10.0416 2832 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:12:10.0463 2832 SensrSvc - ok
21:12:10.0510 2832 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:12:10.0557 2832 Serenum - ok
21:12:10.0572 2832 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:12:10.0619 2832 Serial - ok
21:12:10.0635 2832 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:12:10.0666 2832 sermouse - ok
21:12:10.0728 2832 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:12:10.0806 2832 SessionEnv - ok
21:12:10.0837 2832 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:12:10.0884 2832 sffdisk - ok
21:12:10.0915 2832 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:12:10.0947 2832 sffp_mmc - ok
21:12:10.0978 2832 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:12:11.0009 2832 sffp_sd - ok
21:12:11.0040 2832 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:12:11.0056 2832 sfloppy - ok
21:12:11.0071 2832 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:12:11.0134 2832 SharedAccess - ok
21:12:11.0321 2832 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:12:11.0399 2832 ShellHWDetection - ok
21:12:11.0430 2832 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:12:11.0430 2832 SiSRaid2 - ok
21:12:11.0477 2832 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:12:11.0493 2832 SiSRaid4 - ok
21:12:11.0571 2832 [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:12:11.0633 2832 SkypeUpdate - ok
21:12:11.0680 2832 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:12:11.0711 2832 Smb - ok
21:12:11.0789 2832 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:12:11.0836 2832 SNMPTRAP - ok
21:12:11.0867 2832 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:12:11.0883 2832 spldr - ok
21:12:11.0914 2832 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:12:11.0945 2832 Spooler - ok
21:12:12.0413 2832 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:12:12.0553 2832 sppsvc - ok
21:12:12.0616 2832 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:12:12.0663 2832 sppuinotify - ok
21:12:12.0741 2832 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$RECHERCHE2009 c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.RECHERCHE2009\MSSQL\Binn\SQLAGENT.EXE
21:12:12.0787 2832 SQLAgent$RECHERCHE2009 - ok
21:12:12.0897 2832 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:12:12.0912 2832 SQLBrowser - ok
21:12:13.0037 2832 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:12:13.0068 2832 SQLWriter - ok
21:12:13.0193 2832 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:12:13.0240 2832 srv - ok
21:12:13.0287 2832 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:12:13.0333 2832 srv2 - ok
21:12:13.0365 2832 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:12:13.0380 2832 srvnet - ok
21:12:13.0458 2832 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:12:13.0536 2832 SSDPSRV - ok
21:12:13.0567 2832 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:12:13.0614 2832 SstpSvc - ok
21:12:13.0677 2832 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:12:13.0692 2832 ssudmdm - ok
21:12:13.0723 2832 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:12:13.0723 2832 stexstor - ok
21:12:13.0770 2832 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:12:13.0833 2832 stisvc - ok
21:12:13.0864 2832 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:12:13.0879 2832 swenum - ok
21:12:13.0911 2832 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:12:13.0973 2832 swprv - ok
21:12:14.0160 2832 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:12:14.0254 2832 SysMain - ok
21:12:14.0301 2832 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:12:14.0332 2832 TabletInputService - ok
21:12:14.0410 2832 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:12:14.0472 2832 TapiSrv - ok
21:12:14.0503 2832 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:12:14.0581 2832 TBS - ok
21:12:14.0831 2832 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:12:14.0909 2832 Tcpip - ok
21:12:14.0971 2832 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:12:15.0018 2832 TCPIP6 - ok
21:12:15.0065 2832 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:12:15.0096 2832 tcpipreg - ok
21:12:15.0143 2832 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:12:15.0205 2832 TDPIPE - ok
21:12:15.0252 2832 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:12:15.0283 2832 TDTCP - ok
21:12:15.0330 2832 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:12:15.0361 2832 tdx - ok
21:12:15.0408 2832 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:12:15.0424 2832 TermDD - ok
21:12:15.0471 2832 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:12:15.0549 2832 TermService - ok
21:12:15.0595 2832 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:12:15.0642 2832 Themes - ok
21:12:15.0673 2832 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:12:15.0705 2832 THREADORDER - ok
21:12:15.0751 2832 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:12:15.0798 2832 TrkWks - ok
21:12:15.0907 2832 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:12:15.0970 2832 TrustedInstaller - ok
21:12:16.0032 2832 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:12:16.0079 2832 tssecsrv - ok
21:12:16.0141 2832 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:12:16.0173 2832 TsUsbFlt - ok
21:12:16.0251 2832 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:12:16.0329 2832 tunnel - ok
21:12:16.0360 2832 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:12:16.0375 2832 uagp35 - ok
21:12:16.0469 2832 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:12:16.0547 2832 udfs - ok
21:12:16.0625 2832 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:12:16.0656 2832 UI0Detect - ok
21:12:16.0687 2832 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:12:16.0687 2832 uliagpkx - ok
21:12:16.0765 2832 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:12:16.0812 2832 umbus - ok
21:12:16.0843 2832 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:12:16.0875 2832 UmPass - ok
21:12:16.0921 2832 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:12:16.0999 2832 upnphost - ok
21:12:17.0046 2832 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:12:17.0109 2832 USBAAPL64 - ok
21:12:17.0171 2832 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:12:17.0233 2832 usbccgp - ok
21:12:17.0296 2832 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:12:17.0311 2832 usbcir - ok
21:12:17.0374 2832 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:12:17.0421 2832 usbehci - ok
21:12:17.0483 2832 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:12:17.0514 2832 usbhub - ok
21:12:17.0545 2832 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:12:17.0577 2832 usbohci - ok
21:12:17.0639 2832 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:12:17.0670 2832 usbprint - ok
21:12:17.0733 2832 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:12:17.0779 2832 usbscan - ok
21:12:17.0811 2832 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:12:17.0873 2832 USBSTOR - ok
21:12:17.0904 2832 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:12:17.0951 2832 usbuhci - ok
21:12:18.0013 2832 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:12:18.0076 2832 usbvideo - ok
21:12:18.0107 2832 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:12:18.0201 2832 UxSms - ok
21:12:18.0216 2832 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:12:18.0232 2832 VaultSvc - ok
21:12:18.0279 2832 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:12:18.0294 2832 vdrvroot - ok
21:12:18.0357 2832 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:12:18.0450 2832 vds - ok
21:12:18.0497 2832 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:12:18.0528 2832 vga - ok
21:12:18.0544 2832 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:12:18.0591 2832 VgaSave - ok
21:12:18.0684 2832 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:12:18.0700 2832 vhdmp - ok
21:12:18.0747 2832 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:12:18.0747 2832 viaide - ok
21:12:18.0762 2832 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:12:18.0778 2832 volmgr - ok
21:12:18.0825 2832 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:12:18.0856 2832 volmgrx - ok
21:12:18.0903 2832 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:12:18.0934 2832 volsnap - ok
21:12:18.0965 2832 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:12:18.0981 2832 vsmraid - ok
21:12:19.0090 2832 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:12:19.0199 2832 VSS - ok
21:12:19.0246 2832 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:12:19.0261 2832 vwifibus - ok
21:12:19.0293 2832 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:12:19.0355 2832 vwififlt - ok
21:12:19.0480 2832 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:12:19.0573 2832 W32Time - ok
21:12:19.0605 2832 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:12:19.0651 2832 WacomPen - ok
21:12:19.0714 2832 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:12:19.0776 2832 WANARP - ok
21:12:19.0807 2832 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:12:19.0839 2832 Wanarpv6 - ok
21:12:20.0041 2832 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:12:20.0135 2832 WatAdminSvc - ok
21:12:20.0307 2832 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:12:20.0416 2832 wbengine - ok
21:12:20.0463 2832 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:12:20.0525 2832 WbioSrvc - ok
21:12:20.0650 2832 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:12:20.0712 2832 wcncsvc - ok
21:12:20.0728 2832 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:12:20.0806 2832 WcsPlugInService - ok
21:12:20.0821 2832 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:12:20.0853 2832 Wd - ok
21:12:20.0899 2832 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:12:20.0931 2832 Wdf01000 - ok
21:12:20.0993 2832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:12:21.0102 2832 WdiServiceHost - ok
21:12:21.0102 2832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:12:21.0118 2832 WdiSystemHost - ok
21:12:21.0211 2832 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:12:21.0243 2832 WebClient - ok
21:12:21.0289 2832 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:12:21.0321 2832 Wecsvc - ok
21:12:21.0352 2832 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:12:21.0383 2832 wercplsupport - ok
21:12:21.0414 2832 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:12:21.0461 2832 WerSvc - ok
21:12:21.0508 2832 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:12:21.0539 2832 WfpLwf - ok
21:12:21.0570 2832 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:12:21.0570 2832 WIMMount - ok
21:12:21.0617 2832 WinDefend - ok
21:12:21.0633 2832 WinHttpAutoProxySvc - ok
21:12:22.0163 2832 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:12:22.0241 2832 Winmgmt - ok
21:12:22.0428 2832 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:12:22.0553 2832 WinRM - ok
21:12:22.0615 2832 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:12:22.0631 2832 WinUsb - ok
21:12:22.0693 2832 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:12:22.0756 2832 Wlansvc - ok
21:12:22.0771 2832 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:12:22.0787 2832 WmiAcpi - ok
21:12:22.0881 2832 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:12:22.0943 2832 wmiApSrv - ok
21:12:22.0990 2832 WMPNetworkSvc - ok
21:12:23.0021 2832 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:12:23.0068 2832 WPCSvc - ok
21:12:23.0115 2832 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:12:23.0161 2832 WPDBusEnum - ok
21:12:23.0208 2832 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:12:23.0286 2832 ws2ifsl - ok
21:12:23.0333 2832 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:12:23.0380 2832 wscsvc - ok
21:12:23.0395 2832 WSearch - ok
21:12:24.0019 2832 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:12:24.0129 2832 wuauserv - ok
21:12:24.0175 2832 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:12:24.0238 2832 WudfPf - ok
21:12:24.0331 2832 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:12:24.0347 2832 WUDFRd - ok
21:12:24.0456 2832 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:12:24.0487 2832 wudfsvc - ok
21:12:24.0519 2832 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:12:24.0565 2832 WwanSvc - ok
21:12:24.0628 2832 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
21:12:24.0675 2832 yukonw7 - ok
21:12:24.0690 2832 ================ Scan global ===============================
21:12:24.0721 2832 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:12:24.0815 2832 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:12:24.0815 2832 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:12:24.0862 2832 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:12:24.0924 2832 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:12:24.0940 2832 [Global] - ok
21:12:24.0940 2832 ================ Scan MBR ==================================
21:12:24.0987 2832 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
21:12:32.0818 2832 \Device\Harddisk0\DR0 - ok
21:12:32.0818 2832 ================ Scan VBR ==================================
21:12:32.0865 2832 [ F6CF56B26CCDDE65043DFD939D1A4EAE ] \Device\Harddisk0\DR0\Partition1
21:12:32.0865 2832 \Device\Harddisk0\DR0\Partition1 - ok
21:12:32.0880 2832 [ F616E7BC9B03AE3F72B44C6FB036320B ] \Device\Harddisk0\DR0\Partition2
21:12:32.0880 2832 \Device\Harddisk0\DR0\Partition2 - ok
21:12:32.0943 2832 [ 56522F189C362C6423FEB1FD4A2028E3 ] \Device\Harddisk0\DR0\Partition3
21:12:32.0943 2832 \Device\Harddisk0\DR0\Partition3 - ok
21:12:32.0943 2832 ============================================================
21:12:32.0943 2832 Scan finished
21:12:32.0943 2832 ============================================================
21:12:32.0958 4560 Detected object count: 3
21:12:32.0958 4560 Actual detected object count: 3
21:13:19.0499 4560 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:19.0499 4560 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:19.0499 4560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:19.0499 4560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:19.0499 4560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:13:19.0499 4560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:13:24.0741 1248 Deinitialize success
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ba4a84ec9d3b4040b623d8ec023e4308
# engine=13399
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-15 10:27:31
# local_time=2013-03-15 11:27:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 228809741 31889 0
# compatibility_mode=5893 16776573 100 94 0 115016301 0 0
# scanned=164558
# found=1
# cleaned=0
# scan_time=7639
sh=911CAE8018587D0E146EE841094A73B31BAB55F8 ft=1 fh=cac2002dad6c9924 vn="a variant of Win32/Injector.AEAE trojan" ac=I fn="C:\_OTL\MovedFiles\03152013_121155\C_Users\***\AppData\Local\Temp\Jqrzvupmfd\fnhleooei.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 17 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
16.03.2013, 09:10
| #8 |
| /// Helfer-Team | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Aktualisiere:
Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
16.03.2013, 09:27
| #9 |
| | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Guten Morgen, PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash (11,6,602,180) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,0,0 ist aktuell. |
|
17.03.2013, 10:14
| #10 |
| /// Helfer-Team | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
30.04.2013, 18:29
| #11 |
| /// Helfer-Team | vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu vermehrte Virusmeldungen, wahrscheinlich auch wg der Rechnung.zip von Groupon? |
| application/pdf:, avg, avira, battle.net, bonjour, browser, firefox, flash player, iexplore.exe, install.exe, installation, plug-in, programm, realtek, registry, rundll, safer networking, security, software, svchost.exe, tr/graftor.72688, tr/kazy.153787.2, tr/spy.bebloh.eb.100, tracker, trojan.agent, trojan.agent.mu, trojan.ransom.ed, trojan.ransom.gen |
Linear-Darstellung
